https://www.mediawiki.org/wiki/Special:Code/MediaWiki/111524
Revision: 111524
Author: wikinaut
Date: 2012-02-15 07:14:15 +0000 (Wed, 15 Feb 2012)
Log Message:
-----------
empty or non-existent whitelist variable means: there are no allowed servers.
Show an error message. This is the new default. Refactored the whitelist
handling.
Modified Paths:
--------------
trunk/extensions/EtherpadLite/EtherpadLite.i18n.php
trunk/extensions/EtherpadLite/EtherpadLite.php
Modified: trunk/extensions/EtherpadLite/EtherpadLite.i18n.php
===================================================================
--- trunk/extensions/EtherpadLite/EtherpadLite.i18n.php 2012-02-15 06:06:27 UTC
(rev 111523)
+++ trunk/extensions/EtherpadLite/EtherpadLite.i18n.php 2012-02-15 07:14:15 UTC
(rev 111524)
@@ -15,6 +15,7 @@
'etherpadlite-desc' => 'Adds <eplite> parser tag to embed one or
many Etherpad Lite pads (which are hosted on local or external Etherpad Lite
server/s) on pages',
'etherpadlite-invalid-pad-url' => '"$1" is not a valid Etherpad Lite
URL or pad name.',
'etherpadlite-url-is-not-whitelisted' => '"$1" is not in the whitelist
of allowed Etherpad Lite servers. {{PLURAL:$3|$2 is the only allowed server|The
allowed servers are as follows: $2}}.',
+ 'etherpadlite-empty-whitelist' => '"$1" is not in the whitelist of
allowed Etherpad Lite servers. There are no allowed servers in the whitelist.',
);
/** Message documentation (Message documentation) */
Modified: trunk/extensions/EtherpadLite/EtherpadLite.php
===================================================================
--- trunk/extensions/EtherpadLite/EtherpadLite.php 2012-02-15 06:06:27 UTC
(rev 111523)
+++ trunk/extensions/EtherpadLite/EtherpadLite.php 2012-02-15 07:14:15 UTC
(rev 111524)
@@ -64,7 +64,7 @@
'path' => __FILE__,
'name' => 'EtherpadLite',
'author' => array( 'Thomas Gries' ),
- 'version' => '1.07 20120214',
+ 'version' => '1.08 20120215',
'url' => 'https://www.mediawiki.org/wiki/Extension:EtherpadLite',
'descriptionmsg' => 'etherpadlite-desc',
);
@@ -95,7 +95,13 @@
#
# Warning: Allowing all urls (not setting a whitelist)
# may be a security concern.
+#
+# an empty or non-existent array means: no whitelist defined
+# this is the default: an empty whitelist
$wgEtherpadLiteUrlWhitelist = array();
+#
+# include "*" if you expressly want to allow all urls
+# $wgEtherpadLiteUrlWhitelist = array( "*" );
# https://www.mediawiki.org/wiki/Manual:Tag_extensions
function wfEtherpadLiteParserInit( $parser ) {
@@ -146,7 +152,25 @@
# Sanitizer::cleanUrl just does some normalization, somewhat not needed.
$src = Sanitizer::cleanUrl( $src );
- if ( count( $wgEtherpadLiteUrlWhitelist ) && !in_array( $src,
$wgEtherpadLiteUrlWhitelist ) ) {
+ switch ( true ) {
+
+ # disallow because there is no whitelist or emtpy whitelist
+ case ( !isset( $wgEtherpadLiteUrlWhitelist )
+ || !is_array( $wgEtherpadLiteUrlWhitelist )
+ || ( count( $wgEtherpadLiteUrlWhitelist ) === 0 ) ):
+ return wfEtherpadLiteError( 'etherpadlite-empty-whitelist',
+ $src
+ );
+ break;
+
+ # allow
+ case ( in_array( "*", $wgEtherpadLiteUrlWhitelist ) ):
+ case ( in_array( $src, $wgEtherpadLiteUrlWhitelist ) ):
+ break;
+
+ # otherwise disallow
+ case ( !in_array( $src, $wgEtherpadLiteUrlWhitelist ) ):
+ default:
$listOfAllowed = $parser->getFunctionLang()->listToText(
$wgEtherpadLiteUrlWhitelist );
$numberAllowed = $parser->getFunctionLang()->formatNum( count(
$wgEtherpadLiteUrlWhitelist ) );
return wfEtherpadLiteError(
'etherpadlite-url-is-not-whitelisted',
_______________________________________________
MediaWiki-CVS mailing list
MediaWiki-CVS@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs
