Commit 8360f04f authored by Kristina Hoeppner's avatar Kristina Hoeppner

admin/config_site: Add link to patch for HTML resources

Bug 1550519 is only fixed in master, so I added
a link to the patch in case somebody cannot yet
upgrade their site to fix the external resources
HTML functionality if they have that disabled.
parent 24f9ef43
......@@ -252,6 +252,10 @@ Security settings
#. **Spamhaus URL blacklist**: If set to "Yes", URLs will be checked against the Spamhaus DNSBL. The `Spamhaus Project <http://www.spamhaus.org>`_ provides a URL blacklist that is free for non-commercial, low-traffic use. A professional use datafeed service is also available but not supported in Mahara. Please read the `Spamhaus DNSBL usage terms <http://www.spamhaus.org/organization/dnsblusage.html>`_ before enabling this option.
#. **SURBL URL blacklist**: If set to "Yes", URLs will be checked against the SURBL DNSBL. `SURBL <http://www.surbl.org>`_ provides a URL blacklist that is free for organizations with fewer than 1000 users. A professional use datafeed service is also available, but not supported in Mahara. Please read the `SURBL usage terms <http://www.surbl.org/usage-policy.html>`_ before enabling this option.
#. **Disable external resources in user HTML**: Turning this option on will prevent users from embedding external resources such as images from remote sites into their forum posts and other HTML content. YouTube videos and other media can also not be embedded. It is however a good thing to do from a security standpoint since it does neutralise a few clever phishing attacks. See the `HTML Purifier documentation <http://htmlpurifier.org/live/configdoc/plain.html#URI.DisableExternalResources>`_ for more details.
.. note::
This setting also disables the inserting of images that you have uploaded to Mahara into regular text. An upgrade to Mahara 16.04 or later fixes this problem. If you want to backport the fix, you can find it on the `bug report <https://bugs.launchpad.net/mahara/+bug/1550519>`_.
#. **reCAPTCHA on user registration form**: If set to "Yes", :index:`people who register themselves on the site <single: reCAPTCHA>` are required to fill in a `reCAPTCHA <http://recaptcha.org/>`_ test. This is a spam protection instrument.
#. **reCAPTCHA site key**: Enter the site key for your site's reCAPTCHA account.
#. **reCAPTCHA secret key**: Enter the secret key for your site's reCAPTCHA account.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment