| Index: trunk/phase3/includes/parser/Parser.php |
| — | — | @@ -1442,7 +1442,7 @@ |
| 1443 | 1443 | |
| 1444 | 1444 | /** |
| 1445 | 1445 | * make an image if it's allowed, either through the global |
| 1446 | | - * option or through the exception |
| | 1446 | + * option, through the exception, or through the on-wiki whitelist |
| 1447 | 1447 | * @private |
| 1448 | 1448 | */ |
| 1449 | 1449 | function maybeMakeExternalImage( $url ) { |
| — | — | @@ -1450,13 +1450,41 @@ |
| 1451 | 1451 | $imagesfrom = $this->mOptions->getAllowExternalImagesFrom(); |
| 1452 | 1452 | $imagesexception = !empty($imagesfrom); |
| 1453 | 1453 | $text = false; |
| | 1454 | + # $imagesfrom could be either a single string or an array of strings, parse out the latter |
| | 1455 | + if( $imagesexception && is_array( $imagesfrom ) ) { |
| | 1456 | + $imagematch = false; |
| | 1457 | + foreach( $imagesfrom as $match ) { |
| | 1458 | + if( strpos( $url, $match ) === 0 ) { |
| | 1459 | + $imagematch = true; |
| | 1460 | + break; |
| | 1461 | + } |
| | 1462 | + } |
| | 1463 | + } elseif( $imagesexception ) { |
| | 1464 | + $imagematch = (strpos( $url, $imagesfrom ) === 0); |
| | 1465 | + } else { |
| | 1466 | + $imagematch = false; |
| | 1467 | + } |
| 1454 | 1468 | if ( $this->mOptions->getAllowExternalImages() |
| 1455 | | - || ( $imagesexception && strpos( $url, $imagesfrom ) === 0 ) ) { |
| | 1469 | + || ( $imagesexception && $imagematch ) ) { |
| 1456 | 1470 | if ( preg_match( self::EXT_IMAGE_REGEX, $url ) ) { |
| 1457 | 1471 | # Image found |
| 1458 | 1472 | $text = $sk->makeExternalImage( $url ); |
| 1459 | 1473 | } |
| 1460 | 1474 | } |
| | 1475 | + if( !$text && $this->mOptions->getEnableImageWhitelist() |
| | 1476 | + && preg_match( self::EXT_IMAGE_REGEX, $url ) ) { |
| | 1477 | + $whitelist = explode( "\n", wfMsgForContent( 'external_image_whitelist' ) ); |
| | 1478 | + foreach( $whitelist as $entry ) { |
| | 1479 | + # Sanitize the regex fragment, make it case-insensitive, ignore blank entries/comments |
| | 1480 | + if( strpos( $entry, '#' ) === 0 || $entry === '' ) |
| | 1481 | + continue; |
| | 1482 | + if( preg_match( '/' . str_replace( '/', '\\/', $entry ) . '/i', $url ) ) { |
| | 1483 | + # Image matches a whitelist entry |
| | 1484 | + $text = $sk->makeExternalImage( $url ); |
| | 1485 | + break; |
| | 1486 | + } |
| | 1487 | + } |
| | 1488 | + } |
| 1461 | 1489 | return $text; |
| 1462 | 1490 | } |
| 1463 | 1491 | |
| Index: trunk/phase3/includes/parser/ParserOptions.php |
| — | — | @@ -13,6 +13,7 @@ |
| 14 | 14 | var $mInterwikiMagic; # Interlanguage links are removed and returned in an array |
| 15 | 15 | var $mAllowExternalImages; # Allow external images inline |
| 16 | 16 | var $mAllowExternalImagesFrom; # If not, any exception? |
| | 17 | + var $mEnableImageWhitelist; # If not or it doesn't match, should we check an on-wiki whitelist? |
| 17 | 18 | var $mSkin; # Reference to the preferred skin |
| 18 | 19 | var $mDateFormat; # Date format index |
| 19 | 20 | var $mEditSection; # Create "edit section" links |
| — | — | @@ -37,6 +38,7 @@ |
| 38 | 39 | function getInterwikiMagic() { return $this->mInterwikiMagic; } |
| 39 | 40 | function getAllowExternalImages() { return $this->mAllowExternalImages; } |
| 40 | 41 | function getAllowExternalImagesFrom() { return $this->mAllowExternalImagesFrom; } |
| | 42 | + function getEnableImageWhitelist() { return $this->mEnableImageWhitelist; } |
| 41 | 43 | function getEditSection() { return $this->mEditSection; } |
| 42 | 44 | function getNumberHeadings() { return $this->mNumberHeadings; } |
| 43 | 45 | function getAllowSpecialInclusion() { return $this->mAllowSpecialInclusion; } |
| — | — | @@ -77,6 +79,7 @@ |
| 78 | 80 | function setInterwikiMagic( $x ) { return wfSetVar( $this->mInterwikiMagic, $x ); } |
| 79 | 81 | function setAllowExternalImages( $x ) { return wfSetVar( $this->mAllowExternalImages, $x ); } |
| 80 | 82 | function setAllowExternalImagesFrom( $x ) { return wfSetVar( $this->mAllowExternalImagesFrom, $x ); } |
| | 83 | + function setEnableImageWhitelist( $x ) { return wfSetVar( $this->mEnableImageWhitelist, $x ); } |
| 81 | 84 | function setDateFormat( $x ) { return wfSetVar( $this->mDateFormat, $x ); } |
| 82 | 85 | function setEditSection( $x ) { return wfSetVar( $this->mEditSection, $x ); } |
| 83 | 86 | function setNumberHeadings( $x ) { return wfSetVar( $this->mNumberHeadings, $x ); } |
| — | — | @@ -109,7 +112,7 @@ |
| 110 | 113 | /** Get user options */ |
| 111 | 114 | function initialiseFromUser( $userInput ) { |
| 112 | 115 | global $wgUseTeX, $wgUseDynamicDates, $wgInterwikiMagic, $wgAllowExternalImages; |
| 113 | | - global $wgAllowExternalImagesFrom, $wgAllowSpecialInclusion, $wgMaxArticleSize; |
| | 116 | + global $wgAllowExternalImagesFrom, $wgEnableImageWhitelist, $wgAllowSpecialInclusion, $wgMaxArticleSize; |
| 114 | 117 | global $wgMaxPPNodeCount, $wgMaxTemplateDepth, $wgMaxPPExpandDepth, $wgCleanSignatures; |
| 115 | 118 | $fname = 'ParserOptions::initialiseFromUser'; |
| 116 | 119 | wfProfileIn( $fname ); |
| — | — | @@ -131,6 +134,7 @@ |
| 132 | 135 | $this->mInterwikiMagic = $wgInterwikiMagic; |
| 133 | 136 | $this->mAllowExternalImages = $wgAllowExternalImages; |
| 134 | 137 | $this->mAllowExternalImagesFrom = $wgAllowExternalImagesFrom; |
| | 138 | + $this->mEnableImageWhitelist = $wgEnableImageWhitelist; |
| 135 | 139 | $this->mSkin = null; # Deferred |
| 136 | 140 | $this->mDateFormat = null; # Deferred |
| 137 | 141 | $this->mEditSection = true; |
| Index: trunk/phase3/includes/DefaultSettings.php |
| — | — | @@ -1583,12 +1583,24 @@ |
| 1584 | 1584 | /** If the above is false, you can specify an exception here. Image URLs |
| 1585 | 1585 | * that start with this string are then rendered, while all others are not. |
| 1586 | 1586 | * You can use this to set up a trusted, simple repository of images. |
| | 1587 | + * You may also specify an array of strings to allow multiple sites |
| 1587 | 1588 | * |
| 1588 | | - * Example: |
| | 1589 | + * Examples: |
| 1589 | 1590 | * $wgAllowExternalImagesFrom = 'http://127.0.0.1/'; |
| | 1591 | + * $wgAllowExternalImagesFrom = array( 'http://127.0.0.1/', 'http://example.com' ); |
| 1590 | 1592 | */ |
| 1591 | 1593 | $wgAllowExternalImagesFrom = ''; |
| 1592 | 1594 | |
| | 1595 | +/** If $wgAllowExternalImages is false, you can allow an on-wiki |
| | 1596 | + * whitelist of regular expression fragments to match the image URL |
| | 1597 | + * against. If the image matches one of the regular expression fragments, |
| | 1598 | + * The image will be displayed. |
| | 1599 | + * |
| | 1600 | + * Set this to true to enable the on-wiki whitelist (MediaWiki:External image whitelist) |
| | 1601 | + * Or false to disable it |
| | 1602 | + */ |
| | 1603 | +$wgEnableImageWhitelist = true; |
| | 1604 | + |
| 1593 | 1605 | /** Allows to move images and other media files. Experemintal, not sure if it always works */ |
| 1594 | 1606 | $wgAllowImageMoving = false; |
| 1595 | 1607 | |
| Index: trunk/phase3/languages/messages/MessagesEn.php |
| — | — | @@ -3588,4 +3588,13 @@ |
| 3589 | 3589 | 'blankpage' => 'Blank page', |
| 3590 | 3590 | 'intentionallyblankpage' => 'This page is intentionally left blank', |
| 3591 | 3591 | |
| | 3592 | +# External image whitelist |
| | 3593 | +'external_image_whitelist' => ' #Leave this line exactly as it is<pre> |
| | 3594 | +#Put regular expression fragments (just the part that goes between the //) below |
| | 3595 | +#These will be matched with the URLs of external (hotlinked) images |
| | 3596 | +#Those that match will be displayed as images, otherwise only a link to the image will be shown |
| | 3597 | +#Lines beginning with # are treated as comments |
| | 3598 | + |
| | 3599 | +#Put all regex fragments above this line. Leave this line exactly as it is</pre>', |
| | 3600 | + |
| 3592 | 3601 | ); |
| Index: trunk/phase3/RELEASE-NOTES |
| — | — | @@ -43,7 +43,10 @@ |
| 44 | 44 | * Editing the MediaWiki namespace is now unconditionally restricted to people |
| 45 | 45 | with the editinterface right, configuring this in $wgNamespaceProtection |
| 46 | 46 | is not required. |
| 47 | | - |
| | 47 | +* $wgAllowExternalImagesFrom may now be an array of multiple strings. |
| | 48 | +* Introduced $wgEnableImageWhitelist to toggle the on-wiki external image |
| | 49 | + whitelist on or off. |
| | 50 | + |
| 48 | 51 | === New features in 1.14 === |
| 49 | 52 | |
| 50 | 53 | * New URL syntaxes for Special:ListUsers - 'Special:ListUsers/USER' and |
| — | — | @@ -106,6 +109,9 @@ |
| 107 | 110 | * (bug 11884) Now support Flash EXIF attribute |
| 108 | 111 | * Show thumbnails in the file history list, patch by User:Agbad |
| 109 | 112 | * Added support of piped wikilinks using double-width brackets |
| | 113 | +* Added an on-wiki external image whitelist. Items in this whitelist are |
| | 114 | + treated as regular expression fragments to match for when possibly |
| | 115 | + displaying an external image inline. |
| 110 | 116 | |
| 111 | 117 | === Bug fixes in 1.14 === |
| 112 | 118 | |