/**
* Site admin email address.
*
- * Defaults to "wikiadmin@{$wgServerName}".
+ * Defaults to "wikiadmin@$wgServerName".
*/
$wgEmergencyContact = false;
*
* The address we should use as sender when a user is requesting his password.
*
- * Defaults to "apache@{$wgServerName}".
+ * Defaults to "apache@$wgServerName".
*/
$wgPasswordSender = false;
*/
$wgEnableCanonicalServerLink = false;
+ /**
+ * When OutputHandler is used, mangle any output that contains
+ * <cross-domain-policy>. Without this, an attacker can send their own
+ * cross-domain policy unless it is prevented by the crossdomain.xml file at
+ * the domain root.
+ */
+ $wgMangleFlashPolicy = true;
+
/** @} */ # End of output format settings }
/*************************************************************************//**