Manual:$wgUseAjax

Enables AJAX support. Required by some extensions and optional features.

Before 1.8.0, enabling Ajax support implicitely activated auto-suggestion for the search bar. In later versions, it has to be enabled explicitly, see $wgAjaxSearch.

Security
"$wgUseAjax = true;" was a security issue in 1.6.x up to 1.9.0:

An XSS injection vulnerability was located in the AJAX support module, affecting MediaWiki 1.6.x and up when the optional setting $wgUseAjax is enabled.

There is no danger in the default configuration, with $wgUseAjax off.

If you are using an extension based on the optional Ajax module, either disable it or upgrade to a version containing the fix:


 * 1.9: fixed in 1.9.3
 * 1.8: fixed in 1.8.4
 * 1.7: fixed in 1.7.3
 * 1.6: fixed in 1.6.10