From 63d7232cb6053539e9bfb8558d753351f18db7b2 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Tue, 13 Jun 2006 05:11:23 +0000 Subject: [PATCH] * Disable $wgAllowExternalImages by default. --- RELEASE-NOTES | 8 ++++++++ includes/DefaultSettings.php | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index e70497901c..da5a5c7e93 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -18,6 +18,12 @@ will be made on the development trunk and appear in the next quarterly release. Those wishing to use the latest code instead of a branch release can obtain it from source control: http://www.mediawiki.org/wiki/Download_from_SVN +== Configuration changes == + +Some default configuration options have changed: +* $wgAllowExternalImages now defaults to off for increased security. + + == Changes since 1.6 == * (bug 5458) Fix double-URL encoding in block log link in contribs and contribs @@ -479,6 +485,8 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN * Introduce $wgContentNamespaces which allows for articles to exist in namespaces other than the main namespace, and still be counted as valid content in the site statistics. * (bug 5932) Introduce {{PAGESINNAMESPACE}} magic word +* Disable $wgAllowExternalImages by default. + == Compatibility == diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 782af969f9..334085f591 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -1079,7 +1079,7 @@ $wgCookieSecure = ($wgProto == 'https'); $wgDisableCookieCheck = false; /** Whether to allow inline image pointing to other websites */ -$wgAllowExternalImages = true; +$wgAllowExternalImages = false; /** If the above is false, you can specify an exception here. Image URLs * that start with this string are then rendered, while all others are not. -- 2.20.1