diff options
Diffstat (limited to 'includes/DefaultSettings.php')
-rw-r--r-- | includes/DefaultSettings.php | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index df3d57b9..6feac36b 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -63,7 +63,7 @@ $wgConf = new SiteConfiguration; * MediaWiki version number * @since 1.2 */ -$wgVersion = '1.22.13'; +$wgVersion = '1.22.14'; /** * Name of the site. It must be changed in LocalSettings.php @@ -3322,6 +3322,27 @@ $wgResourceLoaderLESSImportPaths = array( "$IP/resources/mediawiki.less/", ); +/** + * Whether to allow site-wide CSS (MediaWiki:Common.css and friends) on + * restricted pages like Special:UserLogin or Special:Preferences where + * JavaScript is disabled for security reasons. As it is possible to + * execute JavaScript through CSS, setting this to true opens up a + * potential security hole. Some sites may "skin" their wiki by using + * site-wide CSS, causing restricted pages to look unstyled and different + * from the rest of the site. + * + * @since 1.25 + */ +$wgAllowSiteCSSOnRestrictedPages = false; + +/** + * When OutputHandler is used, mangle any output that contains + * <cross-domain-policy>. Without this, an attacker can send their own + * cross-domain policy unless it is prevented by the crossdomain.xml file at + * the domain root. + */ +$wgMangleFlashPolicy = true; + /** @} */ # End of resource loader settings } /*************************************************************************//** |