Last modified: 2008-09-01 20:34:48 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 12530 - $wgAllowExternalImagesFrom is to limiting, extend it to allow multiple domains
$wgAllowExternalImagesFrom is to limiting, extend it to allow multiple domains
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
File management (Other open bugs)
1.12.x
All All
: Normal enhancement (vote)
: ---
Assigned To: Nobody - You can work on this!
: easy, patch, patch-need-review
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-01-06 13:51 UTC by Daniel Friesen
Modified: 2008-09-01 20:34 UTC (History)
3 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments
Patch to MediaWiki 1.12 (r29322) which adds a wgAllowExternalImagesFromRegex variable. (5.47 KB, patch)
2008-01-06 13:51 UTC, Daniel Friesen
Details

Description Daniel Friesen 2008-01-06 13:51:27 UTC
Created attachment 4516 [details]
Patch to MediaWiki 1.12 (r29322) which adds a wgAllowExternalImagesFromRegex variable.

We have the variable $wgAllowExernalImages to let us disable spam through externally embedded images.

And we have $wgAllowExternalImagesFrom to then allow a single start of a url to be whitelisted.

But that isn't enough.

For examples:

Say we had our wiki:
http://www.example.com/
And our images were at:
http://www.example.com/images/

If we were to say set:
$wgAllowExernalImages = false;
$wgAllowExernalImagesFrom = 'http://www.example.com';

Then we can let people external embed using something like http://www.example.com/image/a/ab/Imagename.png.

However, if they tried to use say; http://example.com/image/a/ab/Imagename.png it wouldn't be allowed.

As for another example. Perhaps we might want to allow image hosting services, but wouldn't want to hotlink from non-hosting services. Unfortunately, we can only whitelist one url, and hosting services use more than one url starting.

So we need a better way to allow whitelisting image embeds. Either though an array or through Regex.
----
The attachment I have here is a patch to MediaWiki 1.12 (r29322), it allows the use of image whitelisting through the variable $wgAllowExternalImagesFromRegex. Didn't test it, but it's the simple sort of thing you just know works. Feel free to test it before applying.
Comment 1 Ryan Schmidt 2008-09-01 20:34:48 UTC
Fixed in r40310

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links