From: Brion Vibber Date: Tue, 13 Jun 2006 05:11:23 +0000 (+0000) Subject: * Disable $wgAllowExternalImages by default. X-Git-Tag: 1.31.0-rc.0~56793 X-Git-Url: http://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/categories/modifier.php?a=commitdiff_plain;h=63d7232cb6053539e9bfb8558d753351f18db7b2;p=lhc%2Fweb%2Fwiklou.git * Disable $wgAllowExternalImages by default. --- diff --git a/RELEASE-NOTES b/RELEASE-NOTES index e70497901c..da5a5c7e93 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -18,6 +18,12 @@ will be made on the development trunk and appear in the next quarterly release. Those wishing to use the latest code instead of a branch release can obtain it from source control: http://www.mediawiki.org/wiki/Download_from_SVN +== Configuration changes == + +Some default configuration options have changed: +* $wgAllowExternalImages now defaults to off for increased security. + + == Changes since 1.6 == * (bug 5458) Fix double-URL encoding in block log link in contribs and contribs @@ -479,6 +485,8 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN * Introduce $wgContentNamespaces which allows for articles to exist in namespaces other than the main namespace, and still be counted as valid content in the site statistics. * (bug 5932) Introduce {{PAGESINNAMESPACE}} magic word +* Disable $wgAllowExternalImages by default. + == Compatibility == diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 782af969f9..334085f591 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -1079,7 +1079,7 @@ $wgCookieSecure = ($wgProto == 'https'); $wgDisableCookieCheck = false; /** Whether to allow inline image pointing to other websites */ -$wgAllowExternalImages = true; +$wgAllowExternalImages = false; /** If the above is false, you can specify an exception here. Image URLs * that start with this string are then rendered, while all others are not.