diff options
Diffstat (limited to 'includes/DefaultSettings.php')
| -rw-r--r-- | includes/DefaultSettings.php | 32 |
1 files changed, 29 insertions, 3 deletions
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index a369fccd..c118075e 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -33,7 +33,7 @@ if ( !defined( 'MW_PHP4' ) ) { } /** MediaWiki version number */ -$wgVersion = '1.16.0'; +$wgVersion = '1.16.1'; /** Name of the site. It must be changed in LocalSettings.php */ $wgSitename = 'MediaWiki'; @@ -2502,6 +2502,11 @@ $wgRightsUrl = null; $wgRightsText = null; $wgRightsIcon = null; +/** + * Set to an array of metadata terms. Else they will be loaded based on $wgRightsUrl + */ +$wgLicenseTerms = false; + /** Set this to some HTML to override the rights icon with an arbitrary logo */ $wgCopyrightIcon = null; @@ -3981,12 +3986,33 @@ $wgParserTestFiles = array( $wgParserTestRemote = false; /** - * Break out of framesets. This can be used to prevent external sites from - * framing your site with ads. + * Break out of framesets. This can be used to prevent clickjacking attacks, + * or to prevent external sites from framing your site with ads. */ $wgBreakFrames = false; /** + * The X-Frame-Options header to send on pages sensitive to clickjacking + * attacks, such as edit pages. This prevents those pages from being displayed + * in a frame or iframe. The options are: + * + * - 'DENY': Do not allow framing. This is recommended for most wikis. + * + * - 'SAMEORIGIN': Allow framing by pages on the same domain. This can be used + * to allow framing within a trusted domain. This is insecure if there + * is a page on the same domain which allows framing of arbitrary URLs. + * + * - false: Allow all framing. This opens up the wiki to XSS attacks and thus + * full compromise of local user accounts. Private wikis behind a + * corporate firewall are especially vulnerable. This is not + * recommended. + * + * For extra safety, set $wgBreakFrames = true, to prevent framing on all pages, + * not just edit pages. + */ +$wgEditPageFrameOptions = 'DENY'; + +/** * Set this to an array of special page names to prevent * maintenance/updateSpecialPages.php from updating those pages. */ |