[OWASP-wiki-editors] Allowing external images?

Jim Manico jim.manico at owasp.org
Wed Aug 10 19:52:17 UTC 2016


I'm watching this thread as well. I normally upload third party images
and embed those directly in wiki to solve this issue.

Aloha, Jim


On 8/10/16 9:46 AM, Matt Tesauro wrote:
> Simon, 
>
> I think the wiki is configured that way because its configured that way...
>
> What I mean is that it was probably setup that way initially or
> perhaps changed at one time but I don't know of a specific reason for
> the current setting nor is it documented anywhere.
>
> Unfortunately, others have not been that rigorous with commenting
> config changes like:
> # PDF Action
> #MAT#Extension below disabled during upgrade to 1.22.x on 2014-08-30
> #MAT#include ("$IP/extensions/ExtraActions.php");
>    and 
> # Start - Google Analytics extension
> # MAT - Adding the official Google Analytics extension from MediaWiki
> # http://www.mediawiki.org/wiki/Extension:Google_Analytics_Integration
> # 2014-04-03
> require_once( "$IP/extensions/googleAnalytics/googleAnalytics.php" );
> $wgGoogleAnalyticsAccount = "UA-5555555-5";
> // Optional Variables (both default to true) 
> $wgGoogleAnalyticsIgnoreSysops = false;
> $wgGoogleAnalyticsIgnoreBots = false;
> // If you use AdSense as well and have linked your accounts, set this
> to true to enable tracking 
> $wgGoogleAnalyticsAddASAC = false;
> # End - Google Analytics extension
>
> I looked at the current LocalSetting.php for the wiki and it _appears_
> to be enabled:
> $ grep "wgAllowExternalImages" LocalSettings.php
> $wgAllowExternalImages = true;
>
> So I'm not sure what's happening on your page.  Do you mind emailing
> me directly with the wiki code you're using?  I'm sure between the two
> of us, we can get this sorted out.
>
> Cheers!
>
> --
> -- Matt Tesauro 
> OWASP AppSec Pipeline Lead
> https://www.owasp.org/index.php/OWASP_AppSec_Pipeline 
> OWASP WTE Project Lead
> _https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project_
> http://AppSecLive.org <http://appseclive.org/> - Community and
> Download site
>
>
> On Wed, Aug 10, 2016 at 2:13 AM, psiinon <psiinon at gmail.com
> <mailto:psiinon at gmail.com>> wrote:
>
>     It looks like the OWASP wiki doesnt allow external images to be
>     embedded
>     (https://www.mediawiki.org/wiki/Manual:$wgAllowExternalImages
>     <https://www.mediawiki.org/wiki/Manual:$wgAllowExternalImages>)
>
>     Is this due to security concerns or ??
>
>     I'd like to include the ZAP badges
>     (https://github.com/zaproxy/zaproxy/blob/develop/README.md#-owasp-zap
>     <https://github.com/zaproxy/zaproxy/blob/develop/README.md#-owasp-zap>)
>     on the ZAP OWASP page, but thats not possible right now.
>
>     Cheers,
>
>     Simon
>
>     -- 
>     OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>
>     _______________________________________________
>     OWASP-wiki-editors mailing list
>     OWASP-wiki-editors at lists.owasp.org
>     <mailto:OWASP-wiki-editors at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-wiki-editors
>     <https://lists.owasp.org/mailman/listinfo/owasp-wiki-editors>
>
>
>
>
> _______________________________________________
> OWASP-wiki-editors mailing list
> OWASP-wiki-editors at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-wiki-editors

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-wiki-editors/attachments/20160810/e209aaf6/attachment-0001.html>


More information about the OWASP-wiki-editors mailing list