Last modified: 2008-09-01 20:34:48 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T14530, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 12530 - $wgAllowExternalImagesFrom is to limiting, extend it to allow multiple domains
$wgAllowExternalImagesFrom is to limiting, extend it to allow multiple domains
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
File management (Other open bugs)
1.12.x
All All
: Normal enhancement (vote)
: ---
Assigned To: Nobody - You can work on this!
: easy, patch, patch-need-review
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-01-06 13:51 UTC by Daniel Friesen
Modified: 2008-09-01 20:34 UTC (History)
3 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Patch to MediaWiki 1.12 (r29322) which adds a wgAllowExternalImagesFromRegex variable. (5.47 KB, patch)
2008-01-06 13:51 UTC, Daniel Friesen 		Details
Add an attachment (proposed patch, testcase, etc.)

Description Daniel Friesen 2008-01-06 13:51:27 UTC 
Created attachment 4516 [details]
Patch to MediaWiki 1.12 (r29322) which adds a wgAllowExternalImagesFromRegex variable.

We have the variable $wgAllowExernalImages to let us disable spam through externally embedded images.

And we have $wgAllowExternalImagesFrom to then allow a single start of a url to be whitelisted.

But that isn't enough.

For examples:

Say we had our wiki:
http://www.example.com/
And our images were at:
http://www.example.com/images/

If we were to say set:
$wgAllowExernalImages = false;
$wgAllowExernalImagesFrom = 'http://www.example.com';

Then we can let people external embed using something like http://www.example.com/image/a/ab/Imagename.png.

However, if they tried to use say; http://example.com/image/a/ab/Imagename.png it wouldn't be allowed.

As for another example. Perhaps we might want to allow image hosting services, but wouldn't want to hotlink from non-hosting services. Unfortunately, we can only whitelist one url, and hosting services use more than one url starting.

So we need a better way to allow whitelisting image embeds. Either though an array or through Regex.
----
The attachment I have here is a patch to MediaWiki 1.12 (r29322), it allows the use of image whitelisting through the variable $wgAllowExternalImagesFromRegex. Didn't test it, but it's the simple sort of thing you just know works. Feel free to test it before applying.
Comment 1 Ryan Schmidt 2008-09-01 20:34:48 UTC 
Fixed in r40310
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links