Targets
Occurrences of '(white|black)[ \-]?list' in Selected files & directories
Found Occurrences (464 usages found)
core (464 usages found)
docs (2 usages found)
extension.schema.v2.json (2 usages found)
568 "ChangeCredentialsBlacklist": {
572 "RemoveCredentialsBlacklist": {
includes (243 usages found)
api (19 usages found)
i18n (3 usages found)
en.json (1 usage found)
23 Origin</code> header and the origin is whitelisted, the <code>Access-Control-Allow-Origin</code> and <code>Access-Control-Allow-Credentials</code> headers
pt-br.json (1 usage found)
37 Origin</code> e a origem for permitida (''whitelisted''), os cabeçalhos <code>Access-Control-Allow-Origin</code> e <code>Access-Control-Allow-Credentials
pt.json (1 usage found)
30 Origin</code> e a origem for permitida (''white-listed'') os cabeçalhos <code>Access-Control-Allow-Origin</code> e <code>Access-Control-Allow-Credentials
ApiAuthManagerHelper.php (1 usage found)
131 public static function blacklistAuthenticationRequests( array $reqs, array $remove ) {
ApiChangeAuthenticationData.php (2 usages found)
49 $reqs = ApiAuthManagerHelper::blacklistAuthenticationRequests(
51 $this->getConfig()->get( 'ChangeCredentialsBlacklist' )
ApiClientLogin.php (1 usage found)
98 $res->neededRequests = ApiAuthManagerHelper::blacklistAuthenticationRequests(
ApiQueryAuthManagerInfo.php (5 usages found)
74 // Filter out blacklisted requests, depending on the action
77 $reqs = ApiAuthManagerHelper::blacklistAuthenticationRequests(
78 $reqs, $this->getConfig()->get( 'ChangeCredentialsBlacklist' )
82 $reqs = ApiAuthManagerHelper::blacklistAuthenticationRequests(
83 $reqs, $this->getConfig()->get( 'RemoveCredentialsBlacklist' )
ApiQuerySiteinfo.php (1 usage found)
169 $data['imagewhitelistenabled'] = (bool)$config->get( 'EnableImageWhitelist' );
ApiRemoveAuthenticationData.php (1 usage found)
63 ? array_flip( $this->getConfig()->get( 'RemoveCredentialsBlacklist' ) )
ApiUpload.php (5 usages found)
669 if ( isset( $verification['blacklistedExt'] ) ) {
670 $msg[1] = Message::listParam( $verification['blacklistedExt'], 'comma' );
671 $msg[4] = count( $verification['blacklistedExt'] );
672 $extradata['blacklisted'] = array_values( $verification['blacklistedExt'] );
673 ApiResult::setIndexedTagName( $extradata['blacklisted'], 'ext' );
auth (7 usages found)
AuthManager.php (7 usages found)
1066 if ( $this->blockManager->isDnsBlacklisted( $ip, true /* check $wgProxyWhitelist */ ) ) {
1651 if ( $session->get( 'AuthManager::AutoCreateBlacklist' ) ) {
1652 $this->logger->debug( __METHOD__ . ': blacklisted in session {sessionid}', [
1658 $reason = $session->get( 'AuthManager::AutoCreateBlacklist' );
1671 $session->set( 'AuthManager::AutoCreateBlacklist', 'noname' );
1686 $session->set( 'AuthManager::AutoCreateBlacklist', 'authmanager-autocreate-noperm' );
1721 $session->set( 'AuthManager::AutoCreateBlacklist', $status );
block (24 usages found)
AbstractBlock.php (1 usage found)
276 * may be blacklisted or whitelisted, or determined from a
BlockManager.php (18 usages found)
60 'DnsBlacklistUrls',
61 'EnableDnsBlacklist',
63 'ProxyWhitelist',
208 if ( !in_array( $ip, $this->options->get( 'ProxyWhitelist' ) ) ) {
216 } elseif ( $isAnon && $this->isDnsBlacklisted( $ip ) ) {
238 && !in_array( $ip, $this->options->get( 'ProxyWhitelist' ) )
363 * Whether the given IP is in a DNS blacklist.
366 * @param bool $checkAllowed Whether to check $wgProxyWhitelist first
367 * @return bool True if blacklisted.
369 public function isDnsBlacklisted( $ip, $checkAllowed = false ) {
370 if ( !$this->options->get( 'EnableDnsBlacklist' ) ||
371 ( $checkAllowed && in_array( $ip, $this->options->get( 'ProxyWhitelist' ) ) )
376 return $this->inDnsBlacklist( $ip, $this->options->get( 'DnsBlacklistUrls' ) );
380 * Whether the given IP is in a given DNS blacklist.
383 * @param string[] $bases URL of the DNS blacklist
384 * @return bool True if blacklisted.
386 private function inDnsBlacklist( $ip, array $bases ) {
436 * @return string[]|bool IPv4 array, or false if the IP is not blacklisted
DatabaseBlock.php (2 usages found)
548 public static function isWhitelistedFromAutoblocks( $ip ) {
574 . "\n" . wfMessage( 'autoblock_whitelist' )->inContentLanguage()->plain()
SystemBlock.php (3 usages found)
27 * from IP blacklists) and are not saved to the database. The target of a
60 * - 'proxy': the IP is blacklisted in $wgProxyList
61 * - 'dnsbl': the IP is associated with a blacklisted domain in $wgDnsBlacklistUrls
composer (6 usages found)
ComposerPhpunitXmlCoverageEdit.php (6 usages found)
41 $whitelist = iterator_to_array( $phpunitXml->getElementsByTagName( 'whitelist' ) );
43 foreach ( $whitelist as $childNode ) {
46 $whitelistElement = $phpunitXml->createElement( 'whitelist' );
47 $whitelistElement->setAttribute( 'addUncoveredFilesFromWhitelist', 'false' );
52 $whitelistElement->appendChild( $dirElement );
56 ->appendChild( $whitelistElement );
gallery (2 usages found)
ImageGalleryBase.php (1 usage found)
77 * @var bool Hide blacklisted images?
TraditionalImageGallery.php (1 usage found)
121 # The image is blacklisted, just show it as a text link.
HookContainer (4 usages found)
HookRunner.php (4 usages found)
482 \MediaWiki\Permissions\Hook\TitleReadWhitelistHook,
4039 public function onTitleReadWhitelist( $title, $user, &$whitelisted ) {
4041 'TitleReadWhitelist',
4042 [ $title, $user, &$whitelisted ]
jobqueue (5 usages found)
JobQueueFederated.php (1 usage found)
292 unset( $partitionsTry[$partition] ); // blacklist partition
JobRunner.php (4 usages found)
221 $blacklist = $throttle ? array_keys( $backoffs ) : [];
227 ->pop( JobQueueGroup::TYPE_DEFAULT, JobQueueGroup::USE_CACHE, $blacklist );
230 // that type of job is currently rate-limited by the back-off blacklist
231 $job = in_array( $type, $blacklist ) ? false : $this->jobQueueGroup->pop( $type );
libs (2 usages found)
mime (1 usage found)
XmlTypeCheck.php (1 usage found)
414 * We whitelist an extremely restricted subset of DTD features.
Cookie.php (1 usage found)
77 * A better method might be to use a blacklist like
page (1 usage found)
Article.php (1 usage found)
492 # Another whitelist check in case getOldID() is altering the title
pager (1 usage found)
TablePager.php (1 usage found)
408 * blacklist, passed in the $blacklist parameter.
parser (14 usages found)
Parser.php (6 usages found)
2314 * option, through the exception, or through the on-wiki whitelist
2347 if ( !$text && $this->mOptions->getEnableImageWhitelist()
2350 $whitelist = explode(
2352 wfMessage( 'external_image_whitelist' )->inContentLanguage()->text()
2355 foreach ( $whitelist as $entry ) {
2362 # Image matches a whitelist entry
ParserOptions.php (8 usages found)
299 * Use the on-wiki external image whitelist?
302 public function getEnableImageWhitelist() {
303 return $this->getOption( 'enableImageWhitelist' );
307 * Use the on-wiki external image whitelist?
313 public function setEnableImageWhitelist( $x ) {
315 return $this->setOptionLegacy( 'enableImageWhitelist', $x );
1244 $wgAllowExternalImagesFrom, $wgEnableImageWhitelist, $wgAllowSpecialInclusion,
1293 'enableImageWhitelist' => $wgEnableImageWhitelist,
Permissions (22 usages found)
Hook (5 usages found)
TitleReadWhitelistHook.php (5 usages found)
10 * Use the hook name "TitleReadWhitelist" to register handlers implementing this interface.
15 interface TitleReadWhitelistHook {
24 * @param bool &$whitelisted Whether this title is whitelisted
25 * @return bool|void True or no return value to continue, or false to *not* whitelist
28 public function onTitleReadWhitelist( $title, $user, &$whitelisted );
PermissionManager.php (17 usages found)
66 'WhitelistRead',
67 'WhitelistReadRegexp',
571 $whiteListRead = $this->options->get( 'WhitelistRead' );
589 } elseif ( is_array( $whiteListRead ) && count( $whiteListRead ) ) {
590 # Time to check the whitelist
595 // Check for explicit whitelisting with and without underscores
596 if ( in_array( $name, $whiteListRead, true )
597 || in_array( $dbName, $whiteListRead, true ) ) {
602 if ( in_array( ':' . $name, $whiteListRead ) ) {
612 if ( in_array( $pure, $whiteListRead, true ) ) {
619 $whitelistReadRegexp = $this->options->get( 'WhitelistReadRegexp' );
620 if ( !$allowed && is_array( $whitelistReadRegexp )
621 && !empty( $whitelistReadRegexp ) ) {
623 // Check for regex whitelisting
624 foreach ( $whitelistReadRegexp as $listItem ) {
633 # If the title is not whitelisted, give extensions a chance to do so...
634 $this->hookRunner->onTitleReadWhitelist( $title, $user, $allowed );
preferences (8 usages found)
DefaultPreferencesFactory.php (7 usages found)
111 'EnableUserEmailBlacklist',
174 public function getSaveBlacklist() {
238 if ( $disable && !in_array( $name, $this->getSaveBlacklist() ) ) {
753 if ( $this->options->get( 'EnableUserEmailBlacklist' ) ) {
754 $defaultPreferences['email-blacklist'] = [
756 'label-message' => 'email-blacklist-label',
1784 foreach ( $this->getSaveBlacklist() as $b ) {
PreferencesFactory.php (1 usage found)
85 public function getSaveBlacklist();
registration (4 usages found)
ExtensionProcessor.php (4 usages found)
22 'ChangeCredentialsBlacklist',
51 'RemoveCredentialsBlacklist',
252 // Only whitelisted attributes are set
261 // If it's not blacklisted, it's an attribute
session (1 usage found)
SessionProvider.php (1 usage found)
404 * occurring in the future. This might add the username to a blacklist, or
shell (25 usages found)
Command.php (3 usages found)
201 * whitelisted will be available to the shell command.
203 * limit.sh will always be whitelisted
209 public function whitelistPaths( array $paths ): Command {
firejail.profile (22 usages found)
22 blacklist /sbin
23 blacklist /usr/sbin
24 blacklist /usr/local/sbin
26 # Blacklist /run which typically contains many exploitable UNIX sockets. But
27 # don't blacklist /run/firejail which firejail needs. Using a glob means that
29 # the noblacklist directive to work. (T262364)
30 noblacklist /run/firejail
31 blacklist /run/*
34 blacklist /etc/shadow
35 blacklist /etc/ssh
36 blacklist /root
39 blacklist ${PATH}/umount
40 blacklist ${PATH}/mount
41 blacklist ${PATH}/fusermount
42 blacklist ${PATH}/su
43 blacklist ${PATH}/sudo
44 blacklist ${PATH}/xinput
45 blacklist ${PATH}/evtest
46 blacklist ${PATH}/xev
47 blacklist ${PATH}/strace
48 blacklist ${PATH}/nc
49 blacklist ${PATH}/ncat
specialpage (3 usages found)
AuthManagerSpecialPage.php (3 usages found)
232 * Allows blacklisting certain request types.
236 protected function getRequestBlacklist() {
277 return !in_array( get_class( $req ), $this->getRequestBlacklist(), true );
specials (20 usages found)
forms (1 usage found)
UploadForm.php (1 usage found)
264 $prohibitedExtensions = array_unique( $config->get( 'FileBlacklist' ) );
SpecialChangeCredentials.php (2 usages found)
285 protected function getRequestBlacklist() {
286 return $this->getConfig()->get( 'ChangeCredentialsBlacklist' );
SpecialEmailUser.php (1 usage found)
243 $muteList = $target->getOption( 'email-blacklist', '' );
SpecialLinkAccounts.php (2 usages found)
33 protected function getRequestBlacklist() {
34 return $this->getConfig()->get( 'ChangeCredentialsBlacklist' );
SpecialMute.php (5 usages found)
164 * @param string $userOption up_property key that holds the blacklist
200 $config->get( 'EnableUserEmailBlacklist' ) &&
204 $fields['email-blacklist'] = [
210 'default' => $this->isTargetMuted( 'email-blacklist' ),
254 public function isTargetBlacklisted( $userOption ) {
SpecialRemoveCredentials.php (2 usages found)
27 protected function getRequestBlacklist() {
28 return $this->getConfig()->get( 'RemoveCredentialsBlacklist' );
SpecialShortPages.php (1 usage found)
66 $config->get( 'ShortPagesNamespaceBlacklist' )
SpecialUnlinkAccounts.php (2 usages found)
38 protected function getRequestBlacklist() {
39 return $this->getConfig()->get( 'RemoveCredentialsBlacklist' );
SpecialUpload.php (4 usages found)
758 if ( isset( $details['blacklistedExt'] ) ) {
759 $msg->params( $this->getLanguage()->commaList( $details['blacklistedExt'] ) );
770 if ( isset( $details['blacklistedExt'] ) ) {
771 $msg->params( count( $details['blacklistedExt'] ) );
upload (29 usages found)
UploadBase.php (25 usages found)
79 protected $mBlackListedExtensions;
361 * - 'blacklistedExt': set to the list of blacklisted file extensions if the current file extension
362 * is not allowed for uploads and the blacklist is not empty
425 if ( count( $this->mBlackListedExtensions ) ) {
426 $result['blacklistedExt'] = $this->mBlackListedExtensions;
450 global $wgMimeTypeBlacklist;
451 if ( $this->checkFileExtension( $mime, $wgMimeTypeBlacklist ) ) {
466 if ( $this->checkFileExtension( $ieType, $wgMimeTypeBlacklist ) ) {
540 * Runs the blacklist checks, but not any checks that may
1033 * We'll want to blacklist against *any* 'extension', and use
1034 * only the final one for the whitelist.
1065 /* Don't allow users to override the blacklist (check file extension) */
1067 global $wgFileExtensions, $wgFileBlacklist;
1069 $blackListedExtensions = $this->checkFileExtensionList( $ext, $wgFileBlacklist );
1076 } elseif ( $blackListedExtensions ||
1080 $this->mBlackListedExtensions = $blackListedExtensions;
1245 * scripts, so the blacklist needs to check them all.
1449 * Check a whitelist of xml encodings that are known not to be interpreted differently
1482 // detect the encoding in case is specifies an encoding not whitelisted in self::$safeXmlEncodings
1586 * @todo Replace this with a whitelist filter!
1727 wfDebug( __METHOD__ . ": Found href to unwhitelisted data: uri "
2129 foreach ( self::getFilenamePrefixBlacklist() as $prefix ) {
2159 * Get a list of blacklisted filename prefixes from [[MediaWiki:Filename-prefix-blacklist]]
2163 public static function getFilenamePrefixBlacklist() {
2165 $message = wfMessage( 'filename-prefix-blacklist' )->inContentLanguage();
UploadFromUrl.php (2 usages found)
71 * The domains in the whitelist can include wildcard characters (*) in place
88 // See if the domain for the upload matches this whitelisted domain
UploadStash.php (2 usages found)
479 global $wgFileBlacklist;
493 if ( in_array( $extension, $wgFileBlacklist ) ) {
user (1 usage found)
UserOptionsManager.php (1 usage found)
315 $specialOptions = array_fill_keys( $preferencesFactory->getSaveBlacklist(), true );
ContentSecurityPolicy.php (5 usages found)
246 // A future todo might be to make the whitelist options only
247 // add all the whitelisted sites to the header, instead of
256 } elseif ( $mwConfig->get( 'EnableImageWhitelist' ) ) {
257 $whitelist = wfMessage( 'external_image_whitelist' )
260 if ( preg_match( '/^\s*[^\s#]/m', $whitelist ) ) {
DefaultSettings.php (29 usages found)
1090 $wgFileBlacklist = [
1105 $wgMimeTypeBlacklist = [
1853 * Set to true to enable user-to-user e-mail blacklist.
1857 $wgEnableUserEmailBlacklist = false;
4670 * Optional array of namespaces which should be blacklisted from Special:ShortPages
4671 * Only pages inside $wgContentNamespaces but not $wgShortPagesNamespaceBlacklist will
4675 $wgShortPagesNamespaceBlacklist = [];
4897 * Set this to true to enable the on-wiki allow list (MediaWiki:External image whitelist)
4902 $wgEnableImageWhitelist = false;
5430 $wgChangeCredentialsBlacklist = [
5443 $wgRemoveCredentialsBlacklist = [
5610 'msg:sorbs', // For $wgEnableDnsBlacklist etc.
5815 * $wgWhitelistRead = [ "Main Page", "Wikipedia:Help" ];
5827 * @note Extensions should not modify this, but use the TitleReadWhitelist
5830 $wgWhitelistRead = false;
5839 * To whitelist [[Main Page]]:
5841 * $wgWhitelistReadRegexp = [ "/Main Page/" ];
5851 * $wgWhitelistReadRegexp = [ "@^UsEr.*@i" ];
5858 $wgWhitelistReadRegexp = false;
5894 * This replaces $wgWhitelistAccount and $wgWhitelistEdit
6376 * Whether to use DNS blacklists in $wgDnsBlacklistUrls to check for open
6380 $wgEnableDnsBlacklist = false;
6383 * List of DNS blacklists to use, if $wgEnableDnsBlacklist is true.
6386 * the blacklist require a key).
6390 * $wgDnsBlacklistUrls = [
6405 $wgDnsBlacklistUrls = [ 'http.dnsbl.sorbs.net.' ];
6418 * Proxy whitelist, list of addresses that are assumed to be non-proxy despite
6421 $wgProxyWhitelist = [];
9441 /* MediaWiki whitelist */
GitInfo.php (1 usage found)
254 ->whitelistPaths( [ $gitDir, $this->repoDir ] )
GlobalFunctions.php (1 usage found)
1475 # @todo FIXME: We may want to blacklist some broken browsers
OutputPage.php (1 usage found)
2762 $msg = 'whitelistedittext';
Setup.php (2 usages found)
249 // Blacklisted file extensions shouldn't appear on the "allowed" list
250 $wgFileExtensions = array_values( array_diff( $wgFileExtensions, $wgFileBlacklist ) );
StreamFile.php (4 usages found)
105 global $wgFileBlacklist, $wgCheckFileExtensions, $wgStrictFileExtensions,
106 $wgFileExtensions, $wgVerifyMimeType, $wgMimeTypeBlacklist;
108 if ( UploadBase::checkFileExtensionList( $extList, $wgFileBlacklist ) ) {
116 if ( $wgVerifyMimeType && in_array( strtolower( $type ), $wgMimeTypeBlacklist ) ) {
WebRequest.php (2 usages found)
1169 * @param array $extWhitelist
1172 public function checkUrlExtension( $extWhitelist = [] ) {
tests (82 usages found)
phpunit (82 usages found)
includes (73 usages found)
auth (18 usages found)
AuthManagerTest.php (18 usages found)
1570 'wgEnableDnsBlacklist' => true,
1571 'wgDnsBlacklistUrls' => [
1574 'wgProxyWhitelist' => [],
1580 $this->setMwGlobals( 'wgProxyWhitelist', [ '127.0.0.1' ] );
2604 // Session blacklisted
2606 $session->set( 'AuthManager::AutoCreateBlacklist', 'test' );
2616 [ LogLevel::DEBUG, 'blacklisted in session {sessionid}' ],
2621 $session->set( 'AuthManager::AutoCreateBlacklist', StatusValue::newFatal( 'test2' ) );
2631 [ LogLevel::DEBUG, 'blacklisted in session {sessionid}' ],
2649 $this->assertSame( 'noname', $session->get( 'AuthManager::AutoCreateBlacklist' ) );
2669 'authmanager-autocreate-noperm', $session->get( 'AuthManager::AutoCreateBlacklist' )
2741 StatusValue::newFatal( 'fail-in-pre' ), $session->get( 'AuthManager::AutoCreateBlacklist' )
2758 StatusValue::newFatal( 'fail-in-primary' ), $session->get( 'AuthManager::AutoCreateBlacklist' )
2775 StatusValue::newFatal( 'fail-in-secondary' ), $session->get( 'AuthManager::AutoCreateBlacklist' )
2795 $this->assertSame( null, $session->get( 'AuthManager::AutoCreateBlacklist' ) );
2815 $this->assertSame( null, $session->get( 'AuthManager::AutoCreateBlacklist' ) );
2840 $this->assertSame( null, $session->get( 'AuthManager::AutoCreateBlacklist' ) );
2869 $this->assertSame( null, $session->get( 'AuthManager::AutoCreateBlacklist' ) );
block (40 usages found)
BlockManagerTest.php (40 usages found)
34 'wgDnsBlacklistUrls' => [],
35 'wgEnableDnsBlacklist' => true,
37 'wgProxyWhitelist' => [],
273 * @dataProvider provideIsDnsBlacklisted
274 * @covers ::isDnsBlacklisted
275 * @covers ::inDnsBlacklist
277 public function testIsDnsBlacklisted( $options, $expected ) {
279 'wgEnableDnsBlacklist' => true,
280 'wgDnsBlacklistUrls' => $options['blacklist'],
281 'wgProxyWhitelist' => $options['whitelist'],
296 $blockManager->isDnsBlacklisted( $options['ip'], $options['checkWhitelist'] )
300 public static function provideIsDnsBlacklisted() {
304 'IP is blacklisted' => [
306 'blacklist' => [ 'dnsbl.test' ],
310 'whitelist' => [],
311 'checkWhitelist' => false,
315 'IP is blacklisted; blacklist has key' => [
317 'blacklist' => [ [ 'dnsbl.test', 'key' ] ],
321 'whitelist' => [],
322 'checkWhitelist' => false,
326 'IP is blacklisted; blacklist is array' => [
328 'blacklist' => [ [ 'dnsbl.test' ] ],
332 'whitelist' => [],
333 'checkWhitelist' => false,
337 'IP is not blacklisted' => [
339 'blacklist' => [ 'dnsbl.test' ],
343 'whitelist' => [],
344 'checkWhitelist' => false,
348 'Blacklist is empty' => [
350 'blacklist' => [],
354 'whitelist' => [],
355 'checkWhitelist' => false,
359 'IP is blacklisted and whitelisted; whitelist is not checked' => [
361 'blacklist' => [ 'dnsbl.test' ],
365 'whitelist' => [ '127.0.0.1' ],
366 'checkWhitelist' => false,
370 'IP is blacklisted and whitelisted; whitelist is checked' => [
372 'blacklist' => [ 'dnsbl.test' ],
376 'whitelist' => [ '127.0.0.1' ],
377 'checkWhitelist' => true,
password (1 usage found)
UserPasswordPolicyTest.php (1 usage found)
85 'PasswordCannotMatchBlacklist' => true,
specials (13 usages found)
SpecialMuteTest.php (11 usages found)
19 'wgEnableUserEmailBlacklist' => true
48 public function testEmailBlacklistNotEnabled() {
55 'wgEnableUserEmailBlacklist' => false
77 public function testMuteAddsUserToEmailBlacklist() {
85 $this->userOptionsManager->setOption( $loggedInUser, 'email-blacklist', "999" );
89 $fauxRequest = new FauxRequest( [ 'wpemail-blacklist' => true ], true );
97 $this->userOptionsManager->getOption( $loggedInUser, 'email-blacklist' )
104 public function testUnmuteRemovesUserFromEmailBlacklist() {
112 $this->userOptionsManager->setOption( $loggedInUser, 'email-blacklist', "999\n" . $targetUser->getId() );
116 $fauxRequest = new FauxRequest( [ 'wpemail-blacklist' => false ], true );
122 $this->assertSame( "999", $this->userOptionsManager->getOption( $loggedInUser, 'email-blacklist' ) );
SpecialShortPagesTest.php (2 usages found)
18 public function testGetQueryInfoRespectsContentNS( $contentNS, $blacklistNS, $expectedNS ) {
20 'wgShortPagesNamespaceBlacklist' => $blacklistNS,
ContentSecurityPolicyTest.php (1 usage found)
19 'wgEnableImageWhitelist' => false,
unit (7 usages found)
includes (7 usages found)
Permissions (2 usages found)
PermissionManagerTest.php (2 usages found)
35 'WhitelistRead' => false,
36 'WhitelistReadRegexp' => false,
BadFileLookupTest.php (5 usages found)
177 'Context page not whitelisted' =>
180 'Whitelisted context page' =>
184 'Bad image with Image: in blacklist' => [ 'Bad2.jpg', null, true ],
185 'Bad image without prefix in blacklist' => [ 'Bad3.jpg', null, true ],
186 'Bad image with different namespace in blacklist' => [ 'Bad4.jpg', null, true ],
suite.xml (2 usages found)
67 <whitelist addUncoveredFilesFromWhitelist="true">
77 </whitelist>
.phpcs.xml (8 usages found)
73 Whitelist existing violations, but enable the sniff to prevent
119 Whitelist existing violations, but enable the sniff to prevent
166 Whitelist existing violations, but enable the sniff to prevent
191 Whitelist existing violations, but enable the sniff to prevent
200 Whitelist existing violations, but enable the sniff to prevent
210 Whitelist existing violations, but enable the sniff to prevent
223 Whitelist existing violations, but enable the sniff to prevent
231 Whitelist existing violations, but enable the sniff to prevent
HISTORY (119 usages found)
222 * (T262364) shell: Don't blacklist /run/firejail.
495 * (T204618) Whitelisted the aria-hidden HTML attribute for all elements in
606 * Replaced wikimedia/password-blacklist 0.1.4 with wikimedia/common-passwords
854 * Sanitizer::setupAttributeWhitelist() and Sanitizer::attributeWhitelist(),
1004 * The deprecated $blacklist parameter to wfIsBadImage() has been removed.
1182 and ::setEnableImageWhitelist() have been deprecated. Future parsers
1937 $wgPasswordPolicy['policies']['default']['PasswordNotInLargeBlacklist'] = false;
2376 * User::isLocallyBlockedProxy and User::inDnsBlacklist are deprecated and moved
2378 * User::isDnsBlacklisted is deprecated. Use BlockManager::isDnsBlacklisted
2431 * Sanitizer::attributeWhitelist() and Sanitizer::setupAttributeWhitelist()
2702 password is not in the large blacklist. This is enabled by default for the
2704 this for other user groups, set the `PasswordNotInLargeBlacklist` flag `true`.
2776 * Added wikimedia/password-blacklist 0.1.4.
2919 * getSaveBlacklist()
3062 follow best practices, it is reccommended to use 'PasswordNotInLargeBlacklist'
3063 instead which blacklists 100,000 commonly used passwords.
3219 * (T208881) SECURITY: blacklist CSS var().
3326 * $wgEnableImageWhitelist is now disabled by default, as it opens up a hole for
3328 "MediaWiki:External image whitelist" on your wiki to see whether the feature
3335 * $wgBrowserBlacklist – This setting, deprecated in 1.30, was removed.
3462 * (T198935) User list preferences such as `email-blacklist` and similar
4262 * (T208881) SECURITY: blacklist CSS var().
4822 * (T208881) SECURITY: blacklist CSS var().
4947 $wgEnableUserEmailBlacklist to true.
4948 * (T67297) $wgBrowserBlacklist is deprecated, and changing it will have no
5213 The SpamBlacklist and PdfHandler extensions were missing from the generated
5328 * (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file
5641 * (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file
6026 * (T208881) SECURITY: blacklist CSS var().
6150 * (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file
6378 * Whitelisted the following HTML attributes for all elements in wikitext:
6419 ** Two new globals, $wgChangeCredentialsBlacklist and
6420 $wgRemoveCredentialsBlacklist can be used to prevent the web UI and the API
8572 * (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file
8849 * $wgHttpOnlyBlacklist has been removed.
9417 * (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted
9419 the namespace name if they use a non- whitelisted namespace.
9478 have been whitelisted inside of $wgUrlProtocols.
9538 * (bug 44525) mediawiki.jqueryMsg can now parse (whitelisted) HTML elements and
9669 uploads by URL, useful for blacklisting specific URLs
10062 * (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted
10065 non-whitelisted namespace.
10164 * The HTML5 <mark> tag has been whitelisted.
10205 * Added $wgWhitelistReadRegexp for regex whitelisting.
10459 * BREAKING CHANGE: (bug 38244) Removed the mediawiki.api.titleblacklist module
10460 and moved it to the TitleBlacklist extension.
10499 * (bug 47304) SECURITY: Check SVG xml encoding against whitelist
10680 API upload errors due to the file extension blacklist.
10904 * (bug 11142) Improve file extension blacklist error reporting in API upload.
11079 * (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted
11081 the namespace name if they use a non- whitelisted namespace.
11140 * (bug 47304) SECURITY: Check SVG xml encoding against whitelist
11216 * Expanded Blacklist for SVG Files
11240 * (bug 35303) Proxy and DNS blacklist blocking works again
11269 * $wgDnsBlacklistUrls now accepts an array with url and key as the
11644 * Expanded Blacklist for SVG Files
12030 * (bug 18372) File types blacklisted by $wgFileBlacklist will no longer be shown
12071 extensions is blacklisted now gives the proper extension in the error message.
12503 * Expanded Blacklist for SVG Files
12746 * (bug 671) The <dfn>, <kbd> and <samp> elements have been whitelisted in user
12817 * Added $wgAllowImageTag, which can be set to true to whitelist the <img> tag
13084 * (bug 18372) File types blacklisted by $wgFileBlacklist will no longer be shown
13521 to $wgDnsBlacklistUrls (backward compatibility kept)
13530 * $wgEnableSorbs renamed to $wgDnsBlacklistUrls ($wgEnableSorbs kept for
13712 * Added $wgRateLimitsExcludedIPs, to allow specific IPs to be whitelisted from
13918 * (bug 19355) Added .xhtml, .xht to upload file extension blacklist
14509 * Added $wgRateLimitsExcludedIPs, to allow specific IPs to be whitelisted from
14833 * Introduced $wgEnableImageWhitelist to toggle the on-wiki external image
14834 whitelist on or off.
14932 * Added an on-wiki external image whitelist. Items in this whitelist are
15188 * Blacklist redirects via Special:Filepath, hard to use.
15488 * Blacklist redirects via Special:Filepath. Such redirects exacerbate any
15861 * (bug 13905) Blacklist Mac IE from HttpOnly cookies; it eats them sometimes
16155 * Blacklist redirects via Special:Filepath. Such redirects exacerbate any XSS
16398 * Fixed notice when accessing special page without read permission and whitelist
16471 * If restricted read access was enabled, whitelist didn't work with special
16937 * (bug 8989) Blacklist 'mhtml' and 'mht' files from upload
17116 * Add Google Wireless Transcoder to the Unicode editing blacklist
17190 equivalent to a whitelisted title
17258 $wgWhitelistRead is undefined, instead of (incorrectly) honouring them
17259 * Fixed img_auth.php file name extraction for whitelist checking
17949 * (bug 7629) Fix $wgBrowserBlackList to avoid false positive on MSIE
18419 * (bug 7883) Added autoblock whitelisting feature, using which specific ranges
18421 format, in the autoblock_whitelist system message.
18597 A more thorough blacklist for forbidden and translatable characters would
18913 The base hostname for the DNS-based proxy blacklist can now be overridden
18914 when $wgEnableSorbs is set, to use a different blacklist instead of SORBS.
18915 The blacklist would need to respond the same was as SORBS; any positive
19110 to break the blacklists for regular URLs
19345 * (bug 7537) Add php5 to $wgFileBlacklist
19627 * Pass login link to "whitelistedittext" containing 'returnto' parameter
20558 * [[meta:SpamBlacklist extension|SpamBlacklist extension]] now has support for
20872 * Blacklist additional MSIE CSS safety tricks
20891 MIME type to the default blacklist. Prevented inline display of images
21043 * Recognize Special:Search consistently so read whitelist works
21348 spam-cleanup tool in the SpamBlacklist extension.
21589 If .svg files are added to the upload whitelist, you can choose to render
21912 * (bug 2152) Add missing bgcolor to attribute whitelist for <td> and <th>
21952 * Only build the HTML attribute whitelist tree once.
22001 * (bug 873) Fix usage of createaccount permission; replaces $wgWhitelistAccount
22042 * (bug 996) Replace $wgWhitelistEdit with 'edit' permission; fixup UPGRADE
22043 documentation about edit and read whitelists.
22266 for browsers that hit the Unicode blacklist. Patch by plugwash.
22361 * Blacklist additional MSIE CSS safety tricks
22414 * Recognize Special:Search consistently so read whitelist works
22443 MIME type to the default blacklist. Prevented inline display of images
22559 that browser. This release blacklists several additional variants from use in
22905 * (bug 996) Fix $wgWhitelistRead to work again
22918 * Enhance upload extension blacklist to protect against vulnerable
22940 * Add the dreaded <span> to the HTML whitelist
23059 * Removed .ogg from the default uploads whitelist as an extra precaution.
23151 * (bug 1147) add \checkmark to whitelist in texutil.ml
23268 blacklists several additional variants from use in HTML inline style
23399 * Removed .ogg from the default uploads whitelist as an extra precaution. If
23424 * Enhance upload extension blacklist to protect against vulnerable Apache
23453 * ({{bugzilla|874}}) added 'cgi' to {{wg|FileBlacklist}}
23504 have expanded the <code>filetype</code> whitelist or disabled the strict type
23522 enabled if in {{wg|WhitelistEdit}} mode.
23578 * {{wg|WhitelistAccount}} no longer breaks all logins.
img_auth.php (1 usage found)
168 // Checks Whitelist too
phpunit.xml.dist (2 usages found)
48 <whitelist addUncoveredFilesFromWhitelist="false">
62 </whitelist>
RELEASE-NOTES-1.36 (7 usages found)
19 * MediaWiki:Autoblock_whitelist has been moved to
21 the MediaWiki:Autoblock_whitelist page.
88 * The deprecated password policies PasswordCannotMatchBlacklist and
89 PasswordNotInLargeBlacklist were removed. Please use
357 - ::isDnsBlacklisted
358 - ::inDnsBlacklist
742 * DatabaseBlock::isWhitelistedFromAutoblocks was deprecated. UseDescription
Description
Details
Details
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | None | T254646 Reconsidering how we name things | |||
| Stalled | None | T277943 Address Voice and Tone issues in GlobalPreferences | |||
| Open | None | T277987 Address Voice and Tone issues in MediaWiki Core | |||
| Open | None | T254803 Rename or deprecate $wgEnableImageWhitelist (and related code) | |||
| Open | None | T280470 Renaming 'email-blacklist' preference | |||
| Resolved | None | T282894 Rename …master methods in ILoadBalancer to …primary |
Event Timeline
Comment Actions
Change 673654 had a related patch set uploaded (by Reedy; owner: Reedy):
[mediawiki/core@master] Deprecate DatabaseBlock::isExemptedFromAutoblocks
Comment Actions
Change 673678 had a related patch set uploaded (by Mainframe98; owner: Mainframe98):
[mediawiki/core@master] Rename $wgSlaveLagWarning and $wgSlaveLagCritical
Comment Actions
Change 673557 had a related patch set uploaded (by Jforrester; owner: Reedy):
[mediawiki/core@master] Use more neutral or alternative language
Comment Actions
Change 673557 merged by jenkins-bot:
[mediawiki/core@master] Use more neutral or alternative language
Comment Actions
Change 673654 merged by jenkins-bot:
[mediawiki/core@master] Deprecate DatabaseBlock::isWhitelistedFromAutoblocks
Comment Actions
Change 673678 merged by jenkins-bot:
[mediawiki/core@master] Rename $wgSlaveLagWarning and $wgSlaveLagCritical to match DB_REPLICA
Comment Actions
There are still two strings with "blacklist" in en.json values:
- "spamprotectiontext": "The text you wanted to publish was blocked by the spam filter.\nThis is probably caused by a link to a blacklisted external site."
- "specialmute-error-no-options": "Mute features are unavailable. This might be because: you haven't confirmed your email address or the wiki administrator has disabled email features and/or email blacklist for this wiki."
Are they still there because there's no consensus about the new name for Spam blacklist and Email blacklist? Or some other reason?
Comment Actions
For the first, I don't imagine it matters, so can be changed
For the second, it does revolve around $wgEnableUserEmailBlacklist, and has a few different parts. I did do some of the renaming around that functionality in rMWd1e7b75776c4: SpecialMute: Rename blacklist to mutelist
Changing comments is cheap. Changing i18n strings is a little more involved, as it creates work for translators. So if we need to change them again we obviously can, and we should.
In this case, it's already Special:Mute, so calling it "email mute" or "email mute feature" is probably fine. A bigger issue/more of an annoyance for me there, is that the same error message is used for potentially 3 different errors, making it more complex. Will file a task about that
Comment Actions
Change 680793 had a related patch set uploaded (by Reedy; author: Reedy):
[mediawiki/core@master] .phpcs.xml: Replace useage of whitelist in comments
Comment Actions
Change 680795 had a related patch set uploaded (by Reedy; author: Reedy):
[mediawiki/core@master] Use some more neutral language
Comment Actions
Change 680796 had a related patch set uploaded (by Amire80; author: Amire80):
[mediawiki/core@master] Change "blacklisted" to "forbidden" in a spam filter message
Comment Actions
Change 680793 merged by jenkins-bot:
[mediawiki/core@master] .phpcs.xml: Replace useage of whitelist in comments
Comment Actions
Change 680795 merged by jenkins-bot:
[mediawiki/core@master] Use some more neutral language
Comment Actions
Change 680796 merged by jenkins-bot:
[mediawiki/core@master] Change "blacklisted" to "forbidden" in a spam filter message
Comment Actions
Change 680806 had a related patch set uploaded (by Reedy; author: Reedy):
[mediawiki/core@master] WIP: Rename some config variables
Comment Actions
Change 680807 had a related patch set uploaded (by Reedy; author: Reedy):
[mediawiki/core@master] Rename email-blacklist-label message
Comment Actions
Change 680807 merged by jenkins-bot:
[mediawiki/core@master] Rename email-blacklist-label message
Comment Actions
Change 680836 had a related patch set uploaded (by Amire80; author: Amire80):
[mediawiki/core@master] Rephrase specialmute-error-no-options
Comment Actions
Change 681002 had a related patch set uploaded (by Amire80; author: Amire80):
[mediawiki/core@master] Rephrase apihelp-main-param-origin
Comment Actions
Change 680836 merged by jenkins-bot:
[mediawiki/core@master] Rephrase specialmute-error-no-options
Comment Actions
Change 681002 merged by jenkins-bot:
[mediawiki/core@master] Rephrase apihelp-main-param-origin
Comment Actions
Sorry if this is the wrong venue to voice this: so, for $wgWhitelistRead, what will be the phase-out process look like? Is there a proposed name for it like $wgAllowlistRead? And I would assume $wgWhitelistRead would be deprecated for a few versions of MediaWiki too. Same question goes for the rest of the LocalSettings.php config options which aren't simple internal core fixes.
Comment Actions
https://www.mediawiki.org/wiki/Stable_interface_policy
TLDR is something like, in the release (ie stable tarball) after it's "hard deprecated" (which is a little more difficult with config variables), it is eligible to be removed for good.
Comment Actions
Change 687231 had a related patch set uploaded (by Jforrester; author: Jforrester):
[mediawiki/core@master] DatabaseBlock::isExemptedFromAutoblocks: Drop fallback message load
Comment Actions
Change 687232 had a related patch set uploaded (by Jforrester; author: Jforrester):
[mediawiki/core@master] DatabaseBlock: Hard-deprecate calls to isWhitelistedFromAutoblocks()
Comment Actions
Change 687231 merged by jenkins-bot:
[mediawiki/core@master] DatabaseBlock::isExemptedFromAutoblocks: Drop fallback message load
Comment Actions
Change 687232 merged by jenkins-bot:
[mediawiki/core@master] DatabaseBlock: Hard-deprecate calls to isWhitelistedFromAutoblocks()
Comment Actions
Change 680806 merged by jenkins-bot:
[mediawiki/core@master] Rename four config variables to avoid 'blacklist' term
Comment Actions
Note: when renaming variables, we need to ensure we have some back compatbility in place in operations/mediawiki-config . Renaming of wgFileBlacklist has lead to some undefined setting warning: T290640
There are a few similar ones in our config:
git grep -oPwgw+(Black|White)w+
tests/multiversion/StaticSettingsTest.php:wgGlobalRenameBlacklist wmf-config/CommonSettings-labs.php:wgEnableDnsBlacklist wmf-config/CommonSettings-labs.php:wgDnsBlacklistUrls wmf-config/CommonSettings.php:wgEnableUserEmailBlacklist wmf-config/CommonSettings.php:wgFileBlacklist wmf-config/CommonSettings.php:wgFileBlacklist wmf-config/CommonSettings.php:wgFileBlacklist wmf-config/CommonSettings.php:wgFileBlacklist wmf-config/CommonSettings.php:wgMimeTypeBlacklist wmf-config/CommonSettings.php:wgMimeTypeBlacklist wmf-config/CommonSettings.php:wgLogSpamBlacklistHits wmf-config/CommonSettings.php:wgTitleBlacklistBlockAutoAccountCreation wmf-config/CommonSettings.php:wgTitleBlacklistSources wmf-config/CommonSettings.php:wgRSSUrlWhitelist wmf-config/CommonSettings.php:wgCaptchaWhitelist wmf-config/CommonSettings.php:wgEchoPerUserBlacklist wmf-config/InitialiseSettings-labs.php:wgBetaFeaturesWhitelist wmf-config/InitialiseSettings-labs.php:wgLinterSubmitterWhitelist wmf-config/InitialiseSettings.php:wgEnableDnsBlacklist wmf-config/InitialiseSettings.php:wgTitleBlacklistUsernameSources wmf-config/InitialiseSettings.php:wgBetaFeaturesWhitelist wmf-config/InitialiseSettings.php:wgLinterSubmitterWhitelist wmf-config/InitialiseSettings.php:wgShortPagesNamespaceBlacklist wmf-config/InitialiseSettings.php:wgMachineVisionTemplateBlacklist wmf-config/InitialiseSettings.php:wgMachineVisionWikidataIdBlacklist wmf-config/InitialiseSettings.php:wgGlobalRenameBlacklist wmf-config/InitialiseSettings.php:wgGlobalRenameBlacklistRegex wmf-config/reverse-proxy.php:wgProxyWhitelist