Extension:SecureInclude

From MediaWiki.org
Jump to navigation Jump to search
Warning Warning: Using this extension can result in severe security holes! Know what you are doing! Activating the feature noesc can result in XSS attacks. Activating local file sources can allow users to view local files of the web server, potentially containing confidential data and passwords. Allowing to shell or php code poses a security risk by itself.
MediaWiki extensions manual
OOjs UI icon advanced.svg
SecureInclude
Release status: experimental
Implementation Tag
Description Include external static content from the local file system, a remote URL, or SVN. External content can be included or embedded as an iframe.
Author(s) EdeSoltalk
Latest version 2.0 WIP (2019-08-14)
MediaWiki 1.21+
Database changes No
License GPL3 or later
Download
[see documentation]
Translate the SecureInclude extension if it is available at translatewiki.net
Check usage and version matrix.

A few introductory remarks[edit]

Be aware. This is work in progress.

SecureInclude is basically the original Include Extension fixed up to do Syntaxhighlighting again and some more. <include> should be stable while the new tags <shell>, <php> are experimental for now. Be patient.

The steps to enable SyntaxHighlighting differ slightly now.

Step 1.

install SyntaxHighlighting as described in Extension:SyntaxHighlight#Installation

Step 2.

add <include> tag using <syntaxhighlight> attributes (as documented on Extension:SyntaxHighlight#Parameters) eg.
<include src="./tmp/duply.sh" lang="bash" line nocache nopre/>

Documentation[edit]

The best documentation for now is in the header of secure-include.php.

Installation[edit]

  • Add the following code at the bottom of your LocalSettings.php:
    wfLoadExtension( 'SecureInclude' );
    
  • Yes Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.