Jump to content

Extension:SecureInclude

From mediawiki.org
Warning Warning: Using this extension can result in severe security holes! Know what you are doing! Activating the feature noesc can result in XSS attacks. Activating local file sources can allow users to view local files of the web server, potentially containing confidential data and passwords. Allowing to shell or php code poses a security risk by itself.
MediaWiki extensions manual
SecureInclude
Release status: experimental
Implementation Tag
Description Include external static content from the local file system, a remote URL, or SVN. External content can be included or embedded as an iframe.
Author(s) Edesoltalk
Latest version 2.0 WIP (2021-11-14)
MediaWiki 1.21+
Database changes No
License GNU General Public License 3.0 or later
Download
[see documentation]

A few introductory remarks

[edit]

Be aware. This is work in progress.

SecureInclude is basically the original Include Extension fixed up to do Syntaxhighlighting again and some more. <include> should be stable while the new tags <shell>, <php> are experimental for now. Be patient.

The steps to enable SyntaxHighlighting differ slightly now.

Step 1.

install SyntaxHighlighting as described in Extension:SyntaxHighlight#Installation

Step 2.

add <include> tag using <syntaxhighlight> attributes (as documented on Extension:SyntaxHighlight#Parameters) eg.
<include src="./tmp/duply.sh" lang="bash" line nocache nopre/>

Documentation

[edit]

The best documentation for now is in the header of secure-include.php.

Installation

[edit]