Page MenuHomePhabricator

Address Voice and Tone issues in MediaWiki Core
Open, Needs TriagePublic

Description

Targets
    Occurrences of '(white|black)[ \-]?list' in Selected files & directories
Found Occurrences  (464 usages found)
    core  (464 usages found)
        docs  (2 usages found)
            extension.schema.v2.json  (2 usages found)
                568 "ChangeCredentialsBlacklist": {
                572 "RemoveCredentialsBlacklist": {
        includes  (243 usages found)
            api  (19 usages found)
                i18n  (3 usages found)
                    en.json  (1 usage found)
                        23 Origin</code> header and the origin is whitelisted, the <code>Access-Control-Allow-Origin</code> and <code>Access-Control-Allow-Credentials</code> headers
                    pt-br.json  (1 usage found)
                        37 Origin</code> e a origem for permitida (''whitelisted''), os cabeçalhos <code>Access-Control-Allow-Origin</code> e <code>Access-Control-Allow-Credentials
                    pt.json  (1 usage found)
                        30 Origin</code> e a origem for permitida (''white-listed'') os cabeçalhos <code>Access-Control-Allow-Origin</code> e <code>Access-Control-Allow-Credentials
                ApiAuthManagerHelper.php  (1 usage found)
                    131 public static function blacklistAuthenticationRequests( array $reqs, array $remove ) {
                ApiChangeAuthenticationData.php  (2 usages found)
                    49 $reqs = ApiAuthManagerHelper::blacklistAuthenticationRequests(
                    51 $this->getConfig()->get( 'ChangeCredentialsBlacklist' )
                ApiClientLogin.php  (1 usage found)
                    98 $res->neededRequests = ApiAuthManagerHelper::blacklistAuthenticationRequests(
                ApiQueryAuthManagerInfo.php  (5 usages found)
                    74 // Filter out blacklisted requests, depending on the action
                    77 $reqs = ApiAuthManagerHelper::blacklistAuthenticationRequests(
                    78 $reqs, $this->getConfig()->get( 'ChangeCredentialsBlacklist' )
                    82 $reqs = ApiAuthManagerHelper::blacklistAuthenticationRequests(
                    83 $reqs, $this->getConfig()->get( 'RemoveCredentialsBlacklist' )
                ApiQuerySiteinfo.php  (1 usage found)
                    169 $data['imagewhitelistenabled'] = (bool)$config->get( 'EnableImageWhitelist' );
                ApiRemoveAuthenticationData.php  (1 usage found)
                    63 ? array_flip( $this->getConfig()->get( 'RemoveCredentialsBlacklist' ) )
                ApiUpload.php  (5 usages found)
                    669 if ( isset( $verification['blacklistedExt'] ) ) {
                    670 $msg[1] = Message::listParam( $verification['blacklistedExt'], 'comma' );
                    671 $msg[4] = count( $verification['blacklistedExt'] );
                    672 $extradata['blacklisted'] = array_values( $verification['blacklistedExt'] );
                    673 ApiResult::setIndexedTagName( $extradata['blacklisted'], 'ext' );
            auth  (7 usages found)
                AuthManager.php  (7 usages found)
                    1066 if ( $this->blockManager->isDnsBlacklisted( $ip, true /* check $wgProxyWhitelist */ ) ) {
                    1651 if ( $session->get( 'AuthManager::AutoCreateBlacklist' ) ) {
                    1652 $this->logger->debug( __METHOD__ . ': blacklisted in session {sessionid}', [
                    1658 $reason = $session->get( 'AuthManager::AutoCreateBlacklist' );
                    1671 $session->set( 'AuthManager::AutoCreateBlacklist', 'noname' );
                    1686 $session->set( 'AuthManager::AutoCreateBlacklist', 'authmanager-autocreate-noperm' );
                    1721 $session->set( 'AuthManager::AutoCreateBlacklist', $status );
            block  (24 usages found)
                AbstractBlock.php  (1 usage found)
                    276 * may be blacklisted or whitelisted, or determined from a
                BlockManager.php  (18 usages found)
                    60 'DnsBlacklistUrls',
                    61 'EnableDnsBlacklist',
                    63 'ProxyWhitelist',
                    208 if ( !in_array( $ip, $this->options->get( 'ProxyWhitelist' ) ) ) {
                    216 } elseif ( $isAnon && $this->isDnsBlacklisted( $ip ) ) {
                    238 && !in_array( $ip, $this->options->get( 'ProxyWhitelist' ) )
                    363 * Whether the given IP is in a DNS blacklist.
                    366 * @param bool $checkAllowed Whether to check $wgProxyWhitelist first
                    367 * @return bool True if blacklisted.
                    369 public function isDnsBlacklisted( $ip, $checkAllowed = false ) {
                    370 if ( !$this->options->get( 'EnableDnsBlacklist' ) ||
                    371 ( $checkAllowed && in_array( $ip, $this->options->get( 'ProxyWhitelist' ) ) )
                    376 return $this->inDnsBlacklist( $ip, $this->options->get( 'DnsBlacklistUrls' ) );
                    380 * Whether the given IP is in a given DNS blacklist.
                    383 * @param string[] $bases URL of the DNS blacklist
                    384 * @return bool True if blacklisted.
                    386 private function inDnsBlacklist( $ip, array $bases ) {
                    436 * @return string[]|bool IPv4 array, or false if the IP is not blacklisted
                DatabaseBlock.php  (2 usages found)
                    548 public static function isWhitelistedFromAutoblocks( $ip ) {
                    574 . "\n" . wfMessage( 'autoblock_whitelist' )->inContentLanguage()->plain()
                SystemBlock.php  (3 usages found)
                    27 * from IP blacklists) and are not saved to the database. The target of a
                    60 * - 'proxy': the IP is blacklisted in $wgProxyList
                    61 * - 'dnsbl': the IP is associated with a blacklisted domain in $wgDnsBlacklistUrls
            composer  (6 usages found)
                ComposerPhpunitXmlCoverageEdit.php  (6 usages found)
                    41 $whitelist = iterator_to_array( $phpunitXml->getElementsByTagName( 'whitelist' ) );
                    43 foreach ( $whitelist as $childNode ) {
                    46 $whitelistElement = $phpunitXml->createElement( 'whitelist' );
                    47 $whitelistElement->setAttribute( 'addUncoveredFilesFromWhitelist', 'false' );
                    52 $whitelistElement->appendChild( $dirElement );
                    56 ->appendChild( $whitelistElement );
            gallery  (2 usages found)
                ImageGalleryBase.php  (1 usage found)
                    77 * @var bool Hide blacklisted images?
                TraditionalImageGallery.php  (1 usage found)
                    121 # The image is blacklisted, just show it as a text link.
            HookContainer  (4 usages found)
                HookRunner.php  (4 usages found)
                    482 \MediaWiki\Permissions\Hook\TitleReadWhitelistHook,
                    4039 public function onTitleReadWhitelist( $title, $user, &$whitelisted ) {
                    4041 'TitleReadWhitelist',
                    4042 [ $title, $user, &$whitelisted ]
            jobqueue  (5 usages found)
                JobQueueFederated.php  (1 usage found)
                    292 unset( $partitionsTry[$partition] ); // blacklist partition
                JobRunner.php  (4 usages found)
                    221 $blacklist = $throttle ? array_keys( $backoffs ) : [];
                    227 ->pop( JobQueueGroup::TYPE_DEFAULT, JobQueueGroup::USE_CACHE, $blacklist );
                    230 // that type of job is currently rate-limited by the back-off blacklist
                    231 $job = in_array( $type, $blacklist ) ? false : $this->jobQueueGroup->pop( $type );
            libs  (2 usages found)
                mime  (1 usage found)
                    XmlTypeCheck.php  (1 usage found)
                        414 * We whitelist an extremely restricted subset of DTD features.
                Cookie.php  (1 usage found)
                    77 * A better method might be to use a blacklist like
            page  (1 usage found)
                Article.php  (1 usage found)
                    492 # Another whitelist check in case getOldID() is altering the title
            pager  (1 usage found)
                TablePager.php  (1 usage found)
                    408 * blacklist, passed in the $blacklist parameter.
            parser  (14 usages found)
                Parser.php  (6 usages found)
                    2314 * option, through the exception, or through the on-wiki whitelist
                    2347 if ( !$text && $this->mOptions->getEnableImageWhitelist()
                    2350 $whitelist = explode(
                    2352 wfMessage( 'external_image_whitelist' )->inContentLanguage()->text()
                    2355 foreach ( $whitelist as $entry ) {
                    2362 # Image matches a whitelist entry
                ParserOptions.php  (8 usages found)
                    299 * Use the on-wiki external image whitelist?
                    302 public function getEnableImageWhitelist() {
                    303 return $this->getOption( 'enableImageWhitelist' );
                    307 * Use the on-wiki external image whitelist?
                    313 public function setEnableImageWhitelist( $x ) {
                    315 return $this->setOptionLegacy( 'enableImageWhitelist', $x );
                    1244 $wgAllowExternalImagesFrom, $wgEnableImageWhitelist, $wgAllowSpecialInclusion,
                    1293 'enableImageWhitelist' => $wgEnableImageWhitelist,
            Permissions  (22 usages found)
                Hook  (5 usages found)
                    TitleReadWhitelistHook.php  (5 usages found)
                        10 * Use the hook name "TitleReadWhitelist" to register handlers implementing this interface.
                        15 interface TitleReadWhitelistHook {
                        24 * @param bool &$whitelisted Whether this title is whitelisted
                        25 * @return bool|void True or no return value to continue, or false to *not* whitelist
                        28 public function onTitleReadWhitelist( $title, $user, &$whitelisted );
                PermissionManager.php  (17 usages found)
                    66 'WhitelistRead',
                    67 'WhitelistReadRegexp',
                    571 $whiteListRead = $this->options->get( 'WhitelistRead' );
                    589 } elseif ( is_array( $whiteListRead ) && count( $whiteListRead ) ) {
                    590 # Time to check the whitelist
                    595 // Check for explicit whitelisting with and without underscores
                    596 if ( in_array( $name, $whiteListRead, true )
                    597 || in_array( $dbName, $whiteListRead, true ) ) {
                    602 if ( in_array( ':' . $name, $whiteListRead ) ) {
                    612 if ( in_array( $pure, $whiteListRead, true ) ) {
                    619 $whitelistReadRegexp = $this->options->get( 'WhitelistReadRegexp' );
                    620 if ( !$allowed && is_array( $whitelistReadRegexp )
                    621 && !empty( $whitelistReadRegexp ) ) {
                    623 // Check for regex whitelisting
                    624 foreach ( $whitelistReadRegexp as $listItem ) {
                    633 # If the title is not whitelisted, give extensions a chance to do so...
                    634 $this->hookRunner->onTitleReadWhitelist( $title, $user, $allowed );
            preferences  (8 usages found)
                DefaultPreferencesFactory.php  (7 usages found)
                    111 'EnableUserEmailBlacklist',
                    174 public function getSaveBlacklist() {
                    238 if ( $disable && !in_array( $name, $this->getSaveBlacklist() ) ) {
                    753 if ( $this->options->get( 'EnableUserEmailBlacklist' ) ) {
                    754 $defaultPreferences['email-blacklist'] = [
                    756 'label-message' => 'email-blacklist-label',
                    1784 foreach ( $this->getSaveBlacklist() as $b ) {
                PreferencesFactory.php  (1 usage found)
                    85 public function getSaveBlacklist();
            registration  (4 usages found)
                ExtensionProcessor.php  (4 usages found)
                    22 'ChangeCredentialsBlacklist',
                    51 'RemoveCredentialsBlacklist',
                    252 // Only whitelisted attributes are set
                    261 // If it's not blacklisted, it's an attribute
            session  (1 usage found)
                SessionProvider.php  (1 usage found)
                    404 * occurring in the future. This might add the username to a blacklist, or
            shell  (25 usages found)
                Command.php  (3 usages found)
                    201 * whitelisted will be available to the shell command.
                    203 * limit.sh will always be whitelisted
                    209 public function whitelistPaths( array $paths ): Command {
                firejail.profile  (22 usages found)
                    22 blacklist /sbin
                    23 blacklist /usr/sbin
                    24 blacklist /usr/local/sbin
                    26 # Blacklist /run which typically contains many exploitable UNIX sockets. But
                    27 # don't blacklist /run/firejail which firejail needs. Using a glob means that
                    29 # the noblacklist directive to work. (T262364)
                    30 noblacklist /run/firejail
                    31 blacklist /run/*
                    34 blacklist /etc/shadow
                    35 blacklist /etc/ssh
                    36 blacklist /root
                    39 blacklist ${PATH}/umount
                    40 blacklist ${PATH}/mount
                    41 blacklist ${PATH}/fusermount
                    42 blacklist ${PATH}/su
                    43 blacklist ${PATH}/sudo
                    44 blacklist ${PATH}/xinput
                    45 blacklist ${PATH}/evtest
                    46 blacklist ${PATH}/xev
                    47 blacklist ${PATH}/strace
                    48 blacklist ${PATH}/nc
                    49 blacklist ${PATH}/ncat
            specialpage  (3 usages found)
                AuthManagerSpecialPage.php  (3 usages found)
                    232 * Allows blacklisting certain request types.
                    236 protected function getRequestBlacklist() {
                    277 return !in_array( get_class( $req ), $this->getRequestBlacklist(), true );
            specials  (20 usages found)
                forms  (1 usage found)
                    UploadForm.php  (1 usage found)
                        264 $prohibitedExtensions = array_unique( $config->get( 'FileBlacklist' ) );
                SpecialChangeCredentials.php  (2 usages found)
                    285 protected function getRequestBlacklist() {
                    286 return $this->getConfig()->get( 'ChangeCredentialsBlacklist' );
                SpecialEmailUser.php  (1 usage found)
                    243 $muteList = $target->getOption( 'email-blacklist', '' );
                SpecialLinkAccounts.php  (2 usages found)
                    33 protected function getRequestBlacklist() {
                    34 return $this->getConfig()->get( 'ChangeCredentialsBlacklist' );
                SpecialMute.php  (5 usages found)
                    164 * @param string $userOption up_property key that holds the blacklist
                    200 $config->get( 'EnableUserEmailBlacklist' ) &&
                    204 $fields['email-blacklist'] = [
                    210 'default' => $this->isTargetMuted( 'email-blacklist' ),
                    254 public function isTargetBlacklisted( $userOption ) {
                SpecialRemoveCredentials.php  (2 usages found)
                    27 protected function getRequestBlacklist() {
                    28 return $this->getConfig()->get( 'RemoveCredentialsBlacklist' );
                SpecialShortPages.php  (1 usage found)
                    66 $config->get( 'ShortPagesNamespaceBlacklist' )
                SpecialUnlinkAccounts.php  (2 usages found)
                    38 protected function getRequestBlacklist() {
                    39 return $this->getConfig()->get( 'RemoveCredentialsBlacklist' );
                SpecialUpload.php  (4 usages found)
                    758 if ( isset( $details['blacklistedExt'] ) ) {
                    759 $msg->params( $this->getLanguage()->commaList( $details['blacklistedExt'] ) );
                    770 if ( isset( $details['blacklistedExt'] ) ) {
                    771 $msg->params( count( $details['blacklistedExt'] ) );
            upload  (29 usages found)
                UploadBase.php  (25 usages found)
                    79 protected $mBlackListedExtensions;
                    361 * - 'blacklistedExt': set to the list of blacklisted file extensions if the current file extension
                    362 *    is not allowed for uploads and the blacklist is not empty
                    425 if ( count( $this->mBlackListedExtensions ) ) {
                    426 $result['blacklistedExt'] = $this->mBlackListedExtensions;
                    450 global $wgMimeTypeBlacklist;
                    451 if ( $this->checkFileExtension( $mime, $wgMimeTypeBlacklist ) ) {
                    466 if ( $this->checkFileExtension( $ieType, $wgMimeTypeBlacklist ) ) {
                    540 * Runs the blacklist checks, but not any checks that may
                    1033 * We'll want to blacklist against *any* 'extension', and use
                    1034 * only the final one for the whitelist.
                    1065 /* Don't allow users to override the blacklist (check file extension) */
                    1067 global $wgFileExtensions, $wgFileBlacklist;
                    1069 $blackListedExtensions = $this->checkFileExtensionList( $ext, $wgFileBlacklist );
                    1076 } elseif ( $blackListedExtensions ||
                    1080 $this->mBlackListedExtensions = $blackListedExtensions;
                    1245 * scripts, so the blacklist needs to check them all.
                    1449 * Check a whitelist of xml encodings that are known not to be interpreted differently
                    1482 // detect the encoding in case is specifies an encoding not whitelisted in self::$safeXmlEncodings
                    1586 * @todo Replace this with a whitelist filter!
                    1727 wfDebug( __METHOD__ . ": Found href to unwhitelisted data: uri "
                    2129 foreach ( self::getFilenamePrefixBlacklist() as $prefix ) {
                    2159 * Get a list of blacklisted filename prefixes from [[MediaWiki:Filename-prefix-blacklist]]
                    2163 public static function getFilenamePrefixBlacklist() {
                    2165 $message = wfMessage( 'filename-prefix-blacklist' )->inContentLanguage();
                UploadFromUrl.php  (2 usages found)
                    71 * The domains in the whitelist can include wildcard characters (*) in place
                    88 // See if the domain for the upload matches this whitelisted domain
                UploadStash.php  (2 usages found)
                    479 global $wgFileBlacklist;
                    493 if ( in_array( $extension, $wgFileBlacklist ) ) {
            user  (1 usage found)
                UserOptionsManager.php  (1 usage found)
                    315 $specialOptions = array_fill_keys( $preferencesFactory->getSaveBlacklist(), true );
            ContentSecurityPolicy.php  (5 usages found)
                246 // A future todo might be to make the whitelist options only
                247 // add all the whitelisted sites to the header, instead of
                256 } elseif ( $mwConfig->get( 'EnableImageWhitelist' ) ) {
                257 $whitelist = wfMessage( 'external_image_whitelist' )
                260 if ( preg_match( '/^\s*[^\s#]/m', $whitelist ) ) {
            DefaultSettings.php  (29 usages found)
                1090 $wgFileBlacklist = [
                1105 $wgMimeTypeBlacklist = [
                1853 * Set to true to enable user-to-user e-mail blacklist.
                1857 $wgEnableUserEmailBlacklist = false;
                4670 * Optional array of namespaces which should be blacklisted from Special:ShortPages
                4671 * Only pages inside $wgContentNamespaces but not $wgShortPagesNamespaceBlacklist will
                4675 $wgShortPagesNamespaceBlacklist = [];
                4897 * Set this to true to enable the on-wiki allow list (MediaWiki:External image whitelist)
                4902 $wgEnableImageWhitelist = false;
                5430 $wgChangeCredentialsBlacklist = [
                5443 $wgRemoveCredentialsBlacklist = [
                5610 'msg:sorbs', // For $wgEnableDnsBlacklist etc.
                5815 * $wgWhitelistRead = [ "Main Page", "Wikipedia:Help" ];
                5827 * @note Extensions should not modify this, but use the TitleReadWhitelist
                5830 $wgWhitelistRead = false;
                5839 * To whitelist [[Main Page]]:
                5841 * $wgWhitelistReadRegexp = [ "/Main Page/" ];
                5851 * $wgWhitelistReadRegexp = [ "@^UsEr.*@i" ];
                5858 $wgWhitelistReadRegexp = false;
                5894 * This replaces $wgWhitelistAccount and $wgWhitelistEdit
                6376 * Whether to use DNS blacklists in $wgDnsBlacklistUrls to check for open
                6380 $wgEnableDnsBlacklist = false;
                6383 * List of DNS blacklists to use, if $wgEnableDnsBlacklist is true.
                6386 * the blacklist require a key).
                6390 * $wgDnsBlacklistUrls = [
                6405 $wgDnsBlacklistUrls = [ 'http.dnsbl.sorbs.net.' ];
                6418 * Proxy whitelist, list of addresses that are assumed to be non-proxy despite
                6421 $wgProxyWhitelist = [];
                9441 /* MediaWiki whitelist */
            GitInfo.php  (1 usage found)
                254 ->whitelistPaths( [ $gitDir, $this->repoDir ] )
            GlobalFunctions.php  (1 usage found)
                1475 # @todo FIXME: We may want to blacklist some broken browsers
            OutputPage.php  (1 usage found)
                2762 $msg = 'whitelistedittext';
            Setup.php  (2 usages found)
                249 // Blacklisted file extensions shouldn't appear on the "allowed" list
                250 $wgFileExtensions = array_values( array_diff( $wgFileExtensions, $wgFileBlacklist ) );
            StreamFile.php  (4 usages found)
                105 global $wgFileBlacklist, $wgCheckFileExtensions, $wgStrictFileExtensions,
                106 $wgFileExtensions, $wgVerifyMimeType, $wgMimeTypeBlacklist;
                108 if ( UploadBase::checkFileExtensionList( $extList, $wgFileBlacklist ) ) {
                116 if ( $wgVerifyMimeType && in_array( strtolower( $type ), $wgMimeTypeBlacklist ) ) {
            WebRequest.php  (2 usages found)
                1169 * @param array $extWhitelist
                1172 public function checkUrlExtension( $extWhitelist = [] ) {
        tests  (82 usages found)
            phpunit  (82 usages found)
                includes  (73 usages found)
                    auth  (18 usages found)
                        AuthManagerTest.php  (18 usages found)
                            1570 'wgEnableDnsBlacklist' => true,
                            1571 'wgDnsBlacklistUrls' => [
                            1574 'wgProxyWhitelist' => [],
                            1580 $this->setMwGlobals( 'wgProxyWhitelist', [ '127.0.0.1' ] );
                            2604 // Session blacklisted
                            2606 $session->set( 'AuthManager::AutoCreateBlacklist', 'test' );
                            2616 [ LogLevel::DEBUG, 'blacklisted in session {sessionid}' ],
                            2621 $session->set( 'AuthManager::AutoCreateBlacklist', StatusValue::newFatal( 'test2' ) );
                            2631 [ LogLevel::DEBUG, 'blacklisted in session {sessionid}' ],
                            2649 $this->assertSame( 'noname', $session->get( 'AuthManager::AutoCreateBlacklist' ) );
                            2669 'authmanager-autocreate-noperm', $session->get( 'AuthManager::AutoCreateBlacklist' )
                            2741 StatusValue::newFatal( 'fail-in-pre' ), $session->get( 'AuthManager::AutoCreateBlacklist' )
                            2758 StatusValue::newFatal( 'fail-in-primary' ), $session->get( 'AuthManager::AutoCreateBlacklist' )
                            2775 StatusValue::newFatal( 'fail-in-secondary' ), $session->get( 'AuthManager::AutoCreateBlacklist' )
                            2795 $this->assertSame( null, $session->get( 'AuthManager::AutoCreateBlacklist' ) );
                            2815 $this->assertSame( null, $session->get( 'AuthManager::AutoCreateBlacklist' ) );
                            2840 $this->assertSame( null, $session->get( 'AuthManager::AutoCreateBlacklist' ) );
                            2869 $this->assertSame( null, $session->get( 'AuthManager::AutoCreateBlacklist' ) );
                    block  (40 usages found)
                        BlockManagerTest.php  (40 usages found)
                            34 'wgDnsBlacklistUrls' => [],
                            35 'wgEnableDnsBlacklist' => true,
                            37 'wgProxyWhitelist' => [],
                            273 * @dataProvider provideIsDnsBlacklisted
                            274 * @covers ::isDnsBlacklisted
                            275 * @covers ::inDnsBlacklist
                            277 public function testIsDnsBlacklisted( $options, $expected ) {
                            279 'wgEnableDnsBlacklist' => true,
                            280 'wgDnsBlacklistUrls' => $options['blacklist'],
                            281 'wgProxyWhitelist' => $options['whitelist'],
                            296 $blockManager->isDnsBlacklisted( $options['ip'], $options['checkWhitelist'] )
                            300 public static function provideIsDnsBlacklisted() {
                            304 'IP is blacklisted' => [
                            306 'blacklist' => [ 'dnsbl.test' ],
                            310 'whitelist' => [],
                            311 'checkWhitelist' => false,
                            315 'IP is blacklisted; blacklist has key' => [
                            317 'blacklist' => [ [ 'dnsbl.test', 'key' ] ],
                            321 'whitelist' => [],
                            322 'checkWhitelist' => false,
                            326 'IP is blacklisted; blacklist is array' => [
                            328 'blacklist' => [ [ 'dnsbl.test' ] ],
                            332 'whitelist' => [],
                            333 'checkWhitelist' => false,
                            337 'IP is not blacklisted' => [
                            339 'blacklist' => [ 'dnsbl.test' ],
                            343 'whitelist' => [],
                            344 'checkWhitelist' => false,
                            348 'Blacklist is empty' => [
                            350 'blacklist' => [],
                            354 'whitelist' => [],
                            355 'checkWhitelist' => false,
                            359 'IP is blacklisted and whitelisted; whitelist is not checked' => [
                            361 'blacklist' => [ 'dnsbl.test' ],
                            365 'whitelist' => [ '127.0.0.1' ],
                            366 'checkWhitelist' => false,
                            370 'IP is blacklisted and whitelisted; whitelist is checked' => [
                            372 'blacklist' => [ 'dnsbl.test' ],
                            376 'whitelist' => [ '127.0.0.1' ],
                            377 'checkWhitelist' => true,
                    password  (1 usage found)
                        UserPasswordPolicyTest.php  (1 usage found)
                            85 'PasswordCannotMatchBlacklist' => true,
                    specials  (13 usages found)
                        SpecialMuteTest.php  (11 usages found)
                            19 'wgEnableUserEmailBlacklist' => true
                            48 public function testEmailBlacklistNotEnabled() {
                            55 'wgEnableUserEmailBlacklist' => false
                            77 public function testMuteAddsUserToEmailBlacklist() {
                            85 $this->userOptionsManager->setOption( $loggedInUser, 'email-blacklist', "999" );
                            89 $fauxRequest = new FauxRequest( [ 'wpemail-blacklist' => true ], true );
                            97 $this->userOptionsManager->getOption( $loggedInUser, 'email-blacklist' )
                            104 public function testUnmuteRemovesUserFromEmailBlacklist() {
                            112 $this->userOptionsManager->setOption( $loggedInUser, 'email-blacklist', "999\n" . $targetUser->getId() );
                            116 $fauxRequest = new FauxRequest( [ 'wpemail-blacklist' => false ], true );
                            122 $this->assertSame( "999", $this->userOptionsManager->getOption( $loggedInUser, 'email-blacklist' ) );
                        SpecialShortPagesTest.php  (2 usages found)
                            18 public function testGetQueryInfoRespectsContentNS( $contentNS, $blacklistNS, $expectedNS ) {
                            20 'wgShortPagesNamespaceBlacklist' => $blacklistNS,
                    ContentSecurityPolicyTest.php  (1 usage found)
                        19 'wgEnableImageWhitelist' => false,
                unit  (7 usages found)
                    includes  (7 usages found)
                        Permissions  (2 usages found)
                            PermissionManagerTest.php  (2 usages found)
                                35 'WhitelistRead' => false,
                                36 'WhitelistReadRegexp' => false,
                        BadFileLookupTest.php  (5 usages found)
                            177 'Context page not whitelisted' =>
                            180 'Whitelisted context page' =>
                            184 'Bad image with Image: in blacklist' => [ 'Bad2.jpg', null, true ],
                            185 'Bad image without prefix in blacklist' => [ 'Bad3.jpg', null, true ],
                            186 'Bad image with different namespace in blacklist' => [ 'Bad4.jpg', null, true ],
                suite.xml  (2 usages found)
                    67 <whitelist addUncoveredFilesFromWhitelist="true">
                    77 </whitelist>
        .phpcs.xml  (8 usages found)
            73 			Whitelist existing violations, but enable the sniff to prevent
            119 			Whitelist existing violations, but enable the sniff to prevent
            166 			Whitelist existing violations, but enable the sniff to prevent
            191 			Whitelist existing violations, but enable the sniff to prevent
            200 			Whitelist existing violations, but enable the sniff to prevent
            210 			Whitelist existing violations, but enable the sniff to prevent
            223 			Whitelist existing violations, but enable the sniff to prevent
            231 			Whitelist existing violations, but enable the sniff to prevent
        HISTORY  (119 usages found)
            222 * (T262364) shell: Don't blacklist /run/firejail.
            495 * (T204618) Whitelisted the aria-hidden HTML attribute for all elements in
            606 * Replaced wikimedia/password-blacklist 0.1.4 with wikimedia/common-passwords
            854 * Sanitizer::setupAttributeWhitelist() and Sanitizer::attributeWhitelist(),
            1004 * The deprecated $blacklist parameter to wfIsBadImage() has been removed.
            1182     and ::setEnableImageWhitelist() have been deprecated.  Future parsers
            1937 $wgPasswordPolicy['policies']['default']['PasswordNotInLargeBlacklist'] = false;
            2376 * User::isLocallyBlockedProxy and User::inDnsBlacklist are deprecated and moved
            2378 * User::isDnsBlacklisted is deprecated. Use BlockManager::isDnsBlacklisted
            2431 * Sanitizer::attributeWhitelist() and Sanitizer::setupAttributeWhitelist()
            2702   password is not in the large blacklist. This is enabled by default for the
            2704   this for other user groups, set the `PasswordNotInLargeBlacklist` flag `true`.
            2776 * Added wikimedia/password-blacklist 0.1.4.
            2919   * getSaveBlacklist()
            3062   follow best practices, it is reccommended to use 'PasswordNotInLargeBlacklist'
            3063   instead which blacklists 100,000 commonly used passwords.
            3219 * (T208881) SECURITY: blacklist CSS var().
            3326 * $wgEnableImageWhitelist is now disabled by default, as it opens up a hole for
            3328   "MediaWiki:External image whitelist" on your wiki to see whether the feature
            3335 * $wgBrowserBlacklist – This setting, deprecated in 1.30, was removed.
            3462 * (T198935) User list preferences such as `email-blacklist` and similar
            4262 * (T208881) SECURITY: blacklist CSS var().
            4822 * (T208881) SECURITY: blacklist CSS var().
            4947   $wgEnableUserEmailBlacklist to true.
            4948 * (T67297) $wgBrowserBlacklist is deprecated, and changing it will have no
            5213 The SpamBlacklist and PdfHandler extensions were missing from the generated
            5328 * (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file
            5641 * (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file
            6026 * (T208881) SECURITY: blacklist CSS var().
            6150 * (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file
            6378 * Whitelisted the following HTML attributes for all elements in wikitext:
            6419 ** Two new globals, $wgChangeCredentialsBlacklist and
            6420    $wgRemoveCredentialsBlacklist can be used to prevent the web UI and the API
            8572 * (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file
            8849 * $wgHttpOnlyBlacklist has been removed.
            9417 * (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted
            9419   the namespace name if they use a non- whitelisted namespace.
            9478   have been whitelisted inside of $wgUrlProtocols.
            9538 * (bug 44525) mediawiki.jqueryMsg can now parse (whitelisted) HTML elements and
            9669   uploads by URL, useful for blacklisting specific URLs
            10062 * (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted
            10065   non-whitelisted namespace.
            10164 * The HTML5 <mark> tag has been whitelisted.
            10205 * Added $wgWhitelistReadRegexp for regex whitelisting.
            10459 * BREAKING CHANGE: (bug 38244) Removed the mediawiki.api.titleblacklist module
            10460   and moved it to the TitleBlacklist extension.
            10499 * (bug 47304) SECURITY: Check SVG xml encoding against whitelist
            10680   API upload errors due to the file extension blacklist.
            10904 * (bug 11142) Improve file extension blacklist error reporting in API upload.
            11079 * (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted
            11081   the namespace name if they use a non- whitelisted namespace.
            11140 * (bug 47304) SECURITY: Check SVG xml encoding against whitelist
            11216 * Expanded Blacklist for SVG Files
            11240 * (bug 35303) Proxy and DNS blacklist blocking works again
            11269 * $wgDnsBlacklistUrls now accepts an array with url and key as the
            11644 * Expanded Blacklist for SVG Files
            12030 * (bug 18372) File types blacklisted by $wgFileBlacklist will no longer be shown
            12071   extensions is blacklisted now gives the proper extension in the error message.
            12503 * Expanded Blacklist for SVG Files
            12746 * (bug 671) The <dfn>, <kbd> and <samp> elements have been whitelisted in user
            12817 * Added $wgAllowImageTag, which can be set to true to whitelist the <img> tag
            13084 * (bug 18372) File types blacklisted by $wgFileBlacklist will no longer be shown
            13521   to $wgDnsBlacklistUrls (backward compatibility kept)
            13530 * $wgEnableSorbs renamed to $wgDnsBlacklistUrls ($wgEnableSorbs kept for
            13712 * Added $wgRateLimitsExcludedIPs, to allow specific IPs to be whitelisted from
            13918 * (bug 19355) Added .xhtml, .xht to upload file extension blacklist
            14509 * Added $wgRateLimitsExcludedIPs, to allow specific IPs to be whitelisted from
            14833 * Introduced $wgEnableImageWhitelist to toggle the on-wiki external image
            14834   whitelist on or off.
            14932 * Added an on-wiki external image whitelist. Items in this whitelist are
            15188 * Blacklist redirects via Special:Filepath, hard to use.
            15488 * Blacklist redirects via Special:Filepath. Such redirects exacerbate any
            15861 * (bug 13905) Blacklist Mac IE from HttpOnly cookies; it eats them sometimes
            16155 * Blacklist redirects via Special:Filepath. Such redirects exacerbate any XSS
            16398 * Fixed notice when accessing special page without read permission and whitelist
            16471 * If restricted read access was enabled, whitelist didn't work with special
            16937 * (bug 8989) Blacklist 'mhtml' and 'mht' files from upload
            17116 * Add Google Wireless Transcoder to the Unicode editing blacklist
            17190   equivalent to a whitelisted title
            17258   $wgWhitelistRead is undefined, instead of (incorrectly) honouring them
            17259 * Fixed img_auth.php file name extraction for whitelist checking
            17949 * (bug 7629) Fix $wgBrowserBlackList to avoid false positive on MSIE
            18419 * (bug 7883) Added autoblock whitelisting feature, using which specific ranges
            18421   format, in the autoblock_whitelist system message.
            18597   A more thorough blacklist for forbidden and translatable characters would
            18913 The base hostname for the DNS-based proxy blacklist can now be overridden
            18914 when $wgEnableSorbs is set, to use a different blacklist instead of SORBS.
            18915 The blacklist would need to respond the same was as SORBS; any positive
            19110   to break the blacklists for regular URLs
            19345 * (bug 7537) Add php5 to $wgFileBlacklist
            19627 * Pass login link to "whitelistedittext" containing 'returnto' parameter
            20558 * [[meta:SpamBlacklist extension|SpamBlacklist extension]] now has support for
            20872 * Blacklist additional MSIE CSS safety tricks
            20891   MIME type to the default blacklist. Prevented inline display of images
            21043 * Recognize Special:Search consistently so read whitelist works
            21348 spam-cleanup tool in the SpamBlacklist extension.
            21589   If .svg files are added to the upload whitelist, you can choose to render
            21912 * (bug 2152) Add missing bgcolor to attribute whitelist for <td> and <th>
            21952 * Only build the HTML attribute whitelist tree once.
            22001 * (bug 873) Fix usage of createaccount permission; replaces $wgWhitelistAccount
            22042 * (bug 996) Replace $wgWhitelistEdit with 'edit' permission; fixup UPGRADE
            22043   documentation about edit and read whitelists.
            22266   for browsers that hit the Unicode blacklist. Patch by plugwash.
            22361 * Blacklist additional MSIE CSS safety tricks
            22414 * Recognize Special:Search consistently so read whitelist works
            22443   MIME type to the default blacklist. Prevented inline display of images
            22559 that browser. This release blacklists several additional variants from use in
            22905 * (bug 996) Fix $wgWhitelistRead to work again
            22918 * Enhance upload extension blacklist to protect against vulnerable
            22940 * Add the dreaded <span> to the HTML whitelist
            23059 * Removed .ogg from the default uploads whitelist as an extra precaution.
            23151 * (bug 1147) add \checkmark to whitelist in texutil.ml
            23268 blacklists several additional variants from use in HTML inline style
            23399 * Removed .ogg from the default uploads whitelist as an extra precaution. If
            23424 * Enhance upload extension blacklist to protect against vulnerable Apache
            23453 * ({{bugzilla|874}}) added 'cgi' to {{wg|FileBlacklist}}
            23504 have expanded the <code>filetype</code> whitelist or disabled the strict type
            23522 enabled if in {{wg|WhitelistEdit}} mode.
            23578 * {{wg|WhitelistAccount}} no longer breaks all logins.
        img_auth.php  (1 usage found)
            168 // Checks Whitelist too
        phpunit.xml.dist  (2 usages found)
            48 <whitelist addUncoveredFilesFromWhitelist="false">
            62 </whitelist>
        RELEASE-NOTES-1.36  (7 usages found)
            19 * MediaWiki:Autoblock_whitelist has been moved to
            21   the MediaWiki:Autoblock_whitelist page.
            88 * The deprecated password policies PasswordCannotMatchBlacklist and
            89   PasswordNotInLargeBlacklist were removed. Please use
            357   - ::isDnsBlacklisted
            358   - ::inDnsBlacklist
            742 * DatabaseBlock::isWhitelistedFromAutoblocks was deprecated. Use

Event Timeline

Change 673654 had a related patch set uploaded (by Reedy; owner: Reedy):
[mediawiki/core@master] Deprecate DatabaseBlock::isExemptedFromAutoblocks

https://gerrit.wikimedia.org/r/673654

Change 673678 had a related patch set uploaded (by Mainframe98; owner: Mainframe98):
[mediawiki/core@master] Rename $wgSlaveLagWarning and $wgSlaveLagCritical

https://gerrit.wikimedia.org/r/673678

Change 673557 had a related patch set uploaded (by Jforrester; owner: Reedy):
[mediawiki/core@master] Use more neutral or alternative language

https://gerrit.wikimedia.org/r/673557

Change 673557 merged by jenkins-bot:
[mediawiki/core@master] Use more neutral or alternative language

https://gerrit.wikimedia.org/r/673557

Change 673654 merged by jenkins-bot:
[mediawiki/core@master] Deprecate DatabaseBlock::isWhitelistedFromAutoblocks

https://gerrit.wikimedia.org/r/673654

Change 673678 merged by jenkins-bot:
[mediawiki/core@master] Rename $wgSlaveLagWarning and $wgSlaveLagCritical to match DB_REPLICA

https://gerrit.wikimedia.org/r/673678

There are still two strings with "blacklist" in en.json values:

  • "spamprotectiontext": "The text you wanted to publish was blocked by the spam filter.\nThis is probably caused by a link to a blacklisted external site."
  • "specialmute-error-no-options": "Mute features are unavailable. This might be because: you haven't confirmed your email address or the wiki administrator has disabled email features and/or email blacklist for this wiki."

Are they still there because there's no consensus about the new name for Spam blacklist and Email blacklist? Or some other reason?

For the first, I don't imagine it matters, so can be changed

For the second, it does revolve around $wgEnableUserEmailBlacklist, and has a few different parts. I did do some of the renaming around that functionality in rMWd1e7b75776c4: SpecialMute: Rename blacklist to mutelist

Changing comments is cheap. Changing i18n strings is a little more involved, as it creates work for translators. So if we need to change them again we obviously can, and we should.

In this case, it's already Special:Mute, so calling it "email mute" or "email mute feature" is probably fine. A bigger issue/more of an annoyance for me there, is that the same error message is used for potentially 3 different errors, making it more complex. Will file a task about that

Change 680793 had a related patch set uploaded (by Reedy; author: Reedy):

[mediawiki/core@master] .phpcs.xml: Replace useage of whitelist in comments

https://gerrit.wikimedia.org/r/680793

Change 680795 had a related patch set uploaded (by Reedy; author: Reedy):

[mediawiki/core@master] Use some more neutral language

https://gerrit.wikimedia.org/r/680795

Change 680796 had a related patch set uploaded (by Amire80; author: Amire80):

[mediawiki/core@master] Change "blacklisted" to "forbidden" in a spam filter message

https://gerrit.wikimedia.org/r/680796

Change 680793 merged by jenkins-bot:

[mediawiki/core@master] .phpcs.xml: Replace useage of whitelist in comments

https://gerrit.wikimedia.org/r/680793

Change 680795 merged by jenkins-bot:

[mediawiki/core@master] Use some more neutral language

https://gerrit.wikimedia.org/r/680795

Change 680796 merged by jenkins-bot:

[mediawiki/core@master] Change "blacklisted" to "forbidden" in a spam filter message

https://gerrit.wikimedia.org/r/680796

Change 680806 had a related patch set uploaded (by Reedy; author: Reedy):

[mediawiki/core@master] WIP: Rename some config variables

https://gerrit.wikimedia.org/r/680806

Change 680807 had a related patch set uploaded (by Reedy; author: Reedy):

[mediawiki/core@master] Rename email-blacklist-label message

https://gerrit.wikimedia.org/r/680807

Change 680807 merged by jenkins-bot:

[mediawiki/core@master] Rename email-blacklist-label message

https://gerrit.wikimedia.org/r/680807

Change 680836 had a related patch set uploaded (by Amire80; author: Amire80):

[mediawiki/core@master] Rephrase specialmute-error-no-options

https://gerrit.wikimedia.org/r/680836

Change 681002 had a related patch set uploaded (by Amire80; author: Amire80):

[mediawiki/core@master] Rephrase apihelp-main-param-origin

https://gerrit.wikimedia.org/r/681002

Change 680836 merged by jenkins-bot:

[mediawiki/core@master] Rephrase specialmute-error-no-options

https://gerrit.wikimedia.org/r/680836

Change 681002 merged by jenkins-bot:

[mediawiki/core@master] Rephrase apihelp-main-param-origin

https://gerrit.wikimedia.org/r/681002

Sorry if this is the wrong venue to voice this: so, for $wgWhitelistRead, what will be the phase-out process look like? Is there a proposed name for it like $wgAllowlistRead? And I would assume $wgWhitelistRead would be deprecated for a few versions of MediaWiki too. Same question goes for the rest of the LocalSettings.php config options which aren't simple internal core fixes.

Sorry if this is the wrong venue to voice this: so, for $wgWhitelistRead, what will be the phase-out process look like? Is there a proposed name for it like $wgAllowlistRead? And I would assume $wgWhitelistRead would be deprecated for a few versions of MediaWiki too. Same question goes for the rest of the LocalSettings.php config options which aren't simple internal core fixes.

https://www.mediawiki.org/wiki/Stable_interface_policy

TLDR is something like, in the release (ie stable tarball) after it's "hard deprecated" (which is a little more difficult with config variables), it is eligible to be removed for good.

Change 687231 had a related patch set uploaded (by Jforrester; author: Jforrester):

[mediawiki/core@master] DatabaseBlock::isExemptedFromAutoblocks: Drop fallback message load

https://gerrit.wikimedia.org/r/687231

Change 687232 had a related patch set uploaded (by Jforrester; author: Jforrester):

[mediawiki/core@master] DatabaseBlock: Hard-deprecate calls to isWhitelistedFromAutoblocks()

https://gerrit.wikimedia.org/r/687232

Change 687231 merged by jenkins-bot:

[mediawiki/core@master] DatabaseBlock::isExemptedFromAutoblocks: Drop fallback message load

https://gerrit.wikimedia.org/r/687231

Change 687232 merged by jenkins-bot:

[mediawiki/core@master] DatabaseBlock: Hard-deprecate calls to isWhitelistedFromAutoblocks()

https://gerrit.wikimedia.org/r/687232