$wgEnableTooltipsAndAccesskeys = true;
/**
- * Break out of framesets. This can be used to prevent external sites from
- * framing your site with ads.
+ * Break out of framesets. This can be used to prevent clickjacking attacks,
+ * or to prevent external sites from framing your site with ads.
*/
$wgBreakFrames = false;
+/**
+ * The X-Frame-Options header to send on pages sensitive to clickjacking
+ * attacks, such as edit pages. This prevents those pages from being displayed
+ * in a frame or iframe. The options are:
+ *
+ * - 'DENY': Do not allow framing. This is recommended for most wikis.
+ *
+ * - 'SAMEORIGIN': Allow framing by pages on the same domain. This can be used
+ * to allow framing within a trusted domain. This is insecure if there
+ * is a page on the same domain which allows framing of arbitrary URLs.
+ *
+ * - false: Allow all framing. This opens up the wiki to XSS attacks and thus
+ * full compromise of local user accounts. Private wikis behind a
+ * corporate firewall are especially vulnerable. This is not
+ * recommended.
+ *
+ * For extra safety, set $wgBreakFrames = true, to prevent framing on all pages,
+ * not just edit pages.
+ */
+$wgEditPageFrameOptions = 'DENY';
+
/**
* Disable output compression (enabled by default if zlib is available)
*/
),
);
+/**
+ * Login / create account link behavior when it's possible for anonymous users to create an account
+ * true = use a combined login / create account link
+ * false = split login and create account into two separate links
+ */
+$wgUseCombinedLoginLink = true;
+
/**
* Search form behavior for Vector skin only
* true = use an icon search button
*/
$wgLivePasswordStrengthChecks = false;
-/**
- * List of weak passwords which shouldn't be allowed.
- * The items should be in lowercase. The check is case insensitive.
- */
-$wgWeakPasswords = array( 'password', 'passpass', 'passpass1' );
-
/**
* Maximum number of Unicode characters in signature
*/
* Set of available actions that can be restricted via action=protect
* You probably shouldn't change this.
* Translated through restriction-* messages.
+ * Title::getRestrictionTypes() will remove restrictions that are not
+ * applicable to a specific title (upload currently)
*/
-$wgRestrictionTypes = array( 'edit', 'move' );
+$wgRestrictionTypes = array( 'edit', 'move', 'upload' );
/**
* Rights which can be required for each protection level (via action=protect)
/**
* List of valid skin names.
- * The key should be the name in all lower case, the value should be a display name.
+ * The key should be the name in all lower case, the value should be a properly
+ * cased name for the skin. This value will be prefixed with "Skin" to create the
+ * class name of the skin to load, and if the skin's class cannot be found through
+ * the autoloader it will be used to load a .php file by that name in the skins directory.
* The default skins will be added later, by Skin::getSkinNames(). Use
* Skin::getSkinNames() as an accessor if you wish to have access to the full list.
*/