Document the security fixes in this release

author: Simon McVittie <smcv@debian.org> 2016-05-06 07:49:45 +0100
committer: Simon McVittie <smcv@debian.org> 2016-05-06 07:49:45 +0100
commit: dea96e51136ee44971f3e3dafad67f8a5e111c50 (patch)
tree: 6addbb7ffb4e903c4906bc3a9c1a898f120719e9 /doc/ikiwiki
parent: 21b9b9e306c36616f251b727d2e87a5d8538e5e4 (diff)
download: ikiwiki-dea96e51136ee44971f3e3dafad67f8a5e111c50.tar
ikiwiki-dea96e51136ee44971f3e3dafad67f8a5e111c50.tar.gz
1 files changed, 23 insertions, 0 deletions
diff --git a/doc/ikiwiki/directive/img.mdwn b/doc/ikiwiki/directive/img.mdwn
index fa3b40f50..a940a44b6 100644
--- a/doc/ikiwiki/directive/img.mdwn
+++ b/doc/ikiwiki/directive/img.mdwn
@@ -41,4 +41,27 @@ the page, unless overridden. Useful when including many images on a page.
 	\[[!img photo2.jpg]]
 	\[[!img photo3.jpg size=200x600]]
 
+## format support
+
+By default, the `img` directive only supports a few common web formats:
+
+* PNG (`.png`)
+* JPEG (`.jpg` or `.jpeg`)
+* GIF (`.gif`)
+* SVG (`.svg`)
+
+These additional formats can be enabled with the `img_allowed_formats`
+[[!iki setup]] option, but are disabled by default for better
+[[!iki security]]:
+
+* PDF (`.pdf`)
+* `everything` (accepts any file supported by ImageMagick: make sure
+  that only completely trusted users can
+  [[upload attachments|ikiwiki/pagespec/attachment]])
+
+For example, a wiki where only `admin()` users can upload attachments might
+use:
+
+    img_allowed_formats: [png, jpeg, gif, svg, pdf]
+
 [[!meta robots="noindex, follow"]]
author	Simon McVittie <smcv@debian.org>	2016-05-06 07:49:45 +0100
committer	Simon McVittie <smcv@debian.org>	2016-05-06 07:49:45 +0100
commit	dea96e51136ee44971f3e3dafad67f8a5e111c50 (patch)
tree	6addbb7ffb4e903c4906bc3a9c1a898f120719e9 /doc/ikiwiki
parent	21b9b9e306c36616f251b727d2e87a5d8538e5e4 (diff)
download	ikiwiki-dea96e51136ee44971f3e3dafad67f8a5e111c50.tar ikiwiki-dea96e51136ee44971f3e3dafad67f8a5e111c50.tar.gz