Targets Occurrences of '(white|black)[ \-]?list' in Selected files & directories Found Occurrences (464 usages found) core (464 usages found) docs (2 usages found) extension.schema.v2.json (2 usages found) 568 "ChangeCredentialsBlacklist": { 572 "RemoveCredentialsBlacklist": { includes (243 usages found) api (19 usages found) i18n (3 usages found) en.json (1 usage found) 23 Origin</code> header and the origin is whitelisted, the <code>Access-Control-Allow-Origin</code> and <code>Access-Control-Allow-Credentials</code> headers pt-br.json (1 usage found) 37 Origin</code> e a origem for permitida (''whitelisted''), os cabeçalhos <code>Access-Control-Allow-Origin</code> e <code>Access-Control-Allow-Credentials pt.json (1 usage found) 30 Origin</code> e a origem for permitida (''white-listed'') os cabeçalhos <code>Access-Control-Allow-Origin</code> e <code>Access-Control-Allow-Credentials ApiAuthManagerHelper.php (1 usage found) 131 public static function blacklistAuthenticationRequests( array $reqs, array $remove ) { ApiChangeAuthenticationData.php (2 usages found) 49 $reqs = ApiAuthManagerHelper::blacklistAuthenticationRequests( 51 $this->getConfig()->get( 'ChangeCredentialsBlacklist' ) ApiClientLogin.php (1 usage found) 98 $res->neededRequests = ApiAuthManagerHelper::blacklistAuthenticationRequests( ApiQueryAuthManagerInfo.php (5 usages found) 74 // Filter out blacklisted requests, depending on the action 77 $reqs = ApiAuthManagerHelper::blacklistAuthenticationRequests( 78 $reqs, $this->getConfig()->get( 'ChangeCredentialsBlacklist' ) 82 $reqs = ApiAuthManagerHelper::blacklistAuthenticationRequests( 83 $reqs, $this->getConfig()->get( 'RemoveCredentialsBlacklist' ) ApiQuerySiteinfo.php (1 usage found) 169 $data['imagewhitelistenabled'] = (bool)$config->get( 'EnableImageWhitelist' ); ApiRemoveAuthenticationData.php (1 usage found) 63 ? array_flip( $this->getConfig()->get( 'RemoveCredentialsBlacklist' ) ) ApiUpload.php (5 usages found) 669 if ( isset( $verification['blacklistedExt'] ) ) { 670 $msg[1] = Message::listParam( $verification['blacklistedExt'], 'comma' ); 671 $msg[4] = count( $verification['blacklistedExt'] ); 672 $extradata['blacklisted'] = array_values( $verification['blacklistedExt'] ); 673 ApiResult::setIndexedTagName( $extradata['blacklisted'], 'ext' ); auth (7 usages found) AuthManager.php (7 usages found) 1066 if ( $this->blockManager->isDnsBlacklisted( $ip, true /* check $wgProxyWhitelist */ ) ) { 1651 if ( $session->get( 'AuthManager::AutoCreateBlacklist' ) ) { 1652 $this->logger->debug( __METHOD__ . ': blacklisted in session {sessionid}', [ 1658 $reason = $session->get( 'AuthManager::AutoCreateBlacklist' ); 1671 $session->set( 'AuthManager::AutoCreateBlacklist', 'noname' ); 1686 $session->set( 'AuthManager::AutoCreateBlacklist', 'authmanager-autocreate-noperm' ); 1721 $session->set( 'AuthManager::AutoCreateBlacklist', $status ); block (24 usages found) AbstractBlock.php (1 usage found) 276 * may be blacklisted or whitelisted, or determined from a BlockManager.php (18 usages found) 60 'DnsBlacklistUrls', 61 'EnableDnsBlacklist', 63 'ProxyWhitelist', 208 if ( !in_array( $ip, $this->options->get( 'ProxyWhitelist' ) ) ) { 216 } elseif ( $isAnon && $this->isDnsBlacklisted( $ip ) ) { 238 && !in_array( $ip, $this->options->get( 'ProxyWhitelist' ) ) 363 * Whether the given IP is in a DNS blacklist. 366 * @param bool $checkAllowed Whether to check $wgProxyWhitelist first 367 * @return bool True if blacklisted. 369 public function isDnsBlacklisted( $ip, $checkAllowed = false ) { 370 if ( !$this->options->get( 'EnableDnsBlacklist' ) || 371 ( $checkAllowed && in_array( $ip, $this->options->get( 'ProxyWhitelist' ) ) ) 376 return $this->inDnsBlacklist( $ip, $this->options->get( 'DnsBlacklistUrls' ) ); 380 * Whether the given IP is in a given DNS blacklist. 383 * @param string[] $bases URL of the DNS blacklist 384 * @return bool True if blacklisted. 386 private function inDnsBlacklist( $ip, array $bases ) { 436 * @return string[]|bool IPv4 array, or false if the IP is not blacklisted DatabaseBlock.php (2 usages found) 548 public static function isWhitelistedFromAutoblocks( $ip ) { 574 . "\n" . wfMessage( 'autoblock_whitelist' )->inContentLanguage()->plain() SystemBlock.php (3 usages found) 27 * from IP blacklists) and are not saved to the database. The target of a 60 * - 'proxy': the IP is blacklisted in $wgProxyList 61 * - 'dnsbl': the IP is associated with a blacklisted domain in $wgDnsBlacklistUrls composer (6 usages found) ComposerPhpunitXmlCoverageEdit.php (6 usages found) 41 $whitelist = iterator_to_array( $phpunitXml->getElementsByTagName( 'whitelist' ) ); 43 foreach ( $whitelist as $childNode ) { 46 $whitelistElement = $phpunitXml->createElement( 'whitelist' ); 47 $whitelistElement->setAttribute( 'addUncoveredFilesFromWhitelist', 'false' ); 52 $whitelistElement->appendChild( $dirElement ); 56 ->appendChild( $whitelistElement ); gallery (2 usages found) ImageGalleryBase.php (1 usage found) 77 * @var bool Hide blacklisted images? TraditionalImageGallery.php (1 usage found) 121 # The image is blacklisted, just show it as a text link. HookContainer (4 usages found) HookRunner.php (4 usages found) 482 \MediaWiki\Permissions\Hook\TitleReadWhitelistHook, 4039 public function onTitleReadWhitelist( $title, $user, &$whitelisted ) { 4041 'TitleReadWhitelist', 4042 [ $title, $user, &$whitelisted ] jobqueue (5 usages found) JobQueueFederated.php (1 usage found) 292 unset( $partitionsTry[$partition] ); // blacklist partition JobRunner.php (4 usages found) 221 $blacklist = $throttle ? array_keys( $backoffs ) : []; 227 ->pop( JobQueueGroup::TYPE_DEFAULT, JobQueueGroup::USE_CACHE, $blacklist ); 230 // that type of job is currently rate-limited by the back-off blacklist 231 $job = in_array( $type, $blacklist ) ? false : $this->jobQueueGroup->pop( $type ); libs (2 usages found) mime (1 usage found) XmlTypeCheck.php (1 usage found) 414 * We whitelist an extremely restricted subset of DTD features. Cookie.php (1 usage found) 77 * A better method might be to use a blacklist like page (1 usage found) Article.php (1 usage found) 492 # Another whitelist check in case getOldID() is altering the title pager (1 usage found) TablePager.php (1 usage found) 408 * blacklist, passed in the $blacklist parameter. parser (14 usages found) Parser.php (6 usages found) 2314 * option, through the exception, or through the on-wiki whitelist 2347 if ( !$text && $this->mOptions->getEnableImageWhitelist() 2350 $whitelist = explode( 2352 wfMessage( 'external_image_whitelist' )->inContentLanguage()->text() 2355 foreach ( $whitelist as $entry ) { 2362 # Image matches a whitelist entry ParserOptions.php (8 usages found) 299 * Use the on-wiki external image whitelist? 302 public function getEnableImageWhitelist() { 303 return $this->getOption( 'enableImageWhitelist' ); 307 * Use the on-wiki external image whitelist? 313 public function setEnableImageWhitelist( $x ) { 315 return $this->setOptionLegacy( 'enableImageWhitelist', $x ); 1244 $wgAllowExternalImagesFrom, $wgEnableImageWhitelist, $wgAllowSpecialInclusion, 1293 'enableImageWhitelist' => $wgEnableImageWhitelist, Permissions (22 usages found) Hook (5 usages found) TitleReadWhitelistHook.php (5 usages found) 10 * Use the hook name "TitleReadWhitelist" to register handlers implementing this interface. 15 interface TitleReadWhitelistHook { 24 * @param bool &$whitelisted Whether this title is whitelisted 25 * @return bool|void True or no return value to continue, or false to *not* whitelist 28 public function onTitleReadWhitelist( $title, $user, &$whitelisted ); PermissionManager.php (17 usages found) 66 'WhitelistRead', 67 'WhitelistReadRegexp', 571 $whiteListRead = $this->options->get( 'WhitelistRead' ); 589 } elseif ( is_array( $whiteListRead ) && count( $whiteListRead ) ) { 590 # Time to check the whitelist 595 // Check for explicit whitelisting with and without underscores 596 if ( in_array( $name, $whiteListRead, true ) 597 || in_array( $dbName, $whiteListRead, true ) ) { 602 if ( in_array( ':' . $name, $whiteListRead ) ) { 612 if ( in_array( $pure, $whiteListRead, true ) ) { 619 $whitelistReadRegexp = $this->options->get( 'WhitelistReadRegexp' ); 620 if ( !$allowed && is_array( $whitelistReadRegexp ) 621 && !empty( $whitelistReadRegexp ) ) { 623 // Check for regex whitelisting 624 foreach ( $whitelistReadRegexp as $listItem ) { 633 # If the title is not whitelisted, give extensions a chance to do so... 634 $this->hookRunner->onTitleReadWhitelist( $title, $user, $allowed ); preferences (8 usages found) DefaultPreferencesFactory.php (7 usages found) 111 'EnableUserEmailBlacklist', 174 public function getSaveBlacklist() { 238 if ( $disable && !in_array( $name, $this->getSaveBlacklist() ) ) { 753 if ( $this->options->get( 'EnableUserEmailBlacklist' ) ) { 754 $defaultPreferences['email-blacklist'] = [ 756 'label-message' => 'email-blacklist-label', 1784 foreach ( $this->getSaveBlacklist() as $b ) { PreferencesFactory.php (1 usage found) 85 public function getSaveBlacklist(); registration (4 usages found) ExtensionProcessor.php (4 usages found) 22 'ChangeCredentialsBlacklist', 51 'RemoveCredentialsBlacklist', 252 // Only whitelisted attributes are set 261 // If it's not blacklisted, it's an attribute session (1 usage found) SessionProvider.php (1 usage found) 404 * occurring in the future. This might add the username to a blacklist, or shell (25 usages found) Command.php (3 usages found) 201 * whitelisted will be available to the shell command. 203 * limit.sh will always be whitelisted 209 public function whitelistPaths( array $paths ): Command { firejail.profile (22 usages found) 22 blacklist /sbin 23 blacklist /usr/sbin 24 blacklist /usr/local/sbin 26 # Blacklist /run which typically contains many exploitable UNIX sockets. But 27 # don't blacklist /run/firejail which firejail needs. Using a glob means that 29 # the noblacklist directive to work. (T262364) 30 noblacklist /run/firejail 31 blacklist /run/* 34 blacklist /etc/shadow 35 blacklist /etc/ssh 36 blacklist /root 39 blacklist ${PATH}/umount 40 blacklist ${PATH}/mount 41 blacklist ${PATH}/fusermount 42 blacklist ${PATH}/su 43 blacklist ${PATH}/sudo 44 blacklist ${PATH}/xinput 45 blacklist ${PATH}/evtest 46 blacklist ${PATH}/xev 47 blacklist ${PATH}/strace 48 blacklist ${PATH}/nc 49 blacklist ${PATH}/ncat specialpage (3 usages found) AuthManagerSpecialPage.php (3 usages found) 232 * Allows blacklisting certain request types. 236 protected function getRequestBlacklist() { 277 return !in_array( get_class( $req ), $this->getRequestBlacklist(), true ); specials (20 usages found) forms (1 usage found) UploadForm.php (1 usage found) 264 $prohibitedExtensions = array_unique( $config->get( 'FileBlacklist' ) ); SpecialChangeCredentials.php (2 usages found) 285 protected function getRequestBlacklist() { 286 return $this->getConfig()->get( 'ChangeCredentialsBlacklist' ); SpecialEmailUser.php (1 usage found) 243 $muteList = $target->getOption( 'email-blacklist', '' ); SpecialLinkAccounts.php (2 usages found) 33 protected function getRequestBlacklist() { 34 return $this->getConfig()->get( 'ChangeCredentialsBlacklist' ); SpecialMute.php (5 usages found) 164 * @param string $userOption up_property key that holds the blacklist 200 $config->get( 'EnableUserEmailBlacklist' ) && 204 $fields['email-blacklist'] = [ 210 'default' => $this->isTargetMuted( 'email-blacklist' ), 254 public function isTargetBlacklisted( $userOption ) { SpecialRemoveCredentials.php (2 usages found) 27 protected function getRequestBlacklist() { 28 return $this->getConfig()->get( 'RemoveCredentialsBlacklist' ); SpecialShortPages.php (1 usage found) 66 $config->get( 'ShortPagesNamespaceBlacklist' ) SpecialUnlinkAccounts.php (2 usages found) 38 protected function getRequestBlacklist() { 39 return $this->getConfig()->get( 'RemoveCredentialsBlacklist' ); SpecialUpload.php (4 usages found) 758 if ( isset( $details['blacklistedExt'] ) ) { 759 $msg->params( $this->getLanguage()->commaList( $details['blacklistedExt'] ) ); 770 if ( isset( $details['blacklistedExt'] ) ) { 771 $msg->params( count( $details['blacklistedExt'] ) ); upload (29 usages found) UploadBase.php (25 usages found) 79 protected $mBlackListedExtensions; 361 * - 'blacklistedExt': set to the list of blacklisted file extensions if the current file extension 362 * is not allowed for uploads and the blacklist is not empty 425 if ( count( $this->mBlackListedExtensions ) ) { 426 $result['blacklistedExt'] = $this->mBlackListedExtensions; 450 global $wgMimeTypeBlacklist; 451 if ( $this->checkFileExtension( $mime, $wgMimeTypeBlacklist ) ) { 466 if ( $this->checkFileExtension( $ieType, $wgMimeTypeBlacklist ) ) { 540 * Runs the blacklist checks, but not any checks that may 1033 * We'll want to blacklist against *any* 'extension', and use 1034 * only the final one for the whitelist. 1065 /* Don't allow users to override the blacklist (check file extension) */ 1067 global $wgFileExtensions, $wgFileBlacklist; 1069 $blackListedExtensions = $this->checkFileExtensionList( $ext, $wgFileBlacklist ); 1076 } elseif ( $blackListedExtensions || 1080 $this->mBlackListedExtensions = $blackListedExtensions; 1245 * scripts, so the blacklist needs to check them all. 1449 * Check a whitelist of xml encodings that are known not to be interpreted differently 1482 // detect the encoding in case is specifies an encoding not whitelisted in self::$safeXmlEncodings 1586 * @todo Replace this with a whitelist filter! 1727 wfDebug( __METHOD__ . ": Found href to unwhitelisted data: uri " 2129 foreach ( self::getFilenamePrefixBlacklist() as $prefix ) { 2159 * Get a list of blacklisted filename prefixes from [[MediaWiki:Filename-prefix-blacklist]] 2163 public static function getFilenamePrefixBlacklist() { 2165 $message = wfMessage( 'filename-prefix-blacklist' )->inContentLanguage(); UploadFromUrl.php (2 usages found) 71 * The domains in the whitelist can include wildcard characters (*) in place 88 // See if the domain for the upload matches this whitelisted domain UploadStash.php (2 usages found) 479 global $wgFileBlacklist; 493 if ( in_array( $extension, $wgFileBlacklist ) ) { user (1 usage found) UserOptionsManager.php (1 usage found) 315 $specialOptions = array_fill_keys( $preferencesFactory->getSaveBlacklist(), true ); ContentSecurityPolicy.php (5 usages found) 246 // A future todo might be to make the whitelist options only 247 // add all the whitelisted sites to the header, instead of 256 } elseif ( $mwConfig->get( 'EnableImageWhitelist' ) ) { 257 $whitelist = wfMessage( 'external_image_whitelist' ) 260 if ( preg_match( '/^\s*[^\s#]/m', $whitelist ) ) { DefaultSettings.php (29 usages found) 1090 $wgFileBlacklist = [ 1105 $wgMimeTypeBlacklist = [ 1853 * Set to true to enable user-to-user e-mail blacklist. 1857 $wgEnableUserEmailBlacklist = false; 4670 * Optional array of namespaces which should be blacklisted from Special:ShortPages 4671 * Only pages inside $wgContentNamespaces but not $wgShortPagesNamespaceBlacklist will 4675 $wgShortPagesNamespaceBlacklist = []; 4897 * Set this to true to enable the on-wiki allow list (MediaWiki:External image whitelist) 4902 $wgEnableImageWhitelist = false; 5430 $wgChangeCredentialsBlacklist = [ 5443 $wgRemoveCredentialsBlacklist = [ 5610 'msg:sorbs', // For $wgEnableDnsBlacklist etc. 5815 * $wgWhitelistRead = [ "Main Page", "Wikipedia:Help" ]; 5827 * @note Extensions should not modify this, but use the TitleReadWhitelist 5830 $wgWhitelistRead = false; 5839 * To whitelist [[Main Page]]: 5841 * $wgWhitelistReadRegexp = [ "/Main Page/" ]; 5851 * $wgWhitelistReadRegexp = [ "@^UsEr.*@i" ]; 5858 $wgWhitelistReadRegexp = false; 5894 * This replaces $wgWhitelistAccount and $wgWhitelistEdit 6376 * Whether to use DNS blacklists in $wgDnsBlacklistUrls to check for open 6380 $wgEnableDnsBlacklist = false; 6383 * List of DNS blacklists to use, if $wgEnableDnsBlacklist is true. 6386 * the blacklist require a key). 6390 * $wgDnsBlacklistUrls = [ 6405 $wgDnsBlacklistUrls = [ 'http.dnsbl.sorbs.net.' ]; 6418 * Proxy whitelist, list of addresses that are assumed to be non-proxy despite 6421 $wgProxyWhitelist = []; 9441 /* MediaWiki whitelist */ GitInfo.php (1 usage found) 254 ->whitelistPaths( [ $gitDir, $this->repoDir ] ) GlobalFunctions.php (1 usage found) 1475 # @todo FIXME: We may want to blacklist some broken browsers OutputPage.php (1 usage found) 2762 $msg = 'whitelistedittext'; Setup.php (2 usages found) 249 // Blacklisted file extensions shouldn't appear on the "allowed" list 250 $wgFileExtensions = array_values( array_diff( $wgFileExtensions, $wgFileBlacklist ) ); StreamFile.php (4 usages found) 105 global $wgFileBlacklist, $wgCheckFileExtensions, $wgStrictFileExtensions, 106 $wgFileExtensions, $wgVerifyMimeType, $wgMimeTypeBlacklist; 108 if ( UploadBase::checkFileExtensionList( $extList, $wgFileBlacklist ) ) { 116 if ( $wgVerifyMimeType && in_array( strtolower( $type ), $wgMimeTypeBlacklist ) ) { WebRequest.php (2 usages found) 1169 * @param array $extWhitelist 1172 public function checkUrlExtension( $extWhitelist = [] ) { tests (82 usages found) phpunit (82 usages found) includes (73 usages found) auth (18 usages found) AuthManagerTest.php (18 usages found) 1570 'wgEnableDnsBlacklist' => true, 1571 'wgDnsBlacklistUrls' => [ 1574 'wgProxyWhitelist' => [], 1580 $this->setMwGlobals( 'wgProxyWhitelist', [ '127.0.0.1' ] ); 2604 // Session blacklisted 2606 $session->set( 'AuthManager::AutoCreateBlacklist', 'test' ); 2616 [ LogLevel::DEBUG, 'blacklisted in session {sessionid}' ], 2621 $session->set( 'AuthManager::AutoCreateBlacklist', StatusValue::newFatal( 'test2' ) ); 2631 [ LogLevel::DEBUG, 'blacklisted in session {sessionid}' ], 2649 $this->assertSame( 'noname', $session->get( 'AuthManager::AutoCreateBlacklist' ) ); 2669 'authmanager-autocreate-noperm', $session->get( 'AuthManager::AutoCreateBlacklist' ) 2741 StatusValue::newFatal( 'fail-in-pre' ), $session->get( 'AuthManager::AutoCreateBlacklist' ) 2758 StatusValue::newFatal( 'fail-in-primary' ), $session->get( 'AuthManager::AutoCreateBlacklist' ) 2775 StatusValue::newFatal( 'fail-in-secondary' ), $session->get( 'AuthManager::AutoCreateBlacklist' ) 2795 $this->assertSame( null, $session->get( 'AuthManager::AutoCreateBlacklist' ) ); 2815 $this->assertSame( null, $session->get( 'AuthManager::AutoCreateBlacklist' ) ); 2840 $this->assertSame( null, $session->get( 'AuthManager::AutoCreateBlacklist' ) ); 2869 $this->assertSame( null, $session->get( 'AuthManager::AutoCreateBlacklist' ) ); block (40 usages found) BlockManagerTest.php (40 usages found) 34 'wgDnsBlacklistUrls' => [], 35 'wgEnableDnsBlacklist' => true, 37 'wgProxyWhitelist' => [], 273 * @dataProvider provideIsDnsBlacklisted 274 * @covers ::isDnsBlacklisted 275 * @covers ::inDnsBlacklist 277 public function testIsDnsBlacklisted( $options, $expected ) { 279 'wgEnableDnsBlacklist' => true, 280 'wgDnsBlacklistUrls' => $options['blacklist'], 281 'wgProxyWhitelist' => $options['whitelist'], 296 $blockManager->isDnsBlacklisted( $options['ip'], $options['checkWhitelist'] ) 300 public static function provideIsDnsBlacklisted() { 304 'IP is blacklisted' => [ 306 'blacklist' => [ 'dnsbl.test' ], 310 'whitelist' => [], 311 'checkWhitelist' => false, 315 'IP is blacklisted; blacklist has key' => [ 317 'blacklist' => [ [ 'dnsbl.test', 'key' ] ], 321 'whitelist' => [], 322 'checkWhitelist' => false, 326 'IP is blacklisted; blacklist is array' => [ 328 'blacklist' => [ [ 'dnsbl.test' ] ], 332 'whitelist' => [], 333 'checkWhitelist' => false, 337 'IP is not blacklisted' => [ 339 'blacklist' => [ 'dnsbl.test' ], 343 'whitelist' => [], 344 'checkWhitelist' => false, 348 'Blacklist is empty' => [ 350 'blacklist' => [], 354 'whitelist' => [], 355 'checkWhitelist' => false, 359 'IP is blacklisted and whitelisted; whitelist is not checked' => [ 361 'blacklist' => [ 'dnsbl.test' ], 365 'whitelist' => [ '127.0.0.1' ], 366 'checkWhitelist' => false, 370 'IP is blacklisted and whitelisted; whitelist is checked' => [ 372 'blacklist' => [ 'dnsbl.test' ], 376 'whitelist' => [ '127.0.0.1' ], 377 'checkWhitelist' => true, password (1 usage found) UserPasswordPolicyTest.php (1 usage found) 85 'PasswordCannotMatchBlacklist' => true, specials (13 usages found) SpecialMuteTest.php (11 usages found) 19 'wgEnableUserEmailBlacklist' => true 48 public function testEmailBlacklistNotEnabled() { 55 'wgEnableUserEmailBlacklist' => false 77 public function testMuteAddsUserToEmailBlacklist() { 85 $this->userOptionsManager->setOption( $loggedInUser, 'email-blacklist', "999" ); 89 $fauxRequest = new FauxRequest( [ 'wpemail-blacklist' => true ], true ); 97 $this->userOptionsManager->getOption( $loggedInUser, 'email-blacklist' ) 104 public function testUnmuteRemovesUserFromEmailBlacklist() { 112 $this->userOptionsManager->setOption( $loggedInUser, 'email-blacklist', "999\n" . $targetUser->getId() ); 116 $fauxRequest = new FauxRequest( [ 'wpemail-blacklist' => false ], true ); 122 $this->assertSame( "999", $this->userOptionsManager->getOption( $loggedInUser, 'email-blacklist' ) ); SpecialShortPagesTest.php (2 usages found) 18 public function testGetQueryInfoRespectsContentNS( $contentNS, $blacklistNS, $expectedNS ) { 20 'wgShortPagesNamespaceBlacklist' => $blacklistNS, ContentSecurityPolicyTest.php (1 usage found) 19 'wgEnableImageWhitelist' => false, unit (7 usages found) includes (7 usages found) Permissions (2 usages found) PermissionManagerTest.php (2 usages found) 35 'WhitelistRead' => false, 36 'WhitelistReadRegexp' => false, BadFileLookupTest.php (5 usages found) 177 'Context page not whitelisted' => 180 'Whitelisted context page' => 184 'Bad image with Image: in blacklist' => [ 'Bad2.jpg', null, true ], 185 'Bad image without prefix in blacklist' => [ 'Bad3.jpg', null, true ], 186 'Bad image with different namespace in blacklist' => [ 'Bad4.jpg', null, true ], suite.xml (2 usages found) 67 <whitelist addUncoveredFilesFromWhitelist="true"> 77 </whitelist> .phpcs.xml (8 usages found) 73 Whitelist existing violations, but enable the sniff to prevent 119 Whitelist existing violations, but enable the sniff to prevent 166 Whitelist existing violations, but enable the sniff to prevent 191 Whitelist existing violations, but enable the sniff to prevent 200 Whitelist existing violations, but enable the sniff to prevent 210 Whitelist existing violations, but enable the sniff to prevent 223 Whitelist existing violations, but enable the sniff to prevent 231 Whitelist existing violations, but enable the sniff to prevent HISTORY (119 usages found) 222 * (T262364) shell: Don't blacklist /run/firejail. 495 * (T204618) Whitelisted the aria-hidden HTML attribute for all elements in 606 * Replaced wikimedia/password-blacklist 0.1.4 with wikimedia/common-passwords 854 * Sanitizer::setupAttributeWhitelist() and Sanitizer::attributeWhitelist(), 1004 * The deprecated $blacklist parameter to wfIsBadImage() has been removed. 1182 and ::setEnableImageWhitelist() have been deprecated. Future parsers 1937 $wgPasswordPolicy['policies']['default']['PasswordNotInLargeBlacklist'] = false; 2376 * User::isLocallyBlockedProxy and User::inDnsBlacklist are deprecated and moved 2378 * User::isDnsBlacklisted is deprecated. Use BlockManager::isDnsBlacklisted 2431 * Sanitizer::attributeWhitelist() and Sanitizer::setupAttributeWhitelist() 2702 password is not in the large blacklist. This is enabled by default for the 2704 this for other user groups, set the `PasswordNotInLargeBlacklist` flag `true`. 2776 * Added wikimedia/password-blacklist 0.1.4. 2919 * getSaveBlacklist() 3062 follow best practices, it is reccommended to use 'PasswordNotInLargeBlacklist' 3063 instead which blacklists 100,000 commonly used passwords. 3219 * (T208881) SECURITY: blacklist CSS var(). 3326 * $wgEnableImageWhitelist is now disabled by default, as it opens up a hole for 3328 "MediaWiki:External image whitelist" on your wiki to see whether the feature 3335 * $wgBrowserBlacklist – This setting, deprecated in 1.30, was removed. 3462 * (T198935) User list preferences such as `email-blacklist` and similar 4262 * (T208881) SECURITY: blacklist CSS var(). 4822 * (T208881) SECURITY: blacklist CSS var(). 4947 $wgEnableUserEmailBlacklist to true. 4948 * (T67297) $wgBrowserBlacklist is deprecated, and changing it will have no 5213 The SpamBlacklist and PdfHandler extensions were missing from the generated 5328 * (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file 5641 * (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file 6026 * (T208881) SECURITY: blacklist CSS var(). 6150 * (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file 6378 * Whitelisted the following HTML attributes for all elements in wikitext: 6419 ** Two new globals, $wgChangeCredentialsBlacklist and 6420 $wgRemoveCredentialsBlacklist can be used to prevent the web UI and the API 8572 * (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file 8849 * $wgHttpOnlyBlacklist has been removed. 9417 * (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted 9419 the namespace name if they use a non- whitelisted namespace. 9478 have been whitelisted inside of $wgUrlProtocols. 9538 * (bug 44525) mediawiki.jqueryMsg can now parse (whitelisted) HTML elements and 9669 uploads by URL, useful for blacklisting specific URLs 10062 * (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted 10065 non-whitelisted namespace. 10164 * The HTML5 <mark> tag has been whitelisted. 10205 * Added $wgWhitelistReadRegexp for regex whitelisting. 10459 * BREAKING CHANGE: (bug 38244) Removed the mediawiki.api.titleblacklist module 10460 and moved it to the TitleBlacklist extension. 10499 * (bug 47304) SECURITY: Check SVG xml encoding against whitelist 10680 API upload errors due to the file extension blacklist. 10904 * (bug 11142) Improve file extension blacklist error reporting in API upload. 11079 * (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted 11081 the namespace name if they use a non- whitelisted namespace. 11140 * (bug 47304) SECURITY: Check SVG xml encoding against whitelist 11216 * Expanded Blacklist for SVG Files 11240 * (bug 35303) Proxy and DNS blacklist blocking works again 11269 * $wgDnsBlacklistUrls now accepts an array with url and key as the 11644 * Expanded Blacklist for SVG Files 12030 * (bug 18372) File types blacklisted by $wgFileBlacklist will no longer be shown 12071 extensions is blacklisted now gives the proper extension in the error message. 12503 * Expanded Blacklist for SVG Files 12746 * (bug 671) The <dfn>, <kbd> and <samp> elements have been whitelisted in user 12817 * Added $wgAllowImageTag, which can be set to true to whitelist the <img> tag 13084 * (bug 18372) File types blacklisted by $wgFileBlacklist will no longer be shown 13521 to $wgDnsBlacklistUrls (backward compatibility kept) 13530 * $wgEnableSorbs renamed to $wgDnsBlacklistUrls ($wgEnableSorbs kept for 13712 * Added $wgRateLimitsExcludedIPs, to allow specific IPs to be whitelisted from 13918 * (bug 19355) Added .xhtml, .xht to upload file extension blacklist 14509 * Added $wgRateLimitsExcludedIPs, to allow specific IPs to be whitelisted from 14833 * Introduced $wgEnableImageWhitelist to toggle the on-wiki external image 14834 whitelist on or off. 14932 * Added an on-wiki external image whitelist. Items in this whitelist are 15188 * Blacklist redirects via Special:Filepath, hard to use. 15488 * Blacklist redirects via Special:Filepath. Such redirects exacerbate any 15861 * (bug 13905) Blacklist Mac IE from HttpOnly cookies; it eats them sometimes 16155 * Blacklist redirects via Special:Filepath. Such redirects exacerbate any XSS 16398 * Fixed notice when accessing special page without read permission and whitelist 16471 * If restricted read access was enabled, whitelist didn't work with special 16937 * (bug 8989) Blacklist 'mhtml' and 'mht' files from upload 17116 * Add Google Wireless Transcoder to the Unicode editing blacklist 17190 equivalent to a whitelisted title 17258 $wgWhitelistRead is undefined, instead of (incorrectly) honouring them 17259 * Fixed img_auth.php file name extraction for whitelist checking 17949 * (bug 7629) Fix $wgBrowserBlackList to avoid false positive on MSIE 18419 * (bug 7883) Added autoblock whitelisting feature, using which specific ranges 18421 format, in the autoblock_whitelist system message. 18597 A more thorough blacklist for forbidden and translatable characters would 18913 The base hostname for the DNS-based proxy blacklist can now be overridden 18914 when $wgEnableSorbs is set, to use a different blacklist instead of SORBS. 18915 The blacklist would need to respond the same was as SORBS; any positive 19110 to break the blacklists for regular URLs 19345 * (bug 7537) Add php5 to $wgFileBlacklist 19627 * Pass login link to "whitelistedittext" containing 'returnto' parameter 20558 * [[meta:SpamBlacklist extension|SpamBlacklist extension]] now has support for 20872 * Blacklist additional MSIE CSS safety tricks 20891 MIME type to the default blacklist. Prevented inline display of images 21043 * Recognize Special:Search consistently so read whitelist works 21348 spam-cleanup tool in the SpamBlacklist extension. 21589 If .svg files are added to the upload whitelist, you can choose to render 21912 * (bug 2152) Add missing bgcolor to attribute whitelist for <td> and <th> 21952 * Only build the HTML attribute whitelist tree once. 22001 * (bug 873) Fix usage of createaccount permission; replaces $wgWhitelistAccount 22042 * (bug 996) Replace $wgWhitelistEdit with 'edit' permission; fixup UPGRADE 22043 documentation about edit and read whitelists. 22266 for browsers that hit the Unicode blacklist. Patch by plugwash. 22361 * Blacklist additional MSIE CSS safety tricks 22414 * Recognize Special:Search consistently so read whitelist works 22443 MIME type to the default blacklist. Prevented inline display of images 22559 that browser. This release blacklists several additional variants from use in 22905 * (bug 996) Fix $wgWhitelistRead to work again 22918 * Enhance upload extension blacklist to protect against vulnerable 22940 * Add the dreaded <span> to the HTML whitelist 23059 * Removed .ogg from the default uploads whitelist as an extra precaution. 23151 * (bug 1147) add \checkmark to whitelist in texutil.ml 23268 blacklists several additional variants from use in HTML inline style 23399 * Removed .ogg from the default uploads whitelist as an extra precaution. If 23424 * Enhance upload extension blacklist to protect against vulnerable Apache 23453 * ({{bugzilla|874}}) added 'cgi' to {{wg|FileBlacklist}} 23504 have expanded the <code>filetype</code> whitelist or disabled the strict type 23522 enabled if in {{wg|WhitelistEdit}} mode. 23578 * {{wg|WhitelistAccount}} no longer breaks all logins. img_auth.php (1 usage found) 168 // Checks Whitelist too phpunit.xml.dist (2 usages found) 48 <whitelist addUncoveredFilesFromWhitelist="false"> 62 </whitelist> RELEASE-NOTES-1.36 (7 usages found) 19 * MediaWiki:Autoblock_whitelist has been moved to 21 the MediaWiki:Autoblock_whitelist page. 88 * The deprecated password policies PasswordCannotMatchBlacklist and 89 PasswordNotInLargeBlacklist were removed. Please use 357 - ::isDnsBlacklisted 358 - ::inDnsBlacklist 742 * DatabaseBlock::isWhitelistedFromAutoblocks was deprecated. Use
Description
Details
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | None | T254646 Reconsidering how we name things | |||
Stalled | None | T277943 Address Voice and Tone issues in GlobalPreferences | |||
Open | None | T277987 Address Voice and Tone issues in MediaWiki Core | |||
Open | None | T254803 Rename or deprecate $wgEnableImageWhitelist (and related code) | |||
Open | None | T280470 Renaming 'email-blacklist' preference | |||
Resolved | None | T282894 Rename …master methods in ILoadBalancer to …primary |
Event Timeline
Change 673654 had a related patch set uploaded (by Reedy; owner: Reedy):
[mediawiki/core@master] Deprecate DatabaseBlock::isExemptedFromAutoblocks
Change 673678 had a related patch set uploaded (by Mainframe98; owner: Mainframe98):
[mediawiki/core@master] Rename $wgSlaveLagWarning and $wgSlaveLagCritical
Change 673557 had a related patch set uploaded (by Jforrester; owner: Reedy):
[mediawiki/core@master] Use more neutral or alternative language
Change 673557 merged by jenkins-bot:
[mediawiki/core@master] Use more neutral or alternative language
Change 673654 merged by jenkins-bot:
[mediawiki/core@master] Deprecate DatabaseBlock::isWhitelistedFromAutoblocks
Change 673678 merged by jenkins-bot:
[mediawiki/core@master] Rename $wgSlaveLagWarning and $wgSlaveLagCritical to match DB_REPLICA
There are still two strings with "blacklist" in en.json values:
- "spamprotectiontext": "The text you wanted to publish was blocked by the spam filter.\nThis is probably caused by a link to a blacklisted external site."
- "specialmute-error-no-options": "Mute features are unavailable. This might be because: you haven't confirmed your email address or the wiki administrator has disabled email features and/or email blacklist for this wiki."
Are they still there because there's no consensus about the new name for Spam blacklist and Email blacklist? Or some other reason?
For the first, I don't imagine it matters, so can be changed
For the second, it does revolve around $wgEnableUserEmailBlacklist, and has a few different parts. I did do some of the renaming around that functionality in rMWd1e7b75776c4: SpecialMute: Rename blacklist to mutelist
Changing comments is cheap. Changing i18n strings is a little more involved, as it creates work for translators. So if we need to change them again we obviously can, and we should.
In this case, it's already Special:Mute, so calling it "email mute" or "email mute feature" is probably fine. A bigger issue/more of an annoyance for me there, is that the same error message is used for potentially 3 different errors, making it more complex. Will file a task about that
Change 680793 had a related patch set uploaded (by Reedy; author: Reedy):
[mediawiki/core@master] .phpcs.xml: Replace useage of whitelist in comments
Change 680795 had a related patch set uploaded (by Reedy; author: Reedy):
[mediawiki/core@master] Use some more neutral language
Change 680796 had a related patch set uploaded (by Amire80; author: Amire80):
[mediawiki/core@master] Change "blacklisted" to "forbidden" in a spam filter message
Change 680793 merged by jenkins-bot:
[mediawiki/core@master] .phpcs.xml: Replace useage of whitelist in comments
Change 680795 merged by jenkins-bot:
[mediawiki/core@master] Use some more neutral language
Change 680796 merged by jenkins-bot:
[mediawiki/core@master] Change "blacklisted" to "forbidden" in a spam filter message
Change 680806 had a related patch set uploaded (by Reedy; author: Reedy):
[mediawiki/core@master] WIP: Rename some config variables
Change 680807 had a related patch set uploaded (by Reedy; author: Reedy):
[mediawiki/core@master] Rename email-blacklist-label message
Change 680807 merged by jenkins-bot:
[mediawiki/core@master] Rename email-blacklist-label message
Change 680836 had a related patch set uploaded (by Amire80; author: Amire80):
[mediawiki/core@master] Rephrase specialmute-error-no-options
Change 681002 had a related patch set uploaded (by Amire80; author: Amire80):
[mediawiki/core@master] Rephrase apihelp-main-param-origin
Change 680836 merged by jenkins-bot:
[mediawiki/core@master] Rephrase specialmute-error-no-options
Change 681002 merged by jenkins-bot:
[mediawiki/core@master] Rephrase apihelp-main-param-origin
Sorry if this is the wrong venue to voice this: so, for $wgWhitelistRead, what will be the phase-out process look like? Is there a proposed name for it like $wgAllowlistRead? And I would assume $wgWhitelistRead would be deprecated for a few versions of MediaWiki too. Same question goes for the rest of the LocalSettings.php config options which aren't simple internal core fixes.
https://www.mediawiki.org/wiki/Stable_interface_policy
TLDR is something like, in the release (ie stable tarball) after it's "hard deprecated" (which is a little more difficult with config variables), it is eligible to be removed for good.
Change 687231 had a related patch set uploaded (by Jforrester; author: Jforrester):
[mediawiki/core@master] DatabaseBlock::isExemptedFromAutoblocks: Drop fallback message load
Change 687232 had a related patch set uploaded (by Jforrester; author: Jforrester):
[mediawiki/core@master] DatabaseBlock: Hard-deprecate calls to isWhitelistedFromAutoblocks()
Change 687231 merged by jenkins-bot:
[mediawiki/core@master] DatabaseBlock::isExemptedFromAutoblocks: Drop fallback message load
Change 687232 merged by jenkins-bot:
[mediawiki/core@master] DatabaseBlock: Hard-deprecate calls to isWhitelistedFromAutoblocks()
Change 680806 merged by jenkins-bot:
[mediawiki/core@master] Rename four config variables to avoid 'blacklist' term
Note: when renaming variables, we need to ensure we have some back compatbility in place in operations/mediawiki-config . Renaming of wgFileBlacklist has lead to some undefined setting warning: T290640
There are a few similar ones in our config:
tests/multiversion/StaticSettingsTest.php:wgGlobalRenameBlacklist wmf-config/CommonSettings-labs.php:wgEnableDnsBlacklist wmf-config/CommonSettings-labs.php:wgDnsBlacklistUrls wmf-config/CommonSettings.php:wgEnableUserEmailBlacklist wmf-config/CommonSettings.php:wgFileBlacklist wmf-config/CommonSettings.php:wgFileBlacklist wmf-config/CommonSettings.php:wgFileBlacklist wmf-config/CommonSettings.php:wgFileBlacklist wmf-config/CommonSettings.php:wgMimeTypeBlacklist wmf-config/CommonSettings.php:wgMimeTypeBlacklist wmf-config/CommonSettings.php:wgLogSpamBlacklistHits wmf-config/CommonSettings.php:wgTitleBlacklistBlockAutoAccountCreation wmf-config/CommonSettings.php:wgTitleBlacklistSources wmf-config/CommonSettings.php:wgRSSUrlWhitelist wmf-config/CommonSettings.php:wgCaptchaWhitelist wmf-config/CommonSettings.php:wgEchoPerUserBlacklist wmf-config/InitialiseSettings-labs.php:wgBetaFeaturesWhitelist wmf-config/InitialiseSettings-labs.php:wgLinterSubmitterWhitelist wmf-config/InitialiseSettings.php:wgEnableDnsBlacklist wmf-config/InitialiseSettings.php:wgTitleBlacklistUsernameSources wmf-config/InitialiseSettings.php:wgBetaFeaturesWhitelist wmf-config/InitialiseSettings.php:wgLinterSubmitterWhitelist wmf-config/InitialiseSettings.php:wgShortPagesNamespaceBlacklist wmf-config/InitialiseSettings.php:wgMachineVisionTemplateBlacklist wmf-config/InitialiseSettings.php:wgMachineVisionWikidataIdBlacklist wmf-config/InitialiseSettings.php:wgGlobalRenameBlacklist wmf-config/InitialiseSettings.php:wgGlobalRenameBlacklistRegex wmf-config/reverse-proxy.php:wgProxyWhitelist