diff options
author | Simon McVittie <smcv@debian.org> | 2016-05-06 07:49:45 +0100 |
---|---|---|
committer | Simon McVittie <smcv@debian.org> | 2016-05-06 07:49:45 +0100 |
commit | dea96e51136ee44971f3e3dafad67f8a5e111c50 (patch) | |
tree | 6addbb7ffb4e903c4906bc3a9c1a898f120719e9 /doc/ikiwiki | |
parent | 21b9b9e306c36616f251b727d2e87a5d8538e5e4 (diff) | |
download | ikiwiki-dea96e51136ee44971f3e3dafad67f8a5e111c50.tar ikiwiki-dea96e51136ee44971f3e3dafad67f8a5e111c50.tar.gz |
Document the security fixes in this release
Diffstat (limited to 'doc/ikiwiki')
-rw-r--r-- | doc/ikiwiki/directive/img.mdwn | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/doc/ikiwiki/directive/img.mdwn b/doc/ikiwiki/directive/img.mdwn index fa3b40f50..a940a44b6 100644 --- a/doc/ikiwiki/directive/img.mdwn +++ b/doc/ikiwiki/directive/img.mdwn @@ -41,4 +41,27 @@ the page, unless overridden. Useful when including many images on a page. \[[!img photo2.jpg]] \[[!img photo3.jpg size=200x600]] +## format support + +By default, the `img` directive only supports a few common web formats: + +* PNG (`.png`) +* JPEG (`.jpg` or `.jpeg`) +* GIF (`.gif`) +* SVG (`.svg`) + +These additional formats can be enabled with the `img_allowed_formats` +[[!iki setup]] option, but are disabled by default for better +[[!iki security]]: + +* PDF (`.pdf`) +* `everything` (accepts any file supported by ImageMagick: make sure + that only completely trusted users can + [[upload attachments|ikiwiki/pagespec/attachment]]) + +For example, a wiki where only `admin()` users can upload attachments might +use: + + img_allowed_formats: [png, jpeg, gif, svg, pdf] + [[!meta robots="noindex, follow"]] |