X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2FDefaultSettings.php;h=3c73d5534f474fc936ec5a6ed227d61df1df57bd;hb=e2ba564eb7e52b5863a7ae6de751070406709d5a;hp=8a84e7f641918488ced2d992c5b55f0f0f154455;hpb=ad5cfd5c09d32048afebf2e5fae1069de3a08910;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 8a84e7f641..3c73d5534f 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -443,19 +443,19 @@ $wgAllowCopyUploads = false; $wgAllowAsyncCopyUploads = false; /** - * Max size for uploads, in bytes. If not set to an array, applies to all + * Max size for uploads, in bytes. If not set to an array, applies to all * uploads. If set to an array, per upload type maximums can be set, using the * file and url keys. If the * key is set this value will be used as maximum * for non-specified types. - * + * * For example: - * $wgUploadSize = array( + * $wgMaxUploadSize = array( * '*' => 250 * 1024, * 'url' => 500 * 1024, * ); * Sets the maximum for all uploads to 250 kB except for upload-by-url, which * will have a maximum of 500 kB. - * + * */ $wgMaxUploadSize = 1024*1024*100; # 100MB @@ -552,21 +552,15 @@ $wgMimeTypeBlacklist = array( 'text/scriptlet', 'application/x-msdownload', # Windows metafile, client-side vulnerability on some systems 'application/x-msmetafile', - # A ZIP file may be a valid Java archive containing an applet which exploits the - # same-origin policy to steal cookies - 'application/zip', - - # MS Office OpenXML and other Open Package Conventions files are zip files - # and thus blacklisted just as other zip files. If you remove these entries - # from the blacklist in your local configuration, a malicious file upload - # will be able to compromise the wiki's user accounts, and the user - # accounts of any other website in the same cookie domain. - 'application/x-opc+zip', - 'application/msword', - 'application/vnd.ms-powerpoint', - 'application/vnd.msexcel', ); +/** + * Allow Java archive uploads. + * This is not recommended for public wikis since a maliciously-constructed + * applet running on the same domain as the wiki can steal the user's cookies. + */ +$wgAllowJavaUploads = false; + /** * This is a flag to determine whether or not to check file extensions on upload. * @@ -881,6 +875,9 @@ $wgXMLMimeTypes = array( 'http://www.lysator.liu.se/~alla/dia/:diagram' => 'application/x-dia-diagram', 'http://www.w3.org/1999/xhtml:html' => 'text/html', // application/xhtml+xml? 'html' => 'text/html', // application/xhtml+xml? + 'http://www.opengis.net/kml/2.1:kml' => 'application/vnd.google-earth.kml+xml', + 'http://www.opengis.net/kml/2.2:kml' => 'application/vnd.google-earth.kml+xml', + 'kml' => 'application/vnd.google-earth.kml+xml', ); /** @@ -1697,9 +1694,9 @@ $wgClockSkewFudge = 5; * to setting $wgCacheEpoch to the modification time of LocalSettings.php, as * was previously done in the default LocalSettings.php file. * - * On high-traffic wikis, this should be set to false, to avoid the need to + * On high-traffic wikis, this should be set to false, to avoid the need to * check the file modification time, and to avoid the performance impact of - * unnecessary cache invalidations. + * unnecessary cache invalidations. */ $wgInvalidateCacheOnLocalSettingsChange = true; @@ -2293,7 +2290,7 @@ $wgEnableTooltipsAndAccesskeys = true; $wgBreakFrames = false; /** - * The X-Frame-Options header to send on pages sensitive to clickjacking + * The X-Frame-Options header to send on pages sensitive to clickjacking * attacks, such as edit pages. This prevents those pages from being displayed * in a frame or iframe. The options are: * @@ -2303,9 +2300,9 @@ $wgBreakFrames = false; * to allow framing within a trusted domain. This is insecure if there * is a page on the same domain which allows framing of arbitrary URLs. * - * - false: Allow all framing. This opens up the wiki to XSS attacks and thus - * full compromise of local user accounts. Private wikis behind a - * corporate firewall are especially vulnerable. This is not + * - false: Allow all framing. This opens up the wiki to XSS attacks and thus + * full compromise of local user accounts. Private wikis behind a + * corporate firewall are especially vulnerable. This is not * recommended. * * For extra safety, set $wgBreakFrames = true, to prevent framing on all pages, @@ -2323,28 +2320,28 @@ $wgDisableOutputCompression = false; * not, use only HTML 4-compatible IDs. This option is for testing -- when the * functionality is ready, it will be on by default with no option. * - * Currently this appears to work fine in Chrome 4 and 5, Firefox 3.5 and 3.6, IE6 - * and 8, and Opera 10.50, but it fails in Opera 10.10: Unicode IDs don't seem - * to work as anchors. So not quite ready for general use yet. + * Currently this appears to work fine in all browsers, but it's disabled by + * default because it normalizes id's a bit too aggressively, breaking preexisting + * content (particularly Cite). See bug 27733, bug 27694, bug 27474. */ -$wgExperimentalHtmlIds = true; +$wgExperimentalHtmlIds = false; /** * Abstract list of footer icons for skins in place of old copyrightico and poweredbyico code * You can add new icons to the built in copyright or poweredby, or you can create * a new block. Though note that you may need to add some custom css to get good styling * of new blocks in monobook. vector and modern should work without any special css. - * + * * $wgFooterIcons itself is a key/value array. - * The key is the name of a block that the icons will be wrapped in. The final id varies - * by skin; Monobook and Vector will turn poweredby into f-poweredbyico while Modern + * The key is the name of a block that the icons will be wrapped in. The final id varies + * by skin; Monobook and Vector will turn poweredby into f-poweredbyico while Modern * turns it into mw_poweredby. * The value is either key/value array of icons or a string. * In the key/value array the key may or may not be used by the skin but it can * be used to find the icon and unset it or change the icon if needed. * This is useful for disabling icons that are set by extensions. - * The value should be either a string or an array. If it is a string it will be output - * directly as html, however some skins may choose to ignore it. An array is the preferred format + * The value should be either a string or an array. If it is a string it will be output + * directly as html, however some skins may choose to ignore it. An array is the preferred format * for the icon, the following keys are used: * src: An absolute url to the image to use for the icon, this is recommended * but not required, however some skins will ignore icons without an image @@ -3373,10 +3370,10 @@ $wgGroupsRemoveFromSelf = array(); * Set of available actions that can be restricted via action=protect * You probably shouldn't change this. * Translated through restriction-* messages. - * Title::getRestrictionTypes() will remove restrictions that are not - * applicable to a specific title (upload currently) + * Title::getRestrictionTypes() will remove restrictions that are not + * applicable to a specific title (create and upload) */ -$wgRestrictionTypes = array( 'edit', 'move', 'upload' ); +$wgRestrictionTypes = array( 'create', 'edit', 'move', 'upload' ); /** * Rights which can be required for each protection level (via action=protect) @@ -4185,12 +4182,12 @@ $wgReadOnly = null; $wgReadOnlyFile = false; /** - * When you run the web-based upgrade utility, it will tell you what to set + * When you run the web-based upgrade utility, it will tell you what to set * this to in order to authorize the upgrade process. It will subsequently be * used as a password, to authorize further upgrades. * - * For security, do not set this to a guessable string. Use the value supplied - * by the install/upgrade process. To cause the upgrader to generate a new key, + * For security, do not set this to a guessable string. Use the value supplied + * by the install/upgrade process. To cause the upgrader to generate a new key, * delete the old key from LocalSettings.php. */ $wgUpgradeKey = false; @@ -4636,24 +4633,24 @@ $wgCategoryMagicGallery = true; $wgCategoryPagingLimit = 200; /** - * Specify how category names should be sorted, when listed on a category page. + * Specify how category names should be sorted, when listed on a category page. * A sorting scheme is also known as a collation. * * Available values are: * * - uppercase: Converts the category name to upper case, and sorts by that. * - * - uca-default: Provides access to the Unicode Collation Algorithm with + * - uca-default: Provides access to the Unicode Collation Algorithm with * the default element table. This is a compromise collation which sorts * all languages in a mediocre way. However, it is better than "uppercase". * - * To use the uca-default collation, you must have PHP's intl extension - * installed. See http://php.net/manual/en/intl.setup.php . The details of the - * resulting collation will depend on the version of ICU installed on the + * To use the uca-default collation, you must have PHP's intl extension + * installed. See http://php.net/manual/en/intl.setup.php . The details of the + * resulting collation will depend on the version of ICU installed on the * server. * * After you change this, you must run maintenance/updateCollation.php to fix - * the sort keys in the database. + * the sort keys in the database. */ $wgCategoryCollation = 'uppercase';