http://www.mediawiki.org/wiki/Special:Code/MediaWiki/65286
Revision: 65286
Author: simetrical
Date: 2010-04-19 18:44:11 +0000 (Mon, 19 Apr 2010)
Log Message:
-----------
Create $wgAllowImageTag to whitelist <img>
I could have reused $wgAllowExternalImages, but that's . . . rather
ugly. It makes some external links mysteriously behave differently, and
of course doesn't allow setting attributes.
Modified Paths:
--------------
trunk/phase3/RELEASE-NOTES
trunk/phase3/includes/DefaultSettings.php
trunk/phase3/includes/Sanitizer.php
Modified: trunk/phase3/RELEASE-NOTES
===================================================================
--- trunk/phase3/RELEASE-NOTES 2010-04-19 18:24:21 UTC (rev 65285)
+++ trunk/phase3/RELEASE-NOTES 2010-04-19 18:44:11 UTC (rev 65286)
@@ -23,6 +23,7 @@
extensions has been removed.
* $wgLogAutocreatedAccounts controls whether autocreation of accounts is logged
to new users log.
+* $wgAllowImageTag can be set to true to whitelist the <img> tag in wikitext.
=== New features in 1.17 ===
* (bug 10183) Users can now add personal styles and scripts to all skins via
Modified: trunk/phase3/includes/DefaultSettings.php
===================================================================
--- trunk/phase3/includes/DefaultSettings.php 2010-04-19 18:24:21 UTC (rev
65285)
+++ trunk/phase3/includes/DefaultSettings.php 2010-04-19 18:44:11 UTC (rev
65286)
@@ -1909,6 +1909,16 @@
*/
$wgEnableImageWhitelist = true;
+/**
+ * A different approach to the above: simply allow the <img> tag to be used.
+ * This allows you to specify alt text and other attributes, copy-paste HTML to
+ * your wiki more easily, etc. However, allowing external images in any manner
+ * will allow anyone with editing rights to snoop on your visitors' IP
+ * addresses and so forth, if they wanted to, by inserting links to images on
+ * sites they control.
+ */
+$wgAllowImageTag = false;
+
/** Allows to move images and other media files */
$wgAllowImageMoving = true;
Modified: trunk/phase3/includes/Sanitizer.php
===================================================================
--- trunk/phase3/includes/Sanitizer.php 2010-04-19 18:24:21 UTC (rev 65285)
+++ trunk/phase3/includes/Sanitizer.php 2010-04-19 18:44:11 UTC (rev 65286)
@@ -389,6 +389,12 @@
'li',
);
+ global $wgAllowImageTag;
+ if ( $wgAllowImageTag ) {
+ $htmlsingle[] = 'img';
+ $htmlsingleonly[] = 'img';
+ }
+
$htmlsingleallowed = array_unique( array_merge(
$htmlsingle, $tabletags ) );
$htmlelementsStatic = array_unique( array_merge(
$htmlsingle, $htmlpairsStatic, $htmlnest ) );
@@ -1403,8 +1409,9 @@
# 13.2
# Not usually allowed, but may be used for
extension-style hooks
- # such as <math> when it is rasterized
- 'img' => array_merge( $common, array( 'alt' ) ),
+ # such as <math> when it is rasterized, or if
$wgAllowImageTag is
+ # true
+ 'img' => array_merge( $common, array( 'alt',
'src' ) ),
# 15.2.1
'tt' => $common,
_______________________________________________
MediaWiki-CVS mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs
