summaryrefslogtreecommitdiff
path: root/includes/DefaultSettings.php
diff options
context:
space:
mode:
Diffstat (limited to 'includes/DefaultSettings.php')
-rw-r--r--includes/DefaultSettings.php23
1 files changed, 22 insertions, 1 deletions
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index df3d57b9..6feac36b 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -63,7 +63,7 @@ $wgConf = new SiteConfiguration;
* MediaWiki version number
* @since 1.2
*/
-$wgVersion = '1.22.13';
+$wgVersion = '1.22.14';
/**
* Name of the site. It must be changed in LocalSettings.php
@@ -3322,6 +3322,27 @@ $wgResourceLoaderLESSImportPaths = array(
"$IP/resources/mediawiki.less/",
);
+/**
+ * Whether to allow site-wide CSS (MediaWiki:Common.css and friends) on
+ * restricted pages like Special:UserLogin or Special:Preferences where
+ * JavaScript is disabled for security reasons. As it is possible to
+ * execute JavaScript through CSS, setting this to true opens up a
+ * potential security hole. Some sites may "skin" their wiki by using
+ * site-wide CSS, causing restricted pages to look unstyled and different
+ * from the rest of the site.
+ *
+ * @since 1.25
+ */
+$wgAllowSiteCSSOnRestrictedPages = false;
+
+/**
+ * When OutputHandler is used, mangle any output that contains
+ * <cross-domain-policy>. Without this, an attacker can send their own
+ * cross-domain policy unless it is prevented by the crossdomain.xml file at
+ * the domain root.
+ */
+$wgMangleFlashPolicy = true;
+
/** @} */ # End of resource loader settings }
/*************************************************************************//**