From d47e2822bc06ad8069718b76b3f228e9f6c0a218 Mon Sep 17 00:00:00 2001 From: Kunal Mehta Date: Wed, 24 Oct 2018 15:39:53 -0700 Subject: [PATCH] Disable $wgEnableImageWhitelist by default This opens up a hole for administrators to load images from external resources, potentially leaking user's private information to external servers (IP address, User-Agent, etc.). Change-Id: Ie780637b292493e664e4d54671a5bb81046106f4 --- RELEASE-NOTES-1.32 | 4 ++++ includes/DefaultSettings.php | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/RELEASE-NOTES-1.32 b/RELEASE-NOTES-1.32 index d90cfdfe75..1b5a36a584 100644 --- a/RELEASE-NOTES-1.32 +++ b/RELEASE-NOTES-1.32 @@ -60,6 +60,10 @@ production. * $wgPopularPasswordFile — The location of the default popular passwords file has been moved to be in line with other non-PHP files used by libraries and classes. +* $wgEnableImageWhitelist is now disabled by default, as it opens up a hole for + potential privacy leaks by administrators. You can check + "MediaWiki:External image whitelist" on your wiki to see whether the feature + was ever used, and whether it needs to be re-enabled. ==== Removed configuration ==== * $wgEnableAPI and $wgEnableWriteAPI – These settings, deprecated in 1.31, diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 731abb54be..82dbecfada 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -4245,8 +4245,10 @@ $wgAllowExternalImagesFrom = ''; * * Set this to true to enable the on-wiki whitelist (MediaWiki:External image whitelist) * Or false to disable it + * + * @since 1.14 */ -$wgEnableImageWhitelist = true; +$wgEnableImageWhitelist = false; /** * A different approach to the above: simply allow the "" tag to be used. -- 2.20.1