[OWASP-wiki-editors] Allowing external images?

Matt Tesauro matt.tesauro at owasp.org
Wed Aug 10 19:46:27 UTC 2016


I think the wiki is configured that way because its configured that way...

What I mean is that it was probably setup that way initially or perhaps
changed at one time but I don't know of a specific reason for the current
setting nor is it documented anywhere.

Unfortunately, others have not been that rigorous with commenting config
changes like:
# PDF Action
#MAT#Extension below disabled during upgrade to 1.22.x on 2014-08-30
#MAT#include ("$IP/extensions/ExtraActions.php");
# Start - Google Analytics extension
# MAT - Adding the official Google Analytics extension from MediaWiki
# http://www.mediawiki.org/wiki/Extension:Google_Analytics_Integration
# 2014-04-03
require_once( "$IP/extensions/googleAnalytics/googleAnalytics.php" );
$wgGoogleAnalyticsAccount = "UA-5555555-5";
// Optional Variables (both default to true)
$wgGoogleAnalyticsIgnoreSysops = false;
$wgGoogleAnalyticsIgnoreBots = false;
// If you use AdSense as well and have linked your accounts, set this to
true to enable tracking
$wgGoogleAnalyticsAddASAC = false;
# End - Google Analytics extension

I looked at the current LocalSetting.php for the wiki and it _appears_ to
be enabled:
$ grep "wgAllowExternalImages" LocalSettings.php
$wgAllowExternalImages = true;

So I'm not sure what's happening on your page.  Do you mind emailing me
directly with the wiki code you're using?  I'm sure between the two of us,
we can get this sorted out.


-- Matt Tesauro
OWASP AppSec Pipeline Lead
OWASP WTE Project Lead
http://AppSecLive.org <http://appseclive.org/> - Community and Download site

On Wed, Aug 10, 2016 at 2:13 AM, psiinon <psiinon at gmail.com> wrote:

> It looks like the OWASP wiki doesnt allow external images to be embedded (
> https://www.mediawiki.org/wiki/Manual:$wgAllowExternalImages)
> Is this due to security concerns or ??
> I'd like to include the ZAP badges (https://github.com/zaproxy/
> zaproxy/blob/develop/README.md#-owasp-zap) on the ZAP OWASP page, but
> thats not possible right now.
> Cheers,
> Simon
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
> _______________________________________________
> OWASP-wiki-editors mailing list
> OWASP-wiki-editors at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-wiki-editors
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-wiki-editors/attachments/20160810/9042174c/attachment.html>

More information about the OWASP-wiki-editors mailing list