* - apibase Use for the foreign API's URL
* - apiThumbCacheExpiry How long to locally cache thumbs for
*
- * The default is to initialise these arrays from the MW<1.11 backwards compatible settings:
- * $wgUploadPath, $wgThumbnailScriptPath, $wgSharedUploadDirectory, etc.
+ * If you leave $wgLocalFileRepo set to false, Setup will fill in appropriate values.
+ * Otherwise, set $wgLocalFileRepo to a repository structure as described above.
+ * If you set $wgUseInstantCommons to true, it will add an entry for Commons.
+ * If you set $wgForeignFileRepos to an array of repostory structures, those will
+ * be searched after the local file repo.
+ * Otherwise, you will only have access to local media files.
*/
$wgLocalFileRepo = false;
$wgAllowCopyUploads = false;
/**
* Allow asynchronous copy uploads.
- * This feature is experimental.
+ * This feature is experimental is broken as of r81612.
*/
$wgAllowAsyncCopyUploads = false;
/**
- * Max size for uploads, in bytes. If not set to an array, applies to all
+ * Max size for uploads, in bytes. If not set to an array, applies to all
* uploads. If set to an array, per upload type maximums can be set, using the
* file and url keys. If the * key is set this value will be used as maximum
* for non-specified types.
- *
+ *
* For example:
- * $wgUploadSize = array(
+ * $wgMaxUploadSize = array(
* '*' => 250 * 1024,
* 'url' => 500 * 1024,
* );
* Sets the maximum for all uploads to 250 kB except for upload-by-url, which
* will have a maximum of 500 kB.
- *
+ *
*/
$wgMaxUploadSize = 1024*1024*100; # 100MB
'text/scriptlet', 'application/x-msdownload',
# Windows metafile, client-side vulnerability on some systems
'application/x-msmetafile',
- # A ZIP file may be a valid Java archive containing an applet which exploits the
- # same-origin policy to steal cookies
- 'application/zip',
-
- # MS Office OpenXML and other Open Package Conventions files are zip files
- # and thus blacklisted just as other zip files. If you remove these entries
- # from the blacklist in your local configuration, a malicious file upload
- # will be able to compromise the wiki's user accounts, and the user
- # accounts of any other website in the same cookie domain.
- 'application/x-opc+zip',
- 'application/msword',
- 'application/vnd.ms-powerpoint',
- 'application/vnd.msexcel',
);
+/**
+ * Allow Java archive uploads.
+ * This is not recommended for public wikis since a maliciously-constructed
+ * applet running on the same domain as the wiki can steal the user's cookies.
+ */
+$wgAllowJavaUploads = false;
+
/**
* This is a flag to determine whether or not to check file extensions on upload.
*
'http://www.lysator.liu.se/~alla/dia/:diagram' => 'application/x-dia-diagram',
'http://www.w3.org/1999/xhtml:html' => 'text/html', // application/xhtml+xml?
'html' => 'text/html', // application/xhtml+xml?
+ 'http://www.opengis.net/kml/2.1:kml' => 'application/vnd.google-earth.kml+xml',
+ 'http://www.opengis.net/kml/2.2:kml' => 'application/vnd.google-earth.kml+xml',
+ 'kml' => 'application/vnd.google-earth.kml+xml',
);
/**
*/
$wgNewPasswordExpiry = 3600 * 24 * 7;
+/**
+ * The time, in seconds, when an email confirmation email expires
+ */
+$wgUserEmailConfirmationTokenExpiry = 7 * 24 * 60 * 60;
+
/**
* SMTP Mode
* For using a direct (authenticated) SMTP server connection.
* to setting $wgCacheEpoch to the modification time of LocalSettings.php, as
* was previously done in the default LocalSettings.php file.
*
- * On high-traffic wikis, this should be set to false, to avoid the need to
+ * On high-traffic wikis, this should be set to false, to avoid the need to
* check the file modification time, and to avoid the performance impact of
- * unnecessary cache invalidations.
+ * unnecessary cache invalidations.
*/
$wgInvalidateCacheOnLocalSettingsChange = true;
$wgBreakFrames = false;
/**
- * The X-Frame-Options header to send on pages sensitive to clickjacking
+ * The X-Frame-Options header to send on pages sensitive to clickjacking
* attacks, such as edit pages. This prevents those pages from being displayed
* in a frame or iframe. The options are:
*
* to allow framing within a trusted domain. This is insecure if there
* is a page on the same domain which allows framing of arbitrary URLs.
*
- * - false: Allow all framing. This opens up the wiki to XSS attacks and thus
- * full compromise of local user accounts. Private wikis behind a
- * corporate firewall are especially vulnerable. This is not
+ * - false: Allow all framing. This opens up the wiki to XSS attacks and thus
+ * full compromise of local user accounts. Private wikis behind a
+ * corporate firewall are especially vulnerable. This is not
* recommended.
*
* For extra safety, set $wgBreakFrames = true, to prevent framing on all pages,
* not, use only HTML 4-compatible IDs. This option is for testing -- when the
* functionality is ready, it will be on by default with no option.
*
- * Currently this appears to work fine in Chrome 4 and 5, Firefox 3.5 and 3.6, IE6
- * and 8, and Opera 10.50, but it fails in Opera 10.10: Unicode IDs don't seem
- * to work as anchors. So not quite ready for general use yet.
+ * Currently this appears to work fine in all browsers, but it's disabled by
+ * default because it normalizes id's a bit too aggressively, breaking preexisting
+ * content (particularly Cite). See bug 27733, bug 27694, bug 27474.
*/
-$wgExperimentalHtmlIds = true;
+$wgExperimentalHtmlIds = false;
/**
* Abstract list of footer icons for skins in place of old copyrightico and poweredbyico code
* You can add new icons to the built in copyright or poweredby, or you can create
* a new block. Though note that you may need to add some custom css to get good styling
* of new blocks in monobook. vector and modern should work without any special css.
- *
+ *
* $wgFooterIcons itself is a key/value array.
- * The key is the name of a block that the icons will be wrapped in. The final id varies
- * by skin; Monobook and Vector will turn poweredby into f-poweredbyico while Modern
+ * The key is the name of a block that the icons will be wrapped in. The final id varies
+ * by skin; Monobook and Vector will turn poweredby into f-poweredbyico while Modern
* turns it into mw_poweredby.
* The value is either key/value array of icons or a string.
* In the key/value array the key may or may not be used by the skin but it can
* be used to find the icon and unset it or change the icon if needed.
* This is useful for disabling icons that are set by extensions.
- * The value should be either a string or an array. If it is a string it will be output
- * directly as html, however some skins may choose to ignore it. An array is the preferred format
+ * The value should be either a string or an array. If it is a string it will be output
+ * directly as html, however some skins may choose to ignore it. An array is the preferred format
* for the icon, the following keys are used:
* src: An absolute url to the image to use for the icon, this is recommended
* but not required, however some skins will ignore icons without an image
* Set of available actions that can be restricted via action=protect
* You probably shouldn't change this.
* Translated through restriction-* messages.
- * Title::getRestrictionTypes() will remove restrictions that are not
- * applicable to a specific title (upload currently)
+ * Title::getRestrictionTypes() will remove restrictions that are not
+ * applicable to a specific title (create and upload)
*/
-$wgRestrictionTypes = array( 'edit', 'move', 'upload' );
+$wgRestrictionTypes = array( 'create', 'edit', 'move', 'upload' );
/**
* Rights which can be required for each protection level (via action=protect)
$wgCookieExpiration = 30*86400;
/**
- * Set to set an explicit domain on the login cookies eg, "justthis.domain. org"
+ * Set to set an explicit domain on the login cookies eg, "justthis.domain.org"
* or ".any.subdomain.net"
*/
$wgCookieDomain = '';
$wgReadOnlyFile = false;
/**
- * When you run the web-based upgrade utility, it will tell you what to set
+ * When you run the web-based upgrade utility, it will tell you what to set
* this to in order to authorize the upgrade process. It will subsequently be
* used as a password, to authorize further upgrades.
*
- * For security, do not set this to a guessable string. Use the value supplied
- * by the install/upgrade process. To cause the upgrader to generate a new key,
+ * For security, do not set this to a guessable string. Use the value supplied
+ * by the install/upgrade process. To cause the upgrader to generate a new key,
* delete the old key from LocalSettings.php.
*/
$wgUpgradeKey = false;
$wgCategoryPagingLimit = 200;
/**
- * Specify how category names should be sorted, when listed on a category page.
+ * Specify how category names should be sorted, when listed on a category page.
* A sorting scheme is also known as a collation.
*
* Available values are:
*
* - uppercase: Converts the category name to upper case, and sorts by that.
*
- * - uca-default: Provides access to the Unicode Collation Algorithm with
+ * - uca-default: Provides access to the Unicode Collation Algorithm with
* the default element table. This is a compromise collation which sorts
* all languages in a mediocre way. However, it is better than "uppercase".
*
- * To use the uca-default collation, you must have PHP's intl extension
- * installed. See http://php.net/manual/en/intl.setup.php . The details of the
- * resulting collation will depend on the version of ICU installed on the
+ * To use the uca-default collation, you must have PHP's intl extension
+ * installed. See http://php.net/manual/en/intl.setup.php . The details of the
+ * resulting collation will depend on the version of ICU installed on the
* server.
*
* After you change this, you must run maintenance/updateCollation.php to fix
- * the sort keys in the database.
+ * the sort keys in the database.
*/
$wgCategoryCollation = 'uppercase';