Extension:SecureInclude
 Warning: | Using this extension can result in severe security holes! Know what you are doing! Activating the feature noesc can result in XSS attacks. Activating local file sources can allow users to view local files of the web server, potentially containing confidential data and passwords. Allowing to shell or php code poses a security risk by itself. |
 Release status: experimental |
|
|---|---|
| Implementation | Tag |
| Description | Include external static content from the local file system, a remote URL, or SVN. External content can be included or embedded as an iframe. |
| Author(s) | Edesoltalk |
| Latest version | 2.0 WIP (2021-11-14) |
| MediaWiki | 1.21+ |
| Database changes | No |
| License | GNU General Public License 3.0 or later |
| Download | GitHub: Note: |
|
[see documentation] |
|
A few introductory remarks
[edit]Be aware. This is work in progress.
SecureInclude is basically the original Include Extension fixed up to do Syntaxhighlighting again and some more. <include> should be stable while the new tags <shell>, <php> are experimental for now. Be patient.
The steps to enable SyntaxHighlighting differ slightly now.
Step 1.
- install SyntaxHighlighting as described in Extension:SyntaxHighlight#Installation
Step 2.
- add
<include>tag using<syntaxhighlight>attributes (as documented on Extension:SyntaxHighlight#Parameters) eg. <include src="./tmp/duply.sh" lang="bash" line nocache nopre/>
- add
Documentation
[edit]The best documentation for now is in the header of secure-include.php.
Installation
[edit]- https://github.com/edeso/SecureInclude/archive/master.zip and place the file(s) in a directory called
SecureIncludein yourextensions/folder. - Add the following code at the bottom of your LocalSettings.php file:
wfLoadExtension( 'SecureInclude' );
Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.
