From 9498a3d2852ace0f4ee23598f542dbce3fd2ec28 Mon Sep 17 00:00:00 2001
From: Pierre Schmitz <pierre@archlinux.de>
Date: Sun, 2 Sep 2012 15:19:34 +0200
Subject: Update to MediaWiki 1.19.2

---
 includes/DefaultSettings.php | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'includes/DefaultSettings.php')

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 1034ea2e..acd89bde 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -33,7 +33,7 @@ $wgConf = new SiteConfiguration;
 /** @endcond */
 
 /** MediaWiki version number */
-$wgVersion = '1.19.1';
+$wgVersion = '1.19.2';
 
 /** Name of the site. It must be changed in LocalSettings.php */
 $wgSitename = 'MediaWiki';
@@ -2419,6 +2419,18 @@ $wgBreakFrames = false;
  */
 $wgEditPageFrameOptions = 'DENY';
 
+/**
+ * Disallow framing of API pages directly, by setting the X-Frame-Options
+ * header. Since the API returns CSRF tokens, allowing the results to be
+ * framed can compromise your user's account security.
+ * Options are:
+ *   - 'DENY': Do not allow framing. This is recommended for most wikis.
+ *   - 'SAMEORIGIN': Allow framing by pages on the same domain.
+ *   - false: Allow all framing.
+ */
+
+$wgApiFrameOptions = 'DENY';
+
 /**
  * Disable output compression (enabled by default if zlib is available)
  */
-- 
cgit v1.2.2