The summary is that: https://meta.wikimedia.org/wiki/Special:UrlShortener can currently shorten url to any domain.
In T255491, we want rename $wgUrlShortenerDomainsWhitelist to $wgUrlShortenerAllowedDomains per the reasons in the parent task.
Because the default value of the variable differs from the Wikimedia configuration, we introduced the new one in r609572 and made both to work. They do work currently, and the intent is that, once all wikis are on 1.35.0-wmf.41 (which contained the new variable, I think) then we can switch to it and later remove the former from the extension.
Since $wgUrlShortenerAllowedDomains is not yet defined in WMF config, it caused T258056, which we worked around, but unfortunately one issue still remains, and as I checked it this morning I found locally first, later on metawiki, that I can shorten url from any domain.
The allowed domains are correctly returned from wmf config
$allowed = UrlShortenerUtils::getAllowedDomainsRegex() => "^(.*\.)?wikipedia\.org$|^(.*\.)?wiktionary\.org$|^(.*\.)?wikibooks\.org$|^(.*\.)?wikinews\.org$|^(.*\.)?wikiquote\.org$|^(.*\.)?wikisource\.org$|^(.*\.)?wikiversity\.org$|^(.*\.)?wikivoyage\.org$|^(.*\.)?wikimedia\.org$|^(.*\.)?wikidata\.org$|^(.*\.)?mediawiki\.org$|"
But note the offending vertical bar character at the end of the line: ...mediawiki\.org$|". because this character comes after the end of line delimiter it's causing the regex to literally match anything.
But why do we added it?, this is to allow correct concatenation of the two regexes from the two variables. The reason why it appears from the end of the line now, is because the other regex is now empty array . So it's actually like this ...mediawiki\.org$| .... empty array is here, that supposed to end with correct $ delimeter"
If we defined both $wgUrlShortenerDomainsWhitelist and $wgUrlShortenerAllowedDomains, without the vertical bar, the resultant regex will not be correct too.
To fix this we need to duplicate the values of $wgUrlShortenerDomainsWhitelist to $wgUrlShortenerAllowedDomains in wmf-config/CommonSettings.php, this will make the vertical bar to concat the regexes and disappear from the end of the regex, and ensure this is available on Meta-wiki as soon as possible. (But this has pitfall, see below)
However, it now occurred to me, that we forget one thing important through all these. Since short urls can only be created on Meta wiki, it would not matter if either of the variables is available or is even wrong on any wiki, so probably there's no need to wait for the variable change to be deployed on all wikis. Only what is available on Meta-wiki matters.
Another way to fix it (in the extension now), is to only add the vertical bar in the final regex if the second regex is not empty (what would happen when we do switch in CommonSettings.php)
$allowedDomains = $allowedDomainsOld . '|' $allowedDomainsNew; // Current code
$join = is_array( $wgUrlShortenerAllowedDomains ) ? '|' : ''; $allowedDomains = $allowedDomainsOld . $join . $allowedDomainsNew; // only add vertical bar if the second arrays is not empty
The reason why the CommonSettings.php config change has problems too, is that it will fix the problem now, but the moment we remove $wgUrlShortenerDomainsWhitelist from there, it will become false (default) which will cause T258056 to recur.
Probably there are better ways to fix this too.