* Editing the MediaWiki namespace is now unconditionally restricted to people
with the editinterface right, configuring this in $wgNamespaceProtection
is not required.
-
+* $wgAllowExternalImagesFrom may now be an array of multiple strings.
+* Introduced $wgEnableImageWhitelist to toggle the on-wiki external image
+ whitelist on or off.
+
=== New features in 1.14 ===
* New URL syntaxes for Special:ListUsers - 'Special:ListUsers/USER' and
* (bug 11884) Now support Flash EXIF attribute
* Show thumbnails in the file history list, patch by User:Agbad
* Added support of piped wikilinks using double-width brackets
+* Added an on-wiki external image whitelist. Items in this whitelist are
+ treated as regular expression fragments to match for when possibly
+ displaying an external image inline.
=== Bug fixes in 1.14 ===
/** If the above is false, you can specify an exception here. Image URLs
* that start with this string are then rendered, while all others are not.
* You can use this to set up a trusted, simple repository of images.
+ * You may also specify an array of strings to allow multiple sites
*
- * Example:
+ * Examples:
* $wgAllowExternalImagesFrom = 'http://127.0.0.1/';
+ * $wgAllowExternalImagesFrom = array( 'http://127.0.0.1/', 'http://example.com' );
*/
$wgAllowExternalImagesFrom = '';
+/** If $wgAllowExternalImages is false, you can allow an on-wiki
+ * whitelist of regular expression fragments to match the image URL
+ * against. If the image matches one of the regular expression fragments,
+ * The image will be displayed.
+ *
+ * Set this to true to enable the on-wiki whitelist (MediaWiki:External image whitelist)
+ * Or false to disable it
+ */
+$wgEnableImageWhitelist = true;
+
/** Allows to move images and other media files. Experemintal, not sure if it always works */
$wgAllowImageMoving = false;
/**
* make an image if it's allowed, either through the global
- * option or through the exception
+ * option, through the exception, or through the on-wiki whitelist
* @private
*/
function maybeMakeExternalImage( $url ) {
$imagesfrom = $this->mOptions->getAllowExternalImagesFrom();
$imagesexception = !empty($imagesfrom);
$text = false;
+ # $imagesfrom could be either a single string or an array of strings, parse out the latter
+ if( $imagesexception && is_array( $imagesfrom ) ) {
+ $imagematch = false;
+ foreach( $imagesfrom as $match ) {
+ if( strpos( $url, $match ) === 0 ) {
+ $imagematch = true;
+ break;
+ }
+ }
+ } elseif( $imagesexception ) {
+ $imagematch = (strpos( $url, $imagesfrom ) === 0);
+ } else {
+ $imagematch = false;
+ }
if ( $this->mOptions->getAllowExternalImages()
- || ( $imagesexception && strpos( $url, $imagesfrom ) === 0 ) ) {
+ || ( $imagesexception && $imagematch ) ) {
if ( preg_match( self::EXT_IMAGE_REGEX, $url ) ) {
# Image found
$text = $sk->makeExternalImage( $url );
}
}
+ if( !$text && $this->mOptions->getEnableImageWhitelist()
+ && preg_match( self::EXT_IMAGE_REGEX, $url ) ) {
+ $whitelist = explode( "\n", wfMsgForContent( 'external_image_whitelist' ) );
+ foreach( $whitelist as $entry ) {
+ # Sanitize the regex fragment, make it case-insensitive, ignore blank entries/comments
+ if( strpos( $entry, '#' ) === 0 || $entry === '' )
+ continue;
+ if( preg_match( '/' . str_replace( '/', '\\/', $entry ) . '/i', $url ) ) {
+ # Image matches a whitelist entry
+ $text = $sk->makeExternalImage( $url );
+ break;
+ }
+ }
+ }
return $text;
}
var $mInterwikiMagic; # Interlanguage links are removed and returned in an array
var $mAllowExternalImages; # Allow external images inline
var $mAllowExternalImagesFrom; # If not, any exception?
+ var $mEnableImageWhitelist; # If not or it doesn't match, should we check an on-wiki whitelist?
var $mSkin; # Reference to the preferred skin
var $mDateFormat; # Date format index
var $mEditSection; # Create "edit section" links
function getInterwikiMagic() { return $this->mInterwikiMagic; }
function getAllowExternalImages() { return $this->mAllowExternalImages; }
function getAllowExternalImagesFrom() { return $this->mAllowExternalImagesFrom; }
+ function getEnableImageWhitelist() { return $this->mEnableImageWhitelist; }
function getEditSection() { return $this->mEditSection; }
function getNumberHeadings() { return $this->mNumberHeadings; }
function getAllowSpecialInclusion() { return $this->mAllowSpecialInclusion; }
function setInterwikiMagic( $x ) { return wfSetVar( $this->mInterwikiMagic, $x ); }
function setAllowExternalImages( $x ) { return wfSetVar( $this->mAllowExternalImages, $x ); }
function setAllowExternalImagesFrom( $x ) { return wfSetVar( $this->mAllowExternalImagesFrom, $x ); }
+ function setEnableImageWhitelist( $x ) { return wfSetVar( $this->mEnableImageWhitelist, $x ); }
function setDateFormat( $x ) { return wfSetVar( $this->mDateFormat, $x ); }
function setEditSection( $x ) { return wfSetVar( $this->mEditSection, $x ); }
function setNumberHeadings( $x ) { return wfSetVar( $this->mNumberHeadings, $x ); }
/** Get user options */
function initialiseFromUser( $userInput ) {
global $wgUseTeX, $wgUseDynamicDates, $wgInterwikiMagic, $wgAllowExternalImages;
- global $wgAllowExternalImagesFrom, $wgAllowSpecialInclusion, $wgMaxArticleSize;
+ global $wgAllowExternalImagesFrom, $wgEnableImageWhitelist, $wgAllowSpecialInclusion, $wgMaxArticleSize;
global $wgMaxPPNodeCount, $wgMaxTemplateDepth, $wgMaxPPExpandDepth, $wgCleanSignatures;
$fname = 'ParserOptions::initialiseFromUser';
wfProfileIn( $fname );
$this->mInterwikiMagic = $wgInterwikiMagic;
$this->mAllowExternalImages = $wgAllowExternalImages;
$this->mAllowExternalImagesFrom = $wgAllowExternalImagesFrom;
+ $this->mEnableImageWhitelist = $wgEnableImageWhitelist;
$this->mSkin = null; # Deferred
$this->mDateFormat = null; # Deferred
$this->mEditSection = true;
'blankpage' => 'Blank page',
'intentionallyblankpage' => 'This page is intentionally left blank',
+# External image whitelist
+'external_image_whitelist' => ' #Leave this line exactly as it is<pre>
+#Put regular expression fragments (just the part that goes between the //) below
+#These will be matched with the URLs of external (hotlinked) images
+#Those that match will be displayed as images, otherwise only a link to the image will be shown
+#Lines beginning with # are treated as comments
+
+#Put all regex fragments above this line. Leave this line exactly as it is</pre>',
+
);