From b3b81715d54e55fee4e18fbba985e98c25d1866a Mon Sep 17 00:00:00 2001 From: Ryan Schmidt Date: Mon, 1 Sep 2008 18:49:14 +0000 Subject: [PATCH] * $wgAllowExternalImagesFrom may now be an array of multiple strings. * Added an on-wiki external image whitelist. Items in this whitelist are treated as regular expression fragments to match for when possibly displaying an external image inline. Controlled by $wgEnableImageWhitelist (true by default) --- RELEASE-NOTES | 8 +++++++- includes/DefaultSettings.php | 14 +++++++++++++- includes/parser/Parser.php | 32 +++++++++++++++++++++++++++++-- includes/parser/ParserOptions.php | 6 +++++- languages/messages/MessagesEn.php | 9 +++++++++ 5 files changed, 64 insertions(+), 5 deletions(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 300d6ae46f..04515da896 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -43,7 +43,10 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN * Editing the MediaWiki namespace is now unconditionally restricted to people with the editinterface right, configuring this in $wgNamespaceProtection is not required. - +* $wgAllowExternalImagesFrom may now be an array of multiple strings. +* Introduced $wgEnableImageWhitelist to toggle the on-wiki external image + whitelist on or off. + === New features in 1.14 === * New URL syntaxes for Special:ListUsers - 'Special:ListUsers/USER' and @@ -106,6 +109,9 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN * (bug 11884) Now support Flash EXIF attribute * Show thumbnails in the file history list, patch by User:Agbad * Added support of piped wikilinks using double-width brackets +* Added an on-wiki external image whitelist. Items in this whitelist are + treated as regular expression fragments to match for when possibly + displaying an external image inline. === Bug fixes in 1.14 === diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 040c91cec7..ef02aae090 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -1583,12 +1583,24 @@ $wgAllowExternalImages = false; /** If the above is false, you can specify an exception here. Image URLs * that start with this string are then rendered, while all others are not. * You can use this to set up a trusted, simple repository of images. + * You may also specify an array of strings to allow multiple sites * - * Example: + * Examples: * $wgAllowExternalImagesFrom = 'http://127.0.0.1/'; + * $wgAllowExternalImagesFrom = array( 'http://127.0.0.1/', 'http://example.com' ); */ $wgAllowExternalImagesFrom = ''; +/** If $wgAllowExternalImages is false, you can allow an on-wiki + * whitelist of regular expression fragments to match the image URL + * against. If the image matches one of the regular expression fragments, + * The image will be displayed. + * + * Set this to true to enable the on-wiki whitelist (MediaWiki:External image whitelist) + * Or false to disable it + */ +$wgEnableImageWhitelist = true; + /** Allows to move images and other media files. Experemintal, not sure if it always works */ $wgAllowImageMoving = false; diff --git a/includes/parser/Parser.php b/includes/parser/Parser.php index 032ecaa850..6a85f29a4a 100644 --- a/includes/parser/Parser.php +++ b/includes/parser/Parser.php @@ -1442,7 +1442,7 @@ class Parser /** * make an image if it's allowed, either through the global - * option or through the exception + * option, through the exception, or through the on-wiki whitelist * @private */ function maybeMakeExternalImage( $url ) { @@ -1450,13 +1450,41 @@ class Parser $imagesfrom = $this->mOptions->getAllowExternalImagesFrom(); $imagesexception = !empty($imagesfrom); $text = false; + # $imagesfrom could be either a single string or an array of strings, parse out the latter + if( $imagesexception && is_array( $imagesfrom ) ) { + $imagematch = false; + foreach( $imagesfrom as $match ) { + if( strpos( $url, $match ) === 0 ) { + $imagematch = true; + break; + } + } + } elseif( $imagesexception ) { + $imagematch = (strpos( $url, $imagesfrom ) === 0); + } else { + $imagematch = false; + } if ( $this->mOptions->getAllowExternalImages() - || ( $imagesexception && strpos( $url, $imagesfrom ) === 0 ) ) { + || ( $imagesexception && $imagematch ) ) { if ( preg_match( self::EXT_IMAGE_REGEX, $url ) ) { # Image found $text = $sk->makeExternalImage( $url ); } } + if( !$text && $this->mOptions->getEnableImageWhitelist() + && preg_match( self::EXT_IMAGE_REGEX, $url ) ) { + $whitelist = explode( "\n", wfMsgForContent( 'external_image_whitelist' ) ); + foreach( $whitelist as $entry ) { + # Sanitize the regex fragment, make it case-insensitive, ignore blank entries/comments + if( strpos( $entry, '#' ) === 0 || $entry === '' ) + continue; + if( preg_match( '/' . str_replace( '/', '\\/', $entry ) . '/i', $url ) ) { + # Image matches a whitelist entry + $text = $sk->makeExternalImage( $url ); + break; + } + } + } return $text; } diff --git a/includes/parser/ParserOptions.php b/includes/parser/ParserOptions.php index eb5eac6801..2cde0197c3 100644 --- a/includes/parser/ParserOptions.php +++ b/includes/parser/ParserOptions.php @@ -13,6 +13,7 @@ class ParserOptions var $mInterwikiMagic; # Interlanguage links are removed and returned in an array var $mAllowExternalImages; # Allow external images inline var $mAllowExternalImagesFrom; # If not, any exception? + var $mEnableImageWhitelist; # If not or it doesn't match, should we check an on-wiki whitelist? var $mSkin; # Reference to the preferred skin var $mDateFormat; # Date format index var $mEditSection; # Create "edit section" links @@ -37,6 +38,7 @@ class ParserOptions function getInterwikiMagic() { return $this->mInterwikiMagic; } function getAllowExternalImages() { return $this->mAllowExternalImages; } function getAllowExternalImagesFrom() { return $this->mAllowExternalImagesFrom; } + function getEnableImageWhitelist() { return $this->mEnableImageWhitelist; } function getEditSection() { return $this->mEditSection; } function getNumberHeadings() { return $this->mNumberHeadings; } function getAllowSpecialInclusion() { return $this->mAllowSpecialInclusion; } @@ -77,6 +79,7 @@ class ParserOptions function setInterwikiMagic( $x ) { return wfSetVar( $this->mInterwikiMagic, $x ); } function setAllowExternalImages( $x ) { return wfSetVar( $this->mAllowExternalImages, $x ); } function setAllowExternalImagesFrom( $x ) { return wfSetVar( $this->mAllowExternalImagesFrom, $x ); } + function setEnableImageWhitelist( $x ) { return wfSetVar( $this->mEnableImageWhitelist, $x ); } function setDateFormat( $x ) { return wfSetVar( $this->mDateFormat, $x ); } function setEditSection( $x ) { return wfSetVar( $this->mEditSection, $x ); } function setNumberHeadings( $x ) { return wfSetVar( $this->mNumberHeadings, $x ); } @@ -109,7 +112,7 @@ class ParserOptions /** Get user options */ function initialiseFromUser( $userInput ) { global $wgUseTeX, $wgUseDynamicDates, $wgInterwikiMagic, $wgAllowExternalImages; - global $wgAllowExternalImagesFrom, $wgAllowSpecialInclusion, $wgMaxArticleSize; + global $wgAllowExternalImagesFrom, $wgEnableImageWhitelist, $wgAllowSpecialInclusion, $wgMaxArticleSize; global $wgMaxPPNodeCount, $wgMaxTemplateDepth, $wgMaxPPExpandDepth, $wgCleanSignatures; $fname = 'ParserOptions::initialiseFromUser'; wfProfileIn( $fname ); @@ -131,6 +134,7 @@ class ParserOptions $this->mInterwikiMagic = $wgInterwikiMagic; $this->mAllowExternalImages = $wgAllowExternalImages; $this->mAllowExternalImagesFrom = $wgAllowExternalImagesFrom; + $this->mEnableImageWhitelist = $wgEnableImageWhitelist; $this->mSkin = null; # Deferred $this->mDateFormat = null; # Deferred $this->mEditSection = true; diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php index 72a7e231b0..113659143e 100644 --- a/languages/messages/MessagesEn.php +++ b/languages/messages/MessagesEn.php @@ -3588,4 +3588,13 @@ Enter the filename without the "{{ns:image}}:" prefix.', 'blankpage' => 'Blank page', 'intentionallyblankpage' => 'This page is intentionally left blank', +# External image whitelist +'external_image_whitelist' => ' #Leave this line exactly as it is
+#Put regular expression fragments (just the part that goes between the //) below
+#These will be matched with the URLs of external (hotlinked) images
+#Those that match will be displayed as images, otherwise only a link to the image will be shown
+#Lines beginning with # are treated as comments
+
+#Put all regex fragments above this line. Leave this line exactly as it is
', + ); -- 2.20.1