From: Kaldari <rkaldari@wikimedia.org>
Date: Tue, 25 Sep 2012 00:24:16 +0000 (-0700)
Subject: Adding wildcard support to $wgCopyUploadsDomains
X-Git-Tag: 1.31.0-rc.0~22233^2
X-Git-Url: https://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/comptes/ajouter.php?a=commitdiff_plain;h=e3b95ca5eb1f0fcffa47a5210ba378f88913650b;p=lhc%2Fweb%2Fwiklou.git

Adding wildcard support to $wgCopyUploadsDomains

Change-Id: I06bff1c626d847e4e28dca0772a931f6d6925736
---

diff --git a/includes/upload/UploadFromUrl.php b/includes/upload/UploadFromUrl.php
index c11d7192a4..7ee064644c 100644
--- a/includes/upload/UploadFromUrl.php
+++ b/includes/upload/UploadFromUrl.php
@@ -61,6 +61,8 @@ class UploadFromUrl extends UploadBase {
 
 	/**
 	 * Checks whether the URL is for an allowed host
+	 * The domains in the whitelist can include wildcard characters (*) in place
+	 * of any of the domain levels, e.g. '*.flickr.com' or 'upload.*.gov.uk'.
 	 *
 	 * @param $url string
 	 * @return bool
@@ -76,10 +78,28 @@ class UploadFromUrl extends UploadBase {
 		}
 		$valid = false;
 		foreach( $wgCopyUploadsDomains as $domain ) {
+			// See if the domain for the upload matches this whitelisted domain
+			$whitelistedDomainPieces = explode( '.', $domain );
+			$uploadDomainPieces = explode( '.', $parsedUrl['host'] );
+			if ( count( $whitelistedDomainPieces ) === count( $uploadDomainPieces ) ) {
+				$valid = true;
+				// See if all the pieces match or not (excluding wildcards)
+				foreach ( $whitelistedDomainPieces as $index => $piece ) {
+					if ( $piece !== '*' && $piece !== $uploadDomainPieces[$index] ) {
+						$valid = false;
+					}
+				}
+				if ( $valid ) {
+					// We found a match, so quit comparing against the list
+					break;
+				}
+			}
+			/* Non-wildcard test
 			if ( $parsedUrl['host'] === $domain ) {
 				$valid = true;
 				break;
 			}
+			*/
 		}
 		return $valid;
 	}