* $wgAllowExternalImagesFrom may now be an array of multiple strings.

* Added an on-wiki external image whitelist. Items in this whitelist are
  treated as regular expression fragments to match for when possibly
  displaying an external image inline. Controlled by $wgEnableImageWhitelist
  (true by default)

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 300d6ae..04515da 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -43,7 +43,10 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
 * Editing the MediaWiki namespace is now unconditionally restricted to people 
   with the editinterface right, configuring this in $wgNamespaceProtection 
   is not required.
-
+* $wgAllowExternalImagesFrom may now be an array of multiple strings.
+* Introduced $wgEnableImageWhitelist to toggle the on-wiki external image
+  whitelist on or off.
+  
 === New features in 1.14 ===
 
 * New URL syntaxes for Special:ListUsers - 'Special:ListUsers/USER' and
@@ -106,6 +109,9 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
 * (bug 11884) Now support Flash EXIF attribute
 * Show thumbnails in the file history list, patch by User:Agbad
 * Added support of piped wikilinks using double-width brackets
+* Added an on-wiki external image whitelist. Items in this whitelist are
+  treated as regular expression fragments to match for when possibly
+  displaying an external image inline.
 
 === Bug fixes in 1.14 ===
 

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 040c91c..ef02aae 100644 (file)
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -1583,12 +1583,24 @@ $wgAllowExternalImages = false;
 /** If the above is false, you can specify an exception here. Image URLs
   * that start with this string are then rendered, while all others are not.
   * You can use this to set up a trusted, simple repository of images.
+  * You may also specify an array of strings to allow multiple sites
   *
-  * Example:
+  * Examples:
   * $wgAllowExternalImagesFrom = 'http://127.0.0.1/';
+  * $wgAllowExternalImagesFrom = array( 'http://127.0.0.1/', 'http://example.com' );
   */
 $wgAllowExternalImagesFrom = '';
 
+/** If $wgAllowExternalImages is false, you can allow an on-wiki
+ * whitelist of regular expression fragments to match the image URL
+ * against. If the image matches one of the regular expression fragments,
+ * The image will be displayed.
+ *
+ * Set this to true to enable the on-wiki whitelist (MediaWiki:External image whitelist)
+ * Or false to disable it
+ */
+$wgEnableImageWhitelist = true;
+ 
 /** Allows to move images and other media files. Experemintal, not sure if it always works */
 $wgAllowImageMoving = false;
 

diff --git a/includes/parser/Parser.php b/includes/parser/Parser.php
index 032ecaa..6a85f29 100644 (file)
--- a/includes/parser/Parser.php
+++ b/includes/parser/Parser.php
@@ -1442,7 +1442,7 @@ class Parser
 
        /**
         * make an image if it's allowed, either through the global
-        * option or through the exception
+        * option, through the exception, or through the on-wiki whitelist
         * @private
         */
        function maybeMakeExternalImage( $url ) {
@@ -1450,13 +1450,41 @@ class Parser
                $imagesfrom = $this->mOptions->getAllowExternalImagesFrom();
                $imagesexception = !empty($imagesfrom);
                $text = false;
+               # $imagesfrom could be either a single string or an array of strings, parse out the latter
+               if( $imagesexception && is_array( $imagesfrom ) ) {
+                       $imagematch = false;
+                       foreach( $imagesfrom as $match ) {
+                               if( strpos( $url, $match ) === 0 ) {
+                                       $imagematch = true;
+                                       break;
+                               }
+                       }
+               } elseif( $imagesexception ) {
+                       $imagematch = (strpos( $url, $imagesfrom ) === 0);
+               } else {
+                       $imagematch = false;
+               }
                if ( $this->mOptions->getAllowExternalImages()
-                    || ( $imagesexception && strpos( $url, $imagesfrom ) === 0 ) ) {
+                    || ( $imagesexception && $imagematch ) ) {
                        if ( preg_match( self::EXT_IMAGE_REGEX, $url ) ) {
                                # Image found
                                $text = $sk->makeExternalImage( $url );
                        }
                }
+               if( !$text && $this->mOptions->getEnableImageWhitelist()
+                        && preg_match( self::EXT_IMAGE_REGEX, $url ) ) {
+                       $whitelist = explode( "\n", wfMsgForContent( 'external_image_whitelist' ) );
+                       foreach( $whitelist as $entry ) {
+                               # Sanitize the regex fragment, make it case-insensitive, ignore blank entries/comments
+                               if( strpos( $entry, '#' ) === 0 || $entry === '' )
+                                       continue;
+                               if( preg_match( '/' . str_replace( '/', '\\/', $entry ) . '/i', $url ) ) {
+                                       # Image matches a whitelist entry
+                                       $text = $sk->makeExternalImage( $url );
+                                       break;
+                               }
+                       }
+               }
                return $text;
        }
 

diff --git a/includes/parser/ParserOptions.php b/includes/parser/ParserOptions.php
index eb5eac6..2cde019 100644 (file)
--- a/includes/parser/ParserOptions.php
+++ b/includes/parser/ParserOptions.php
@@ -13,6 +13,7 @@ class ParserOptions
        var $mInterwikiMagic;            # Interlanguage links are removed and returned in an array
        var $mAllowExternalImages;       # Allow external images inline
        var $mAllowExternalImagesFrom;   # If not, any exception?
+       var $mEnableImageWhitelist;      # If not or it doesn't match, should we check an on-wiki whitelist?
        var $mSkin;                      # Reference to the preferred skin
        var $mDateFormat;                # Date format index
        var $mEditSection;               # Create "edit section" links
@@ -37,6 +38,7 @@ class ParserOptions
        function getInterwikiMagic()                { return $this->mInterwikiMagic; }
        function getAllowExternalImages()           { return $this->mAllowExternalImages; }
        function getAllowExternalImagesFrom()       { return $this->mAllowExternalImagesFrom; }
+       function getEnableImageWhitelist()          { return $this->mEnableImageWhitelist; }
        function getEditSection()                   { return $this->mEditSection; }
        function getNumberHeadings()                { return $this->mNumberHeadings; }
        function getAllowSpecialInclusion()         { return $this->mAllowSpecialInclusion; }
@@ -77,6 +79,7 @@ class ParserOptions
        function setInterwikiMagic( $x )            { return wfSetVar( $this->mInterwikiMagic, $x ); }
        function setAllowExternalImages( $x )       { return wfSetVar( $this->mAllowExternalImages, $x ); }
        function setAllowExternalImagesFrom( $x )   { return wfSetVar( $this->mAllowExternalImagesFrom, $x ); }
+       function setEnableImageWhitelist( $x )      { return wfSetVar( $this->mEnableImageWhitelist, $x ); }
        function setDateFormat( $x )                { return wfSetVar( $this->mDateFormat, $x ); }
        function setEditSection( $x )               { return wfSetVar( $this->mEditSection, $x ); }
        function setNumberHeadings( $x )            { return wfSetVar( $this->mNumberHeadings, $x ); }
@@ -109,7 +112,7 @@ class ParserOptions
        /** Get user options */
        function initialiseFromUser( $userInput ) {
                global $wgUseTeX, $wgUseDynamicDates, $wgInterwikiMagic, $wgAllowExternalImages;
-               global $wgAllowExternalImagesFrom, $wgAllowSpecialInclusion, $wgMaxArticleSize;
+               global $wgAllowExternalImagesFrom, $wgEnableImageWhitelist, $wgAllowSpecialInclusion, $wgMaxArticleSize;
                global $wgMaxPPNodeCount, $wgMaxTemplateDepth, $wgMaxPPExpandDepth, $wgCleanSignatures;
                $fname = 'ParserOptions::initialiseFromUser';
                wfProfileIn( $fname );
@@ -131,6 +134,7 @@ class ParserOptions
                $this->mInterwikiMagic = $wgInterwikiMagic;
                $this->mAllowExternalImages = $wgAllowExternalImages;
                $this->mAllowExternalImagesFrom = $wgAllowExternalImagesFrom;
+               $this->mEnableImageWhitelist = $wgEnableImageWhitelist;
                $this->mSkin = null; # Deferred
                $this->mDateFormat = null; # Deferred
                $this->mEditSection = true;

diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php
index 72a7e23..1136591 100644 (file)
--- a/languages/messages/MessagesEn.php
+++ b/languages/messages/MessagesEn.php
@@ -3588,4 +3588,13 @@ Enter the filename without the "{{ns:image}}:" prefix.',
 'blankpage'              => 'Blank page',
 'intentionallyblankpage' => 'This page is intentionally left blank',
 
+# External image whitelist
+'external_image_whitelist' => ' #Leave this line exactly as it is<pre>
+#Put regular expression fragments (just the part that goes between the //) below
+#These will be matched with the URLs of external (hotlinked) images
+#Those that match will be displayed as images, otherwise only a link to the image will be shown
+#Lines beginning with # are treated as comments
+
+#Put all regex fragments above this line. Leave this line exactly as it is</pre>',
+
 );