[OWASP-wiki-editors] Allowing external images?
Jim Manico
jim.manico at owasp.org
Wed Aug 10 19:52:17 UTC 2016
I'm watching this thread as well. I normally upload third party images
and embed those directly in wiki to solve this issue.
Aloha, Jim
On 8/10/16 9:46 AM, Matt Tesauro wrote:
> Simon,
>
> I think the wiki is configured that way because its configured that way...
>
> What I mean is that it was probably setup that way initially or
> perhaps changed at one time but I don't know of a specific reason for
> the current setting nor is it documented anywhere.
>
> Unfortunately, others have not been that rigorous with commenting
> config changes like:
> # PDF Action
> #MAT#Extension below disabled during upgrade to 1.22.x on 2014-08-30
> #MAT#include ("$IP/extensions/ExtraActions.php");
> and
> # Start - Google Analytics extension
> # MAT - Adding the official Google Analytics extension from MediaWiki
> # http://www.mediawiki.org/wiki/Extension:Google_Analytics_Integration
> # 2014-04-03
> require_once( "$IP/extensions/googleAnalytics/googleAnalytics.php" );
> $wgGoogleAnalyticsAccount = "UA-5555555-5";
> // Optional Variables (both default to true)
> $wgGoogleAnalyticsIgnoreSysops = false;
> $wgGoogleAnalyticsIgnoreBots = false;
> // If you use AdSense as well and have linked your accounts, set this
> to true to enable tracking
> $wgGoogleAnalyticsAddASAC = false;
> # End - Google Analytics extension
>
> I looked at the current LocalSetting.php for the wiki and it _appears_
> to be enabled:
> $ grep "wgAllowExternalImages" LocalSettings.php
> $wgAllowExternalImages = true;
>
> So I'm not sure what's happening on your page. Do you mind emailing
> me directly with the wiki code you're using? I'm sure between the two
> of us, we can get this sorted out.
>
> Cheers!
>
> --
> -- Matt Tesauro
> OWASP AppSec Pipeline Lead
> https://www.owasp.org/index.php/OWASP_AppSec_Pipeline
> OWASP WTE Project Lead
> _https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project_
> http://AppSecLive.org <http://appseclive.org/> - Community and
> Download site
>
>
> On Wed, Aug 10, 2016 at 2:13 AM, psiinon <psiinon at gmail.com
> <mailto:psiinon at gmail.com>> wrote:
>
> It looks like the OWASP wiki doesnt allow external images to be
> embedded
> (https://www.mediawiki.org/wiki/Manual:$wgAllowExternalImages
> <https://www.mediawiki.org/wiki/Manual:$wgAllowExternalImages>)
>
> Is this due to security concerns or ??
>
> I'd like to include the ZAP badges
> (https://github.com/zaproxy/zaproxy/blob/develop/README.md#-owasp-zap
> <https://github.com/zaproxy/zaproxy/blob/develop/README.md#-owasp-zap>)
> on the ZAP OWASP page, but thats not possible right now.
>
> Cheers,
>
> Simon
>
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>
> _______________________________________________
> OWASP-wiki-editors mailing list
> OWASP-wiki-editors at lists.owasp.org
> <mailto:OWASP-wiki-editors at lists.owasp.org>
> https://lists.owasp.org/mailman/listinfo/owasp-wiki-editors
> <https://lists.owasp.org/mailman/listinfo/owasp-wiki-editors>
>
>
>
>
> _______________________________________________
> OWASP-wiki-editors mailing list
> OWASP-wiki-editors at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-wiki-editors
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-wiki-editors/attachments/20160810/e209aaf6/attachment-0001.html>
More information about the OWASP-wiki-editors
mailing list