{{i18n "admin.embedding.crawling_settings"}}
{{i18n "admin.embedding.crawling_description"}}
- {{embedding-setting field="embed_whitelist_selector" - value=embedding.embed_whitelist_selector + {{embedding-setting field="allowed_embed_selectors" + value=embedding.allowed_embed_selectors placeholder="article, #story, .post"}} - {{embedding-setting field="embed_blacklist_selector" - value=embedding.embed_blacklist_selector + {{embedding-setting field="blocked_embed_selectors" + value=embedding.blocked_embed_selectors placeholder=".ad-unit, header"}} - {{embedding-setting field="embed_classname_whitelist" - value=embedding.embed_classname_whitelist + {{embedding-setting field="allowed_embed_classnames" + value=embedding.allowed_embed_classnames placeholder="emoji, classname"}} diff --git a/app/assets/javascripts/discourse/app/lib/to-markdown.js b/app/assets/javascripts/discourse/app/lib/to-markdown.js index 25e49bfc85f..43f97659776 100644 --- a/app/assets/javascripts/discourse/app/lib/to-markdown.js +++ b/app/assets/javascripts/discourse/app/lib/to-markdown.js @@ -102,7 +102,7 @@ export class Tag { ]; } - static whitelists() { + static allowedTags() { return ["ins", "del", "small", "big", "kbd", "ruby", "rt", "rb", "rp"]; } @@ -192,7 +192,7 @@ export class Tag { }; } - static whitelist(name) { + static allowedTag(name) { return class extends Tag { constructor() { super(name, `<${name}>`, ``); @@ -526,7 +526,7 @@ function tags() { ...Tag.headings().map((h, i) => Tag.heading(h, i + 1)), ...Tag.slices().map(s => Tag.slice(s, "\n")), ...Tag.emphases().map(e => Tag.emphasis(e[0], e[1])), - ...Tag.whitelists().map(t => Tag.whitelist(t)), + ...Tag.allowedTags().map(t => Tag.allowedTag(t)), Tag.aside(), Tag.cell("td"), Tag.cell("th"), diff --git a/app/assets/javascripts/discourse/app/templates/preferences/categories.hbs b/app/assets/javascripts/discourse/app/templates/preferences/categories.hbs index cd907dc0ed9..7b36d0f3ffd 100644 --- a/app/assets/javascripts/discourse/app/templates/preferences/categories.hbs +++ b/app/assets/javascripts/discourse/app/templates/preferences/categories.hbs @@ -8,7 +8,7 @@ {{/if}} {{category-selector categories=model.watchedCategories - blacklist=selectedCategories + blocklist=selectedCategories onChange=(action (mut model.watchedCategories)) }} @@ -21,7 +21,7 @@ {{/if}} {{category-selector categories=model.trackedCategories - blacklist=selectedCategories + blocklist=selectedCategories onChange=(action (mut model.trackedCategories)) }} @@ -31,7 +31,7 @@ {{category-selector categories=model.watchedFirstPostCategories - blacklist=selectedCategories + blocklist=selectedCategories onChange=(action (mut model.watchedFirstPostCategories)) }} @@ -45,7 +45,7 @@ {{/if}} {{category-selector categories=model.mutedCategories - blacklist=selectedCategories + blocklist=selectedCategories onChange=(action (mut model.mutedCategories)) }} diff --git a/app/assets/javascripts/discourse/app/templates/preferences/tags.hbs b/app/assets/javascripts/discourse/app/templates/preferences/tags.hbs index 85973fb5fba..3eb66ff86ac 100644 --- a/app/assets/javascripts/discourse/app/templates/preferences/tags.hbs +++ b/app/assets/javascripts/discourse/app/templates/preferences/tags.hbs @@ -6,7 +6,7 @@ {{tag-chooser tags=model.watched_tags - blacklist=selectedTags + blocklist=selectedTags allowCreate=false everyTag=true unlimitedTagCount=true @@ -19,7 +19,7 @@ {{tag-chooser tags=model.tracked_tags - blacklist=selectedTags + blocklist=selectedTags allowCreate=false everyTag=true unlimitedTagCount=true}} @@ -31,7 +31,7 @@ {{tag-chooser tags=model.watching_first_post_tags - blacklist=selectedTags + blocklist=selectedTags allowCreate=false everyTag=true unlimitedTagCount=true}} @@ -45,7 +45,7 @@ {{tag-chooser tags=model.muted_tags - blacklist=selectedTags + blocklist=selectedTags allowCreate=false everyTag=true unlimitedTagCount=true}} diff --git a/app/assets/javascripts/discourse/app/widgets/header.js b/app/assets/javascripts/discourse/app/widgets/header.js index ca55984242d..ba945ccd647 100644 --- a/app/assets/javascripts/discourse/app/widgets/header.js +++ b/app/assets/javascripts/discourse/app/widgets/header.js @@ -514,12 +514,12 @@ export default createWidget("header", { const currentPath = this.register .lookup("service:router") .get("_router.currentPath"); - const blacklist = [/^discovery\.categories/]; - const whitelist = [/^topic\./]; + const blocklist = [/^discovery\.categories/]; + const allowlist = [/^topic\./]; const check = function(regex) { return !!currentPath.match(regex); }; - let showSearch = whitelist.any(check) && !blacklist.any(check); + let showSearch = allowlist.any(check) && !blocklist.any(check); // If we're viewing a topic, only intercept search if there are cloaked posts if (showSearch && currentPath.match(/^topic\./)) { diff --git a/app/assets/javascripts/pretty-text/addon/engines/discourse-markdown-it.js b/app/assets/javascripts/pretty-text/addon/engines/discourse-markdown-it.js index 1a5f50a6dea..38414140c70 100644 --- a/app/assets/javascripts/pretty-text/addon/engines/discourse-markdown-it.js +++ b/app/assets/javascripts/pretty-text/addon/engines/discourse-markdown-it.js @@ -389,7 +389,7 @@ export function setup(opts, siteSettings, state) { } export function cook(raw, opts) { - // we still have to hoist html_raw nodes so they bypass the whitelister + // we still have to hoist html_raw nodes so they bypass the allowlister // this is the case for oneboxes let hoisted = {}; diff --git a/app/assets/javascripts/pretty-text/addon/oneboxer.js b/app/assets/javascripts/pretty-text/addon/oneboxer.js index e0720c3cadb..45733106c10 100644 --- a/app/assets/javascripts/pretty-text/addon/oneboxer.js +++ b/app/assets/javascripts/pretty-text/addon/oneboxer.js @@ -30,7 +30,7 @@ function resolveSize(img) { // Detect square images and apply smaller onebox-avatar class function applySquareGenericOnebox($elem) { - if (!$elem.hasClass("whitelistedgeneric")) { + if (!$elem.hasClass("allowlistedgeneric")) { return; } diff --git a/app/assets/javascripts/pretty-text/addon/white-lister.js b/app/assets/javascripts/pretty-text/addon/white-lister.js index 0d2ded7a4d2..0efb90643c6 100644 --- a/app/assets/javascripts/pretty-text/addon/white-lister.js +++ b/app/assets/javascripts/pretty-text/addon/white-lister.js @@ -108,7 +108,7 @@ export default class WhiteLister { } } -// Only add to `default` when you always want your whitelist to occur. In other words, +// Only add to `default` when you always want your allowlist to occur. In other words, // don't change this for a plugin or a feature that can be disabled export const DEFAULT_LIST = [ "a.attachment", diff --git a/app/assets/javascripts/select-kit/addon/components/category-selector.js b/app/assets/javascripts/select-kit/addon/components/category-selector.js index 96ee7c0e782..3ba184a8579 100644 --- a/app/assets/javascripts/select-kit/addon/components/category-selector.js +++ b/app/assets/javascripts/select-kit/addon/components/category-selector.js @@ -8,7 +8,7 @@ export default MultiSelectComponent.extend({ pluginApiIdentifiers: ["category-selector"], classNames: ["category-selector"], categories: null, - blacklist: null, + blockedCategories: null, selectKitOptions: { filterable: true, @@ -22,14 +22,15 @@ export default MultiSelectComponent.extend({ this._super(...arguments); if (!this.categories) this.set("categories", []); - if (!this.blacklist) this.set("blacklist", []); + if (!this.blockedCategories) this.set("blockedCategories", []); }, - content: computed("categories.[]", "blacklist.[]", function() { - const blacklist = makeArray(this.blacklist); + content: computed("categories.[]", "blockedCategories.[]", function() { + const blockedCategories = makeArray(this.blockedCategories); return Category.list().filter(category => { return ( - this.categories.includes(category) || !blacklist.includes(category) + this.categories.includes(category) || + !blockedCategories.includes(category) ); }); }), diff --git a/app/assets/javascripts/select-kit/addon/components/tag-chooser.js b/app/assets/javascripts/select-kit/addon/components/tag-chooser.js index 5cf4a833032..d5f28038c4c 100644 --- a/app/assets/javascripts/select-kit/addon/components/tag-chooser.js +++ b/app/assets/javascripts/select-kit/addon/components/tag-chooser.js @@ -19,7 +19,7 @@ export default MultiSelectComponent.extend(TagsMixin, { return "tag-chooser-row"; }, - blacklist: null, + blockedTags: null, attributeBindings: ["categoryId"], excludeSynonyms: false, excludeHasSynonyms: false, @@ -49,7 +49,7 @@ export default MultiSelectComponent.extend(TagsMixin, { this._super(...arguments); this.setProperties({ - blacklist: this.blacklist || [], + blockedTags: this.blockedTags || [], termMatchesForbidden: false, termMatchErrorMessage: null }); @@ -84,9 +84,9 @@ export default MultiSelectComponent.extend(TagsMixin, { categoryId: this.categoryId }; - if (selectedTags.length || this.blacklist.length) { + if (selectedTags.length || this.blockedTags.length) { data.selected_tags = selectedTags - .concat(this.blacklist) + .concat(this.blockedTags) .uniq() .slice(0, 100); } @@ -106,9 +106,9 @@ export default MultiSelectComponent.extend(TagsMixin, { termMatchErrorMessage: json.forbidden_message }); - if (context.blacklist) { + if (context.blockedTags) { results = results.filter(result => { - return !context.blacklist.includes(result.id); + return !context.blockedTags.includes(result.id); }); } diff --git a/app/assets/stylesheets/common/base/onebox.scss b/app/assets/stylesheets/common/base/onebox.scss index 124da3ec4b6..de7b3845f5f 100644 --- a/app/assets/stylesheets/common/base/onebox.scss +++ b/app/assets/stylesheets/common/base/onebox.scss @@ -625,7 +625,8 @@ aside.onebox.stackexchange .onebox-body { } } -// whitelistedgeneric twitter labels +// allowlistedgeneric twitter labels +.onebox.allowlistedgeneric, .onebox.whitelistedgeneric { .label1, .label2 { @@ -640,6 +641,7 @@ aside.onebox.stackexchange .onebox-body { } .onebox { + &.allowlistedgeneric, &.whitelistedgeneric, &.gfycat { .site-icon { diff --git a/app/controllers/admin/embeddable_hosts_controller.rb b/app/controllers/admin/embeddable_hosts_controller.rb index 5a59882f9b7..765408039ce 100644 --- a/app/controllers/admin/embeddable_hosts_controller.rb +++ b/app/controllers/admin/embeddable_hosts_controller.rb @@ -22,7 +22,7 @@ class Admin::EmbeddableHostsController < Admin::AdminController def save_host(host, action) host.host = params[:embeddable_host][:host] - host.path_whitelist = params[:embeddable_host][:path_whitelist] + host.allowed_paths = params[:embeddable_host][:allowed_paths] host.class_name = params[:embeddable_host][:class_name] host.category_id = params[:embeddable_host][:category_id] host.category_id = SiteSetting.uncategorized_category_id if host.category_id.blank? diff --git a/app/controllers/admin/themes_controller.rb b/app/controllers/admin/themes_controller.rb index a08bc95495b..a78a38f618b 100644 --- a/app/controllers/admin/themes_controller.rb +++ b/app/controllers/admin/themes_controller.rb @@ -15,7 +15,7 @@ class Admin::ThemesController < Admin::AdminController def upload_asset - ban_in_whitelist_mode! + ban_in_allowlist_mode! path = params[:file].path @@ -53,7 +53,7 @@ class Admin::ThemesController < Admin::AdminController @theme = nil if params[:theme] && params[:theme].content_type == "application/json" - ban_in_whitelist_mode! + ban_in_allowlist_mode! # .dcstyle.json import. Deprecated, but still available to allow conversion json = JSON::parse(params[:theme].read) @@ -104,7 +104,7 @@ class Admin::ThemesController < Admin::AdminController end elsif params[:bundle] || (params[:theme] && THEME_CONTENT_TYPES.include?(params[:theme].content_type)) - ban_in_whitelist_mode! + ban_in_allowlist_mode! # params[:bundle] used by theme CLI. params[:theme] used by admin UI bundle = params[:bundle] || params[:theme] @@ -152,7 +152,7 @@ class Admin::ThemesController < Admin::AdminController def create - ban_in_whitelist_mode! + ban_in_allowlist_mode! @theme = Theme.new(name: theme_params[:name], user_id: theme_user.id, @@ -297,8 +297,8 @@ class Admin::ThemesController < Admin::AdminController private - def ban_in_whitelist_mode! - raise Discourse::InvalidAccess if !GlobalSetting.whitelisted_theme_ids.nil? + def ban_in_allowlist_mode! + raise Discourse::InvalidAccess if !GlobalSetting.allowed_theme_ids.nil? end def add_relative_themes!(kind, ids) @@ -358,7 +358,7 @@ class Admin::ThemesController < Admin::AdminController def set_fields return unless fields = theme_params[:theme_fields] - ban_in_whitelist_mode! + ban_in_allowlist_mode! fields.each do |field| @theme.set_field( diff --git a/app/controllers/posts_controller.rb b/app/controllers/posts_controller.rb index ade423ce7c4..74af0eafeab 100644 --- a/app/controllers/posts_controller.rb +++ b/app/controllers/posts_controller.rb @@ -276,7 +276,7 @@ class PostsController < ApplicationController reply_history = post.reply_history(params[:max_replies].to_i, guardian) user_custom_fields = {} - if (added_fields = User.whitelisted_user_custom_fields(guardian)).present? + if (added_fields = User.allowed_user_custom_fields(guardian)).present? user_custom_fields = User.custom_fields_for_ids(reply_history.pluck(:user_id), added_fields) end @@ -365,7 +365,7 @@ class PostsController < ApplicationController replies = post.replies.secured(guardian) user_custom_fields = {} - if (added_fields = User.whitelisted_user_custom_fields(guardian)).present? + if (added_fields = User.allowed_user_custom_fields(guardian)).present? user_custom_fields = User.custom_fields_for_ids(replies.pluck(:user_id), added_fields) end @@ -704,10 +704,10 @@ class PostsController < ApplicationController end - result = params.permit(*permitted).tap do |whitelisted| - whitelisted[:image_sizes] = params[:image_sizes] + result = params.permit(*permitted).tap do |allowed| + allowed[:image_sizes] = params[:image_sizes] # TODO this does not feel right, we should name what meta_data is allowed - whitelisted[:meta_data] = params[:meta_data] + allowed[:meta_data] = params[:meta_data] end # Staff are allowed to pass `is_warning` diff --git a/app/controllers/robots_txt_controller.rb b/app/controllers/robots_txt_controller.rb index 3af15d9174a..9fce3a7f674 100644 --- a/app/controllers/robots_txt_controller.rb +++ b/app/controllers/robots_txt_controller.rb @@ -55,15 +55,15 @@ class RobotsTxtController < ApplicationController agents: [] } - if SiteSetting.whitelisted_crawler_user_agents.present? - SiteSetting.whitelisted_crawler_user_agents.split('|').each do |agent| + if SiteSetting.allowed_crawler_user_agents.present? + SiteSetting.allowed_crawler_user_agents.split('|').each do |agent| result[:agents] << { name: agent, disallow: deny_paths } end result[:agents] << { name: '*', disallow: deny_all } - elsif SiteSetting.blacklisted_crawler_user_agents.present? + elsif SiteSetting.blocked_crawler_user_agents.present? result[:agents] << { name: '*', disallow: deny_paths } - SiteSetting.blacklisted_crawler_user_agents.split('|').each do |agent| + SiteSetting.blocked_crawler_user_agents.split('|').each do |agent| result[:agents] << { name: agent, disallow: deny_all } end else diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index fccb772d984..a3b779ed6fa 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -117,7 +117,7 @@ class UsersController < ApplicationController users = users.filter { |u| guardian.can_see_profile?(u) } - preload_fields = User.whitelisted_user_custom_fields(guardian) + UserField.all.pluck(:id).map { |fid| "#{User::USER_FIELD_PREFIX}#{fid}" } + preload_fields = User.allowed_user_custom_fields(guardian) + UserField.all.pluck(:id).map { |fid| "#{User::USER_FIELD_PREFIX}#{fid}" } User.preload_custom_fields(users, preload_fields) User.preload_recent_time_read(users) diff --git a/app/jobs/regular/pull_hotlinked_images.rb b/app/jobs/regular/pull_hotlinked_images.rb index d147a5afac9..5e3266d21e0 100644 --- a/app/jobs/regular/pull_hotlinked_images.rb +++ b/app/jobs/regular/pull_hotlinked_images.rb @@ -205,7 +205,7 @@ module Jobs hostname = uri.hostname return false unless hostname - # check the domains blacklist + # check the domains blocklist SiteSetting.should_download_images?(src) end diff --git a/app/models/concerns/has_custom_fields.rb b/app/models/concerns/has_custom_fields.rb index 64cafe6f7a5..0bb3fc55122 100644 --- a/app/models/concerns/has_custom_fields.rb +++ b/app/models/concerns/has_custom_fields.rb @@ -72,15 +72,15 @@ module HasCustomFields # To avoid n+1 queries, use this function to retrieve lots of custom fields in one go # and create a "sideloaded" version for easy querying by id. - def self.custom_fields_for_ids(ids, whitelisted_fields) + def self.custom_fields_for_ids(ids, allowed_fields) klass = "#{name}CustomField".constantize foreign_key = "#{name.underscore}_id".to_sym result = {} - return result if whitelisted_fields.blank? + return result if allowed_fields.blank? - klass.where(foreign_key => ids, :name => whitelisted_fields) + klass.where(foreign_key => ids, :name => allowed_fields) .pluck(foreign_key, :name, :value).each do |cf| result[cf[0]] ||= {} append_custom_field(result[cf[0]], cf[1], cf[2]) diff --git a/app/models/embeddable_host.rb b/app/models/embeddable_host.rb index 7984c0a18f9..8b393b4a254 100644 --- a/app/models/embeddable_host.rb +++ b/app/models/embeddable_host.rb @@ -10,6 +10,9 @@ class EmbeddableHost < ActiveRecord::Base self.host.sub!(/\/.*$/, '') end + # TODO(2021-07-23): Remove + self.ignored_columns = ["path_whitelist"] + def self.record_for_url(uri) if uri.is_a?(String) @@ -31,9 +34,9 @@ class EmbeddableHost < ActiveRecord::Base path << "?" << uri.query if uri.query.present? where("lower(host) = ?", host).each do |eh| - return eh if eh.path_whitelist.blank? + return eh if eh.allowed_paths.blank? - path_regexp = Regexp.new(eh.path_whitelist) + path_regexp = Regexp.new(eh.allowed_paths) return eh if path_regexp.match(path) || path_regexp.match(UrlHelper.unencode(path)) end @@ -78,6 +81,6 @@ end # category_id :integer not null # created_at :datetime not null # updated_at :datetime not null -# path_whitelist :string +# allowed_paths :string # class_name :string # diff --git a/app/models/embedding.rb b/app/models/embedding.rb index 055cb2b32cb..909ba1c2727 100644 --- a/app/models/embedding.rb +++ b/app/models/embedding.rb @@ -11,9 +11,9 @@ class Embedding < OpenStruct embed_title_scrubber embed_truncate embed_unlisted - embed_whitelist_selector - embed_blacklist_selector - embed_classname_whitelist) + allowed_embed_selectors + blocked_embed_selectors + allowed_embed_classnames) end def base_url diff --git a/app/models/global_setting.rb b/app/models/global_setting.rb index 4a6149fda51..d6b076e319e 100644 --- a/app/models/global_setting.rb +++ b/app/models/global_setting.rb @@ -204,15 +204,15 @@ class GlobalSetting end # test only - def self.reset_whitelisted_theme_ids! - @whitelisted_theme_ids = nil + def self.reset_allowed_theme_ids! + @allowed_theme_ids = nil end - def self.whitelisted_theme_ids - return nil if whitelisted_theme_repos.blank? + def self.allowed_theme_ids + return nil if allowed_theme_repos.blank? - @whitelisted_theme_ids ||= begin - urls = whitelisted_theme_repos.split(",").map(&:strip) + @allowed_theme_ids ||= begin + urls = allowed_theme_repos.split(",").map(&:strip) Theme .joins(:remote_theme) .where('remote_themes.remote_url in (?)', urls) diff --git a/app/models/post.rb b/app/models/post.rb index 766703268b0..c33649199e3 100644 --- a/app/models/post.rb +++ b/app/models/post.rb @@ -254,8 +254,8 @@ class Post < ActiveRecord::Base Digest::SHA1.hexdigest(raw) end - def self.white_listed_image_classes - @white_listed_image_classes ||= ['avatar', 'favicon', 'thumbnail', 'emoji', 'ytp-thumbnail-image'] + def self.allowed_image_classes + @allowed_image_classes ||= ['avatar', 'favicon', 'thumbnail', 'emoji', 'ytp-thumbnail-image'] end def post_analyzer @@ -335,9 +335,9 @@ class Post < ActiveRecord::Base self.last_editor_id ? (User.find_by_id(self.last_editor_id) || user) : user end - def whitelisted_spam_hosts + def allowed_spam_hosts hosts = SiteSetting - .white_listed_spam_host_domains + .allowed_spam_host_domains .split('|') .map { |h| h.strip } .reject { |h| !h.include?('.') } @@ -349,10 +349,10 @@ class Post < ActiveRecord::Base def total_hosts_usage hosts = linked_hosts.clone - whitelisted = whitelisted_spam_hosts + allowlisted = allowed_spam_hosts hosts.reject! do |h| - whitelisted.any? do |w| + allowlisted.any? do |w| h.end_with?(w) end end diff --git a/app/models/post_analyzer.rb b/app/models/post_analyzer.rb index c06d9d5f532..941c7f54491 100644 --- a/app/models/post_analyzer.rb +++ b/app/models/post_analyzer.rb @@ -52,7 +52,7 @@ class PostAnalyzer cooked_stripped.css("img").reject do |t| if dom_class = t["class"] - (Post.white_listed_image_classes & dom_class.split).count > 0 + (Post.allowed_image_classes & dom_class.split).count > 0 end end.count end diff --git a/app/models/screened_ip_address.rb b/app/models/screened_ip_address.rb index 10ce1ce4f19..cc81c462f00 100644 --- a/app/models/screened_ip_address.rb +++ b/app/models/screened_ip_address.rb @@ -75,7 +75,7 @@ class ScreenedIpAddress < ActiveRecord::Base exists_for_ip_address_and_action?(ip_address, actions[:block]) end - def self.is_whitelisted?(ip_address) + def self.is_allowed?(ip_address) exists_for_ip_address_and_action?(ip_address, actions[:do_nothing]) end @@ -87,7 +87,7 @@ class ScreenedIpAddress < ActiveRecord::Base end def self.block_admin_login?(user, ip_address) - return false unless SiteSetting.use_admin_ip_whitelist + return false unless SiteSetting.use_admin_ip_allowlist return false if user.nil? return false if !user.admin? return false if ScreenedIpAddress.where(action_type: actions[:allow_admin]).count == 0 diff --git a/app/models/site_setting.rb b/app/models/site_setting.rb index bc966333598..a4f6f809778 100644 --- a/app/models/site_setting.rb +++ b/app/models/site_setting.rb @@ -100,29 +100,29 @@ class SiteSetting < ActiveRecord::Base WATCHED_SETTINGS ||= [ :default_locale, - :attachment_content_type_blacklist, - :attachment_filename_blacklist, - :unicode_username_character_whitelist, + :blocked_attachment_content_types, + :blocked_attachment_filenames, + :allowed_unicode_username_characters, :markdown_typographer_quotation_marks ] def self.reset_cached_settings! - @attachment_content_type_blacklist_regex = nil - @attachment_filename_blacklist_regex = nil - @unicode_username_whitelist_regex = nil + @blocked_attachment_content_types_regex = nil + @blocked_attachment_filenames_regex = nil + @allowed_unicode_username_regex = nil end - def self.attachment_content_type_blacklist_regex - @attachment_content_type_blacklist_regex ||= Regexp.union(SiteSetting.attachment_content_type_blacklist.split("|")) + def self.blocked_attachment_content_types_regex + @blocked_attachment_content_types_regex ||= Regexp.union(SiteSetting.blocked_attachment_content_types.split("|")) end - def self.attachment_filename_blacklist_regex - @attachment_filename_blacklist_regex ||= Regexp.union(SiteSetting.attachment_filename_blacklist.split("|")) + def self.blocked_attachment_filenames_regex + @blocked_attachment_filenames_regex ||= Regexp.union(SiteSetting.blocked_attachment_filenames.split("|")) end - def self.unicode_username_character_whitelist_regex - @unicode_username_whitelist_regex ||= SiteSetting.unicode_username_character_whitelist.present? \ - ? Regexp.new(SiteSetting.unicode_username_character_whitelist) : nil + def self.allowed_unicode_username_characters_regex + @allowed_unicode_username_regex ||= SiteSetting.allowed_unicode_username_characters.present? \ + ? Regexp.new(SiteSetting.allowed_unicode_username_characters) : nil end # helpers for getting s3 settings that fallback to global @@ -213,6 +213,38 @@ class SiteSetting < ActiveRecord::Base c.present? && c.to_i != SiteSetting.uncategorized_category_id.to_i end + ALLOWLIST_DEPRECATED_SITE_SETTINGS = { + 'email_domains_blacklist': 'blocked_email_domains', + 'email_domains_whitelist': 'allowed_email_domains', + 'unicode_username_character_whitelist': 'allowed_unicode_username_characters', + 'user_website_domains_whitelist': 'allowed_user_website_domains', + 'whitelisted_link_domains': 'allowed_link_domains', + 'embed_whitelist_selector': 'allowed_embed_selectors', + 'auto_generated_whitelist': 'auto_generated_allowlist', + 'attachment_content_type_blacklist': 'blocked_attachment_content_types', + 'attachment_filename_blacklist': 'blocked_attachment_filenames', + 'use_admin_ip_whitelist': 'use_admin_ip_allowlist', + 'blacklist_ip_blocks': 'blocked_ip_blocks', + 'whitelist_internal_hosts': 'allowed_internal_hosts', + 'whitelisted_crawler_user_agents': 'allowed_crawler_user_agents', + 'blacklisted_crawler_user_agents': 'blocked_crawler_user_agents', + 'onebox_domains_blacklist': 'blocked_onebox_domains', + 'inline_onebox_domains_whitelist': 'allowed_inline_onebox_domains', + 'white_listed_spam_host_domains': 'allowed_spam_host_domains', + 'embed_blacklist_selector': 'blocked_embed_selectors', + 'embed_classname_whitelist': 'allowed_embed_classnames', + } + + ALLOWLIST_DEPRECATED_SITE_SETTINGS.each_pair do |old_method, new_method| + self.class.define_method(old_method) do + Discourse.deprecate("#{old_method.to_s} is deprecated, use the #{new_method.to_s}.", drop_from: "2.6") + send(new_method) + end + self.class.define_method("#{old_method}=") do |args| + Discourse.deprecate("#{old_method.to_s} is deprecated, use the #{new_method.to_s}.", drop_from: "2.6") + send("#{new_method}=", args) + end + end end # == Schema Information diff --git a/app/models/topic_embed.rb b/app/models/topic_embed.rb index 7529e98353e..26e0a051a8d 100644 --- a/app/models/topic_embed.rb +++ b/app/models/topic_embed.rb @@ -124,9 +124,9 @@ class TopicEmbed < ActiveRecord::Base remove_empty_nodes: false } - opts[:whitelist] = SiteSetting.embed_whitelist_selector if SiteSetting.embed_whitelist_selector.present? - opts[:blacklist] = SiteSetting.embed_blacklist_selector if SiteSetting.embed_blacklist_selector.present? - embed_classname_whitelist = SiteSetting.embed_classname_whitelist if SiteSetting.embed_classname_whitelist.present? + opts[:allowlist] = SiteSetting.allowed_embed_selectors if SiteSetting.allowed_embed_selectors.present? + opts[:blocklist] = SiteSetting.blocked_embed_selectors if SiteSetting.blocked_embed_selectors.present? + allowed_embed_classnames = SiteSetting.allowed_embed_classnames if SiteSetting.allowed_embed_classnames.present? response = FetchResponse.new begin @@ -169,8 +169,8 @@ class TopicEmbed < ActiveRecord::Base # If there is a mistyped URL, just do nothing end end - # only allow classes in the whitelist - allowed_classes = if embed_classname_whitelist.blank? then [] else embed_classname_whitelist.split(/[ ,]+/i) end + # only allow classes in the allowlist + allowed_classes = if allowed_embed_classnames.blank? then [] else allowed_embed_classnames.split(/[ ,]+/i) end doc.search('[class]:not([class=""])').each do |classnode| classes = classnode[:class].split(' ').select { |classname| allowed_classes.include?(classname) } if classes.length === 0 diff --git a/app/models/topic_link_click.rb b/app/models/topic_link_click.rb index a4b59b9dd48..91d22a1ee05 100644 --- a/app/models/topic_link_click.rb +++ b/app/models/topic_link_click.rb @@ -92,7 +92,7 @@ class TopicLinkClick < ActiveRecord::Base return nil unless uri - # Only redirect to whitelisted hostnames + # Only redirect to allowlisted hostnames return url if WHITELISTED_REDIRECT_HOSTNAMES.include?(uri.hostname) || is_cdn_link return nil diff --git a/app/models/translation_override.rb b/app/models/translation_override.rb index e883a0f1bdf..a09797f33cf 100644 --- a/app/models/translation_override.rb +++ b/app/models/translation_override.rb @@ -3,7 +3,7 @@ require "i18n/i18n_interpolation_keys_finder" class TranslationOverride < ActiveRecord::Base - # Whitelist i18n interpolation keys that can be included when customizing translations + # Allowlist i18n interpolation keys that can be included when customizing translations CUSTOM_INTERPOLATION_KEYS_WHITELIST = { "user_notifications.user_" => %w{ topic_title_url_encoded diff --git a/app/models/user.rb b/app/models/user.rb index acbcdb0c18c..370ad172ba4 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -294,7 +294,7 @@ class User < ActiveRecord::Base DiscoursePluginRegistry.register_public_user_custom_field(custom_field_name, plugin) end - def self.whitelisted_user_custom_fields(guardian) + def self.allowed_user_custom_fields(guardian) fields = [] fields.push *DiscoursePluginRegistry.public_user_custom_fields diff --git a/app/models/user_profile.rb b/app/models/user_profile.rb index bb276d30ca9..937ff061ba3 100644 --- a/app/models/user_profile.rb +++ b/app/models/user_profile.rb @@ -131,7 +131,7 @@ class UserProfile < ActiveRecord::Base end def website_domain_validator - allowed_domains = SiteSetting.user_website_domains_whitelist + allowed_domains = SiteSetting.allowed_user_website_domains return if (allowed_domains.blank? || self.website.blank?) domain = begin diff --git a/app/models/username_validator.rb b/app/models/username_validator.rb index 8a588ad56c4..1bb51491e67 100644 --- a/app/models/username_validator.rb +++ b/app/models/username_validator.rb @@ -32,7 +32,7 @@ class UsernameValidator username_length_min? username_length_max? username_char_valid? - username_char_whitelisted? + username_char_allowed? username_first_char_valid? username_last_char_valid? username_no_double_special? @@ -85,10 +85,10 @@ class UsernameValidator end end - def username_char_whitelisted? - return unless errors.empty? && self.class.char_whitelist_exists? + def username_char_allowed? + return unless errors.empty? && self.class.char_allowlist_exists? - if username.chars.any? { |c| !self.class.whitelisted_char?(c) } + if username.chars.any? { |c| !self.class.allowed_char?(c) } self.errors << I18n.t(:'user.username.characters') end end @@ -133,11 +133,11 @@ class UsernameValidator SiteSetting.unicode_usernames ? UNICODE_INVALID_CHAR_PATTERN : ASCII_INVALID_CHAR_PATTERN end - def self.char_whitelist_exists? - SiteSetting.unicode_usernames && SiteSetting.unicode_username_character_whitelist_regex.present? + def self.char_allowlist_exists? + SiteSetting.unicode_usernames && SiteSetting.allowed_unicode_username_characters.present? end - def self.whitelisted_char?(c) - c.match?(/[\w.-]/) || c.match?(SiteSetting.unicode_username_character_whitelist_regex) + def self.allowed_char?(c) + c.match?(/[\w.-]/) || c.match?(SiteSetting.allowed_unicode_username_characters) end end diff --git a/app/serializers/embeddable_host_serializer.rb b/app/serializers/embeddable_host_serializer.rb index c06b7151425..28bf3e905bc 100644 --- a/app/serializers/embeddable_host_serializer.rb +++ b/app/serializers/embeddable_host_serializer.rb @@ -2,7 +2,7 @@ class EmbeddableHostSerializer < ApplicationSerializer - TO_SERIALIZE = [:id, :host, :path_whitelist, :class_name, :category_id] + TO_SERIALIZE = [:id, :host, :allowed_paths, :class_name, :category_id] attributes *TO_SERIALIZE diff --git a/app/serializers/flagged_user_serializer.rb b/app/serializers/flagged_user_serializer.rb index 51fc0b83283..92a383559aa 100644 --- a/app/serializers/flagged_user_serializer.rb +++ b/app/serializers/flagged_user_serializer.rb @@ -36,7 +36,7 @@ class FlaggedUserSerializer < BasicUserSerializer end def custom_fields - fields = User.whitelisted_user_custom_fields(scope) + fields = User.allowed_user_custom_fields(scope) result = {} fields.each do |k| diff --git a/app/serializers/user_card_serializer.rb b/app/serializers/user_card_serializer.rb index ebc8ee2db68..6136d5c737d 100644 --- a/app/serializers/user_card_serializer.rb +++ b/app/serializers/user_card_serializer.rb @@ -216,6 +216,6 @@ class UserCardSerializer < BasicUserSerializer def custom_field_keys # Can be extended by other serializers - User.whitelisted_user_custom_fields(scope) + User.allowed_user_custom_fields(scope) end end diff --git a/app/serializers/user_with_custom_fields_serializer.rb b/app/serializers/user_with_custom_fields_serializer.rb index 6492d2f695d..10cb152990b 100644 --- a/app/serializers/user_with_custom_fields_serializer.rb +++ b/app/serializers/user_with_custom_fields_serializer.rb @@ -22,6 +22,6 @@ class UserWithCustomFieldsSerializer < BasicUserSerializer def custom_field_keys # Can be extended by other serializers - User.whitelisted_user_custom_fields(scope) + User.allowed_user_custom_fields(scope) end end diff --git a/app/services/spam_rule/flag_sockpuppets.rb b/app/services/spam_rule/flag_sockpuppets.rb index 1bc930b48c8..00f74e881be 100644 --- a/app/services/spam_rule/flag_sockpuppets.rb +++ b/app/services/spam_rule/flag_sockpuppets.rb @@ -28,7 +28,7 @@ class SpamRule::FlagSockpuppets @post.user != first_post.user && @post.user.ip_address == first_post.user.ip_address && @post.user.new_user? && - !ScreenedIpAddress.is_whitelisted?(@post.user.ip_address) + !ScreenedIpAddress.is_allowed?(@post.user.ip_address) end def flag_sockpuppet_users diff --git a/app/services/user_destroyer.rb b/app/services/user_destroyer.rb index e0f7543ac66..51ece7789ba 100644 --- a/app/services/user_destroyer.rb +++ b/app/services/user_destroyer.rb @@ -44,7 +44,7 @@ class UserDestroyer if opts[:block_urls] post.topic_links.each do |link| next if link.internal - next if Oneboxer.engine(link.url) != Onebox::Engine::WhitelistedGenericOnebox + next if Oneboxer.engine(link.url) != Onebox::Engine::AllowlistedGenericOnebox ScreenedUrl.watch(link.url, link.domain, ip_address: user.ip_address)&.record_match! end end diff --git a/app/views/embed/embed_error.html.erb b/app/views/embed/embed_error.html.erb index 37403f69b1c..48c28e12257 100644 --- a/app/views/embed/embed_error.html.erb +++ b/app/views/embed/embed_error.html.erb @@ -12,7 +12,7 @@-
<%- @hosts.each do |eh| %>
- - <%= eh.host %><%- if eh.path_whitelist.present? %><%= eh.path_whitelist %><% end %> + <%= eh.host %><%- if eh.allowed_paths.present? %><%= eh.allowed_paths %><% end %> <%- end %>
Note: Third-party scripts loaded by GTM may need to be whitelisted in 'content security policy script src'." + gtm_container_id: "Google Tag Manager container id. eg: GTM-ABCDEF.
Note: Third-party scripts loaded by GTM may need to be allowlisted in 'content security policy script src'." enable_escaped_fragments: "Fall back to Google's Ajax-Crawling API if no webcrawler is detected. See https://developers.google.com/webmasters/ajax-crawling/docs/learn-more" moderators_create_categories: "Allow moderators to create new categories" cors_origins: "Allowed origins for cross-origin requests (CORS). Each origin must include http:// or https://. The DISCOURSE_ENABLE_CORS env variable must be set to true to enable CORS." - use_admin_ip_whitelist: "Admins can only log in if they are at an IP address defined in the Screened IPs list (Admin > Logs > Screened Ips)." - blacklist_ip_blocks: "A list of private IP blocks that should never be crawled by Discourse" - whitelist_internal_hosts: "A list of internal hosts that discourse can safely crawl for oneboxing and other purposes" + use_admin_ip_allowlist: "Admins can only log in if they are at an IP address defined in the Screened IPs list (Admin > Logs > Screened Ips)." + blocked_ip_blocks: "A list of private IP blocks that should never be crawled by Discourse" + allowed_internal_hosts: "A list of internal hosts that discourse can safely crawl for oneboxing and other purposes" allowed_iframes: "A list of iframe src domain prefixes that discourse can safely allow in posts" - whitelisted_crawler_user_agents: "User agents of web crawlers that should be allowed to access the site. WARNING! SETTING THIS WILL DISALLOW ALL CRAWLERS NOT LISTED HERE!" - blacklisted_crawler_user_agents: "Unique case insensitive word in the user agent string identifying web crawlers that should not be allowed to access the site. Does not apply if whitelist is defined." + allowed_crawler_user_agents: "User agents of web crawlers that should be allowed to access the site. WARNING! SETTING THIS WILL DISALLOW ALL CRAWLERS NOT LISTED HERE!" + blocked_crawler_user_agents: "Unique case insensitive word in the user agent string identifying web crawlers that should not be allowed to access the site. Does not apply if allowlist is defined." slow_down_crawler_user_agents: "User agents of web crawlers that should be rate limited in robots.txt using the Crawl-delay directive" slow_down_crawler_rate: "If slow_down_crawler_user_agents is specified this rate will apply to all the crawlers (number of seconds delay between requests)" content_security_policy: "Enable Content-Security-Policy" content_security_policy_report_only: "Enable Content-Security-Policy-Report-Only" content_security_policy_collect_reports: "Enable CSP violation report collection at /csp_reports" - content_security_policy_script_src: "Additional whitelisted script sources. The current host and CDN are included by default. See Mitigate XSS Attacks with Content Security Policy." + content_security_policy_script_src: "Additional allowlisted script sources. The current host and CDN are included by default. See Mitigate XSS Attacks with Content Security Policy." invalidate_inactive_admin_email_after_days: "Admin accounts that have not visited the site in this number of days will need to re-validate their email address before logging in. Set to 0 to disable." top_menu: "Determine which items appear in the homepage navigation, and in what order. Example latest|new|unread|categories|top|read|posted|bookmarks" post_menu: "Determine which items appear on the post menu, and in what order. Example like|edit|flag|delete|share|bookmark|reply" @@ -1601,8 +1601,8 @@ en: enable_whispers: "Allow staff private communication within topics." allow_index_in_robots_txt: "Specify in robots.txt that this site is allowed to be indexed by web search engines. In exceptional cases you can permanently override robots.txt." - email_domains_blacklist: "A pipe-delimited list of email domains that users are not allowed to register accounts with. Example: mailinator.com|trashmail.net" - email_domains_whitelist: "A pipe-delimited list of email domains that users MUST register accounts with. WARNING: Users with email domains other than those listed will not be allowed!" + blocked_email_domains: "A pipe-delimited list of email domains that users are not allowed to register accounts with. Example: mailinator.com|trashmail.net" + allowed_email_domains: "A pipe-delimited list of email domains that users MUST register accounts with. WARNING: Users with email domains other than those listed will not be allowed!" auto_approve_email_domains: "Users with email addresses from this list of domains will be automatically approved." hide_email_address_taken: "Don't inform users that an account exists with a given email address during signup and from the forgot password form." log_out_strict: "When logging out, log out ALL sessions for the user on all devices" @@ -1618,7 +1618,7 @@ en: min_username_length: "Minimum username length in characters. WARNING: if any existing users or groups have names shorter than this, your site will break!" max_username_length: "Maximum username length in characters. WARNING: if any existing users or groups have names longer than this, your site will break!" unicode_usernames: "Allow usernames and group names to contain Unicode letters and numbers." - unicode_username_character_whitelist: "Regular expression to allow only some Unicode characters within usernames. ASCII letters and numbers will always be allowed and don't need to be included in the whitelist." + allowed_unicode_username_characters: "Regular expression to allow only some Unicode characters within usernames. ASCII letters and numbers will always be allowed and don't need to be included in the allowlist." reserved_usernames: "Usernames for which signup is not allowed. Wildcard symbol * can be used to match any character zero or more times." @@ -1819,7 +1819,7 @@ en: min_trust_to_post_links: "The minimum trust level required to include links in posts" min_trust_to_post_images: "The minimum trust level required to include images in a post" - whitelisted_link_domains: "Domains that users may link to even if they don't have the appropriate trust level to post links" + allowed_link_domains: "Domains that users may link to even if they don't have the appropriate trust level to post links" newuser_max_links: "How many links a new user can add to a post." newuser_max_images: "How many images a new user can add to a post." @@ -1887,7 +1887,7 @@ en: newuser_spam_host_threshold: "How many times a new user can post a link to the same host within their `newuser_spam_host_threshold` posts before being considered spam." - white_listed_spam_host_domains: "A list of domains excluded from spam host testing. New users will never be restricted from creating posts with links to these domains." + allowed_spam_host_domains: "A list of domains excluded from spam host testing. New users will never be restricted from creating posts with links to these domains." staff_like_weight: "How much extra weighting factor to give staff likes." topic_view_duration_hours: "Count a new topic view once per IP/User every N hours" user_profile_view_duration_hours: "Count a new user profile view once per IP/User every N hours" @@ -1933,7 +1933,7 @@ en: max_emails_per_day_per_user: "Maximum number of emails to send users per day. 0 to disable the limit" enable_staged_users: "Automatically create staged users when processing incoming emails." maximum_staged_users_per_email: "Maximum number of staged users created when processing an incoming email." - auto_generated_whitelist: "List of email addresses that won't be checked for auto-generated content. Example: foo@bar.com|discourse@bar.com" + auto_generated_allowlist: "List of email addresses that won't be checked for auto-generated content. Example: foo@bar.com|discourse@bar.com" block_auto_generated_emails: "Block incoming emails identified as being auto generated." ignore_by_title: "Ignore incoming emails based on their title." mailgun_api_key: "Mailgun Secret API key used to verify webhook messages." @@ -1943,8 +1943,8 @@ en: bounce_score_threshold: "Max bounce score before we will stop emailing a user." reset_bounce_score_after_days: "Automatically reset bounce score after X days." - attachment_content_type_blacklist: "List of keywords used to blacklist attachments based on the content type." - attachment_filename_blacklist: "List of keywords used to blacklist attachments based on the filename." + blocked_attachment_content_types: "List of keywords used to blocklist attachments based on the content type." + blocked_attachment_filenames: "List of keywords used to blocklist attachments based on the filename." forwarded_emails_behaviour: "How to treat a forwarded email to Discourse" always_show_trimmed_content: "Always show trimmed part of incoming emails. WARNING: might reveal email addresses." @@ -2046,7 +2046,7 @@ en: max_notifications_per_user: "Maximum amount of notifications per user, if this number is exceeded old notifications will be deleted. Enforced weekly. Set to 0 to disable" - user_website_domains_whitelist: "User website will be verified against these domains. Pipe-delimited list." + allowed_user_website_domains: "User website will be verified against these domains. Pipe-delimited list." allow_profile_backgrounds: "Allow users to upload profile backgrounds." @@ -2110,7 +2110,7 @@ en: embed_truncate: "Truncate the embedded posts." embed_unlisted: "Imported topics will be unlisted until a user replies." embed_support_markdown: "Support Markdown formatting for embedded posts." - embed_whitelist_selector: "A comma separated list of CSS elements that are allowed in embeds." + allowed_embed_selectors: "A comma separated list of CSS elements that are allowed in embeds." allowed_href_schemes: "Schemes allowed in links in addition to http and https." embed_post_limit: "Maximum number of posts to embed." embed_username_required: "The username for topic creation is required." @@ -2280,7 +2280,7 @@ en: low_weight_invalid: "You cannot set the weight to be greater or equal to 1 or smaller than 'category_search_priority_very_low_weight'." high_weight_invalid: "You cannot set the weight to be smaller or equal to 1 or greater than 'category_search_priority_very_high_weight'." very_high_weight_invalid: "You cannot set the weight to be smaller than 'category_search_priority_high_weight'." - unicode_username_whitelist: + allowed_unicode_usernames: regex_invalid: "The regular expression is invalid: %{error}" leading_trailing_slash: "The regular expression must not start and end with a slash." unicode_usernames_avatars: "The internal system avatars do not support Unicode usernames." @@ -2642,7 +2642,7 @@ en: - Is your domain's [DKIM record][3] correct? This will significantly improve email deliverability. [Test your DKIM record][7] here. - - If you run your own mail server, check to make sure the IPs of your mail server are [not on any email blacklists][4]. Also verify that it is definitely sending a fully-qualified hostname that resolves in DNS in its HELO message. If not, this will cause your email to be rejected by many mail services. + - If you run your own mail server, check to make sure the IPs of your mail server are [not on any email blocklists][4]. Also verify that it is definitely sending a fully-qualified hostname that resolves in DNS in its HELO message. If not, this will cause your email to be rejected by many mail services. - We highly recommend you **send a test email to [mail-tester.com][mt]** to verify that all the above is working correctly. @@ -3236,7 +3236,7 @@ en: Please [review the user](%{user_url}). - This can be modified via the `newuser_spam_host_threshold` and `white_listed_spam_host_domains` site settings. Consider adding %{domains} to the whitelist if they should be exempt. + This can be modified via the `newuser_spam_host_threshold` and `allowed_spam_host_domains` site settings. Consider adding %{domains} to the allowlist if they should be exempt. unsilenced: title: "Unsilenced" diff --git a/config/site_settings.yml b/config/site_settings.yml index 98c2ea0b533..20f1e1a81a4 100644 --- a/config/site_settings.yml +++ b/config/site_settings.yml @@ -443,10 +443,10 @@ login: sso_overrides_website: false sso_overrides_card_background: false sso_not_approved_url: "" - email_domains_blacklist: + blocked_email_domains: default: "mailinator.com" type: list - email_domains_whitelist: + allowed_email_domains: default: "" type: list auto_approve_email_domains: @@ -478,8 +478,8 @@ users: default: false client: true validator: "UnicodeUsernameValidator" - unicode_username_character_whitelist: - validator: "UnicodeUsernameWhitelistValidator" + allowed_unicode_username_characters: + validator: "UnicodeUsernameAllowlistValidator" default: "" locale_default: cs: "[ěščřžýáíéóůúďťňĚŠČŘŽÝÁÍÉÓŮÚĎŤŇ]" @@ -573,7 +573,7 @@ users: client: true show_inactive_accounts: default: false - user_website_domains_whitelist: + allowed_user_website_domains: default: "" type: list hide_suspension_reasons: @@ -798,7 +798,7 @@ posting: ko: 50 zh_CN: 50 zh_TW: 50 - whitelisted_link_domains: + allowed_link_domains: default: "" type: list newuser_max_links: 2 @@ -908,7 +908,7 @@ posting: embed_unlisted: false embed_truncate: true embed_support_markdown: false - embed_whitelist_selector: "" + allowed_embed_selectors: "" allowed_href_schemes: client: true default: "" @@ -1082,7 +1082,7 @@ email: max_emails_per_day_per_user: 100 enable_staged_users: true maximum_staged_users_per_email: 10 - auto_generated_whitelist: + auto_generated_allowlist: default: "" type: list block_auto_generated_emails: true @@ -1109,11 +1109,11 @@ email: reset_bounce_score_after_days: default: 30 max: 36500 - attachment_content_type_blacklist: + blocked_attachment_content_types: type: list default: "pkcs7|x-vcard" list_type: compact - attachment_filename_blacklist: + blocked_attachment_filenames: type: list default: "smime.p7s|signature.asc|winmail.dat" list_type: compact @@ -1456,25 +1456,25 @@ security: cors_origins: default: "" type: list - use_admin_ip_whitelist: + use_admin_ip_allowlist: default: false client: true - blacklist_ip_blocks: + blocked_ip_blocks: default: "" type: list list_type: compact - whitelist_internal_hosts: + allowed_internal_hosts: default: "" type: list allowed_iframes: default: "https://www.google.com/maps/embed?|https://www.openstreetmap.org/export/embed.html?|https://calendar.google.com/calendar/embed?|https://codepen.io/" type: list client: true - whitelisted_crawler_user_agents: + allowed_crawler_user_agents: type: list default: "" list_type: compact - blacklisted_crawler_user_agents: + blocked_crawler_user_agents: type: list default: "mauibot|semrushbot|ahrefsbot|blexbot|seo spider" list_type: compact @@ -1511,14 +1511,14 @@ onebox: ja: 200 zh_CN: 200 zh_TW: 200 - onebox_domains_blacklist: + blocked_onebox_domains: default: "" type: list list_type: compact max_oneboxes_per_post: default: 50 client: true - inline_onebox_domains_whitelist: + allowed_inline_onebox_domains: default: "" type: list list_type: compact @@ -1542,7 +1542,7 @@ spam: notify_mods_when_user_silenced: false flag_sockpuppets: false newuser_spam_host_threshold: 3 - white_listed_spam_host_domains: + allowed_spam_host_domains: default: "" type: list levenshtein_distance_spammer_emails: @@ -1728,10 +1728,10 @@ embedding: embed_title_scrubber: default: "" hidden: true - embed_blacklist_selector: + blocked_embed_selectors: default: "" hidden: true - embed_classname_whitelist: + allowed_embed_classnames: default: "emoji" hidden: true diff --git a/db/migrate/20200709032247_allowlist_and_blocklist_site_settings.rb b/db/migrate/20200709032247_allowlist_and_blocklist_site_settings.rb new file mode 100644 index 00000000000..7145c9fe818 --- /dev/null +++ b/db/migrate/20200709032247_allowlist_and_blocklist_site_settings.rb @@ -0,0 +1,23 @@ +# frozen_string_literal: true + +class AllowlistAndBlocklistSiteSettings < ActiveRecord::Migration[6.0] + def up + SiteSetting::ALLOWLIST_DEPRECATED_SITE_SETTINGS.each_pair do |old_key, new_key| + DB.exec <<~SQL + INSERT INTO site_settings(name, data_type, value, created_at, updated_at) + SELECT '#{new_key}', data_type, value, created_at, updated_At + FROM site_settings + WHERE name = '#{old_key}' + SQL + end + end + + def down + SiteSetting::ALLOWLIST_DEPRECATED_SITE_SETTINGS.each_pair do |_old_key, new_key| + DB.exec <<~SQL + DELETE FROM site_settings + WHERE name = '#{new_key}' + SQL + end + end +end diff --git a/db/post_migrate/20200629232159_rename_path_whitelist_to_allowed_paths.rb b/db/post_migrate/20200629232159_rename_path_whitelist_to_allowed_paths.rb new file mode 100644 index 00000000000..3e55cabe2db --- /dev/null +++ b/db/post_migrate/20200629232159_rename_path_whitelist_to_allowed_paths.rb @@ -0,0 +1,7 @@ +# frozen_string_literal: true + +class RenamePathWhitelistToAllowedPaths < ActiveRecord::Migration[6.0] + def change + rename_column :embeddable_hosts, :path_whitelist, :allowed_paths + end +end diff --git a/db/post_migrate/20200724060632_remove_deprecated_allowlist_settings.rb b/db/post_migrate/20200724060632_remove_deprecated_allowlist_settings.rb new file mode 100644 index 00000000000..38b87c9ac26 --- /dev/null +++ b/db/post_migrate/20200724060632_remove_deprecated_allowlist_settings.rb @@ -0,0 +1,23 @@ +# frozen_string_literal: true + +class RemoveDeprecatedAllowlistSettings < ActiveRecord::Migration[6.0] + def up + SiteSetting::ALLOWLIST_DEPRECATED_SITE_SETTINGS.each_pair do |old_key, _new_key| + DB.exec <<~SQL + DELETE FROM site_settings + WHERE name = '#{old_key}' + SQL + end + end + + def down + SiteSetting::ALLOWLIST_DEPRECATED_SITE_SETTINGS.each_pair do |old_key, new_key| + DB.exec <<~SQL + INSERT INTO site_settings(name, data_type, value, created_at, updated_at) + SELECT '#{old_key}', data_type, value, created_at, updated_At + FROM site_settings + WHERE name = '#{new_key}' + SQL + end + end +end diff --git a/docs/SECURITY.md b/docs/SECURITY.md index 7e1606d2b0c..ee485b5f055 100644 --- a/docs/SECURITY.md +++ b/docs/SECURITY.md @@ -29,7 +29,7 @@ There are 3 main scenarios we protect against: 3. **CSP is on by default** for [all Discourse installations](https://meta.discourse.org/t/mitigate-xss-attacks-with-content-security-policy/104243) as of Discourse 2.2. It can be switched off in the site settings, but it is default on. -On the server side we run a whitelist based sanitizer, implemented using the [Sanitize gem](https://github.com/rgrove/sanitize). See the [relevant Discourse code](https://github.com/discourse/discourse/blob/master/lib/pretty_text.rb). +On the server side we run a allowlist based sanitizer, implemented using the [Sanitize gem](https://github.com/rgrove/sanitize). See the [relevant Discourse code](https://github.com/discourse/discourse/blob/master/lib/pretty_text.rb). In addition, titles and all other places where non-admins can enter code are protected either using the Handlebars library or standard Rails XSS protection. diff --git a/lib/auth/github_authenticator.rb b/lib/auth/github_authenticator.rb index c76fe9a59e2..1925086217d 100644 --- a/lib/auth/github_authenticator.rb +++ b/lib/auth/github_authenticator.rb @@ -113,8 +113,8 @@ class Auth::GithubAuthenticator < Auth::Authenticator end # If we *still* don't have a user, check to see if there's an email that - # passes validation (this includes whitelist/blacklist filtering if any is - # configured). When no whitelist/blacklist is in play, this will simply + # passes validation (this includes allowlist/blocklist filtering if any is + # configured). When no allowlist/blocklist is in play, this will simply # choose the primary email since it's at the front of the list. if !user validator = EmailValidator.new(attributes: :email) diff --git a/lib/cooked_post_processor.rb b/lib/cooked_post_processor.rb index d96d81f6836..e46295becf1 100644 --- a/lib/cooked_post_processor.rb +++ b/lib/cooked_post_processor.rb @@ -592,7 +592,7 @@ class CookedPostProcessor found = false parent = img while parent = parent.parent - if parent["class"] && parent["class"].include?("whitelistedgeneric") + if parent["class"] && parent["class"].include?("allowlistedgeneric") found = true break end diff --git a/lib/crawler_detection.rb b/lib/crawler_detection.rb index 4a90f848652..36fb61b63e5 100644 --- a/lib/crawler_detection.rb +++ b/lib/crawler_detection.rb @@ -39,18 +39,18 @@ module CrawlerDetection # Given a user_agent that returns true from crawler?, should its request be allowed? def self.allow_crawler?(user_agent) - return true if SiteSetting.whitelisted_crawler_user_agents.blank? && - SiteSetting.blacklisted_crawler_user_agents.blank? + return true if SiteSetting.allowed_crawler_user_agents.blank? && + SiteSetting.blocked_crawler_user_agents.blank? - @whitelisted_matchers ||= {} - @blacklisted_matchers ||= {} + @allowlisted_matchers ||= {} + @blocklisted_matchers ||= {} - if SiteSetting.whitelisted_crawler_user_agents.present? - whitelisted = @whitelisted_matchers[SiteSetting.whitelisted_crawler_user_agents] ||= to_matcher(SiteSetting.whitelisted_crawler_user_agents) - !user_agent.nil? && user_agent.match?(whitelisted) + if SiteSetting.allowed_crawler_user_agents.present? + allowlisted = @allowlisted_matchers[SiteSetting.allowed_crawler_user_agents] ||= to_matcher(SiteSetting.allowed_crawler_user_agents) + !user_agent.nil? && user_agent.match?(allowlisted) else - blacklisted = @blacklisted_matchers[SiteSetting.blacklisted_crawler_user_agents] ||= to_matcher(SiteSetting.blacklisted_crawler_user_agents) - user_agent.nil? || !user_agent.match?(blacklisted) + blocklisted = @blocklisted_matchers[SiteSetting.blocked_crawler_user_agents] ||= to_matcher(SiteSetting.blocked_crawler_user_agents) + user_agent.nil? || !user_agent.match?(blocklisted) end end diff --git a/lib/email/receiver.rb b/lib/email/receiver.rb index 78e0dcb3c87..fb487084dfc 100644 --- a/lib/email/receiver.rb +++ b/lib/email/receiver.rb @@ -62,7 +62,7 @@ module Email end def process! - return if is_blacklisted? + return if is_blocked? id_hash = Digest::SHA1.hexdigest(@message_id) DistributedMutex.synchronize("process_email_#{id_hash}") do begin @@ -105,7 +105,7 @@ module Email end end - def is_blacklisted? + def is_blocked? return false if SiteSetting.ignore_by_title.blank? Regexp.new(SiteSetting.ignore_by_title, Regexp::IGNORECASE) =~ @mail.subject end @@ -289,7 +289,7 @@ module Email end def is_auto_generated? - return false if SiteSetting.auto_generated_whitelist.split('|').include?(@from_email) + return false if SiteSetting.auto_generated_allowlist.split('|').include?(@from_email) @mail[:precedence].to_s[/list|junk|bulk|auto_reply/i] || @mail[:from].to_s[/(mailer[\-_]?daemon|post[\-_]?master|no[\-_]?reply)@/i] || @mail[:subject].to_s[/^\s*(Auto:|Automatic reply|Autosvar|Automatisk svar|Automatisch antwoord|Abwesenheitsnotiz|Risposta Non al computer|Automatisch antwoord|Auto Response|Respuesta automática|Fuori sede|Out of Office|Frånvaro|Réponse automatique)/i] || @@ -1009,18 +1009,18 @@ module Email raise InvalidPostAction.new if result.failed? && result.forbidden end - def is_whitelisted_attachment?(attachment) - attachment.content_type !~ SiteSetting.attachment_content_type_blacklist_regex && - attachment.filename !~ SiteSetting.attachment_filename_blacklist_regex + def is_allowed?(attachment) + attachment.content_type !~ SiteSetting.blocked_attachment_content_types_regex && + attachment.filename !~ SiteSetting.blocked_attachment_filenames_regex end def attachments @attachments ||= begin - attachments = @mail.attachments.select { |attachment| is_whitelisted_attachment?(attachment) } - attachments << @mail if @mail.attachment? && is_whitelisted_attachment?(@mail) + attachments = @mail.attachments.select { |attachment| is_allowed?(attachment) } + attachments << @mail if @mail.attachment? && is_allowed?(@mail) @mail.parts.each do |part| - attachments << part if part.attachment? && is_whitelisted_attachment?(part) + attachments << part if part.attachment? && is_allowed?(part) end attachments.uniq! diff --git a/lib/email/styles.rb b/lib/email/styles.rb index ffd4527eb75..2126d456f98 100644 --- a/lib/email/styles.rb +++ b/lib/email/styles.rb @@ -152,7 +152,7 @@ module Email # iframes can't go in emails, so replace them with clickable links @fragment.css('iframe').each do |i| begin - # sometimes, iframes are blacklisted... + # sometimes, iframes are blocklisted... if i["src"].blank? i.remove next diff --git a/lib/final_destination.rb b/lib/final_destination.rb index 02930a71c8f..b5a4dcc4749 100644 --- a/lib/final_destination.rb +++ b/lib/final_destination.rb @@ -284,13 +284,13 @@ class FinalDestination def is_dest_valid? return false unless @uri && @uri.host - # Whitelisted hosts + # Allowlisted hosts return true if hostname_matches?(SiteSetting.Upload.s3_cdn_url) || hostname_matches?(GlobalSetting.try(:cdn_url)) || hostname_matches?(Discourse.base_url_no_prefix) - if SiteSetting.whitelist_internal_hosts.present? - return true if SiteSetting.whitelist_internal_hosts.split("|").any? { |h| h.downcase == @uri.hostname.downcase } + if SiteSetting.allowed_internal_hosts.present? + return true if SiteSetting.allowed_internal_hosts.split("|").any? { |h| h.downcase == @uri.hostname.downcase } end address_s = @opts[:lookup_ip].call(@uri.hostname) @@ -320,7 +320,7 @@ class FinalDestination def private_ranges FinalDestination.standard_private_ranges + - SiteSetting.blacklist_ip_blocks.split('|').map { |r| IPAddr.new(r) rescue nil }.compact + SiteSetting.blocked_ip_blocks.split('|').map { |r| IPAddr.new(r) rescue nil }.compact end def log(log_level, message) diff --git a/lib/flag_query.rb b/lib/flag_query.rb index c03763d74ba..5c6c0bce9b1 100644 --- a/lib/flag_query.rb +++ b/lib/flag_query.rb @@ -137,7 +137,7 @@ module FlagQuery guardian = Guardian.new(current_user) users = User.includes(:user_stat).where(id: user_ids.to_a).to_a - User.preload_custom_fields(users, User.whitelisted_user_custom_fields(guardian)) + User.preload_custom_fields(users, User.allowed_user_custom_fields(guardian)) [ posts, diff --git a/lib/guardian.rb b/lib/guardian.rb index 709f386904b..9e31492c773 100644 --- a/lib/guardian.rb +++ b/lib/guardian.rb @@ -477,9 +477,9 @@ class Guardian def allowed_theme_repo_import?(repo) return false if !@user.admin? - whitelisted_repos = GlobalSetting.whitelisted_theme_repos - if !whitelisted_repos.blank? - urls = whitelisted_repos.split(",").map(&:strip) + allowed_repos = GlobalSetting.allowed_theme_repos + if !allowed_repos.blank? + urls = allowed_repos.split(",").map(&:strip) return urls.include?(repo) end @@ -489,8 +489,8 @@ class Guardian def allow_themes?(theme_ids, include_preview: false) return true if theme_ids.blank? - if whitelisted_theme_ids = GlobalSetting.whitelisted_theme_ids - if (theme_ids - whitelisted_theme_ids).present? + if allowed_theme_ids = GlobalSetting.allowed_theme_ids + if (theme_ids - allowed_theme_ids).present? return false end end diff --git a/lib/guardian/post_guardian.rb b/lib/guardian/post_guardian.rb index 2827f5462bf..d02efa61faa 100644 --- a/lib/guardian/post_guardian.rb +++ b/lib/guardian/post_guardian.rb @@ -10,7 +10,7 @@ module PostGuardian def link_posting_access if unrestricted_link_posting? 'full' - elsif SiteSetting.whitelisted_link_domains.present? + elsif SiteSetting.allowed_link_domains.present? 'limited' else 'none' @@ -21,7 +21,7 @@ module PostGuardian return false if host.blank? unrestricted_link_posting? || - SiteSetting.whitelisted_link_domains.split('|').include?(host) + SiteSetting.allowed_link_domains.split('|').include?(host) end # Can the user act on the post in a particular way. diff --git a/lib/inline_oneboxer.rb b/lib/inline_oneboxer.rb index 26f3ecc9ba6..48c01715198 100644 --- a/lib/inline_oneboxer.rb +++ b/lib/inline_oneboxer.rb @@ -42,7 +42,7 @@ class InlineOneboxer end always_allow = SiteSetting.enable_inline_onebox_on_all_domains - domains = SiteSetting.inline_onebox_domains_whitelist&.split('|') unless always_allow + domains = SiteSetting.allowed_inline_onebox_domains&.split('|') unless always_allow if always_allow || domains uri = begin diff --git a/lib/onebox/engine/whitelisted_generic_onebox.rb b/lib/onebox/engine/allowlisted_generic_onebox.rb similarity index 82% rename from lib/onebox/engine/whitelisted_generic_onebox.rb rename to lib/onebox/engine/allowlisted_generic_onebox.rb index 7a46a0d1e5d..85af9278635 100644 --- a/lib/onebox/engine/whitelisted_generic_onebox.rb +++ b/lib/onebox/engine/allowlisted_generic_onebox.rb @@ -4,9 +4,9 @@ require "ipaddr" module Onebox module Engine - class WhitelistedGenericOnebox + class AllowlistedGenericOnebox - # overwrite the whitelist + # overwrite the allowlist def self.===(other) other.is_a?(URI) ? (IPAddr.new(other.hostname) rescue nil).nil? : true end @@ -18,10 +18,10 @@ module Onebox private - # overwrite to whitelist iframes + # overwrite to allowlist iframes def is_embedded? return false unless data[:html] && data[:height] - return true if WhitelistedGenericOnebox.html_providers.include?(data[:provider_name]) + return true if AllowlistedGenericOnebox.html_providers.include?(data[:provider_name]) if data[:html]["iframe"] fragment = Nokogiri::HTML5::fragment(data[:html]) diff --git a/lib/oneboxer.rb b/lib/oneboxer.rb index 107e6d0610b..a5e1c235e46 100644 --- a/lib/oneboxer.rb +++ b/lib/oneboxer.rb @@ -292,8 +292,8 @@ module Oneboxer end end - def self.blacklisted_domains - SiteSetting.onebox_domains_blacklist.split("|") + def self.blocked_domains + SiteSetting.blocked_onebox_domains.split("|") end def self.preserve_fragment_url_hosts @@ -304,12 +304,12 @@ module Oneboxer Discourse.cache.fetch(onebox_cache_key(url), expires_in: 1.day) do fd = FinalDestination.new(url, ignore_redirects: ignore_redirects, - ignore_hostnames: blacklisted_domains, + ignore_hostnames: blocked_domains, force_get_hosts: force_get_hosts, force_custom_user_agent_hosts: force_custom_user_agent_hosts, preserve_fragment_url_hosts: preserve_fragment_url_hosts) uri = fd.resolve - return blank_onebox if uri.blank? || blacklisted_domains.map { |hostname| uri.hostname.match?(hostname) }.any? + return blank_onebox if uri.blank? || blocked_domains.map { |hostname| uri.hostname.match?(hostname) }.any? options = { max_width: 695, diff --git a/lib/plugin/instance.rb b/lib/plugin/instance.rb index 6b5ece1cd34..fe64f3b21b9 100644 --- a/lib/plugin/instance.rb +++ b/lib/plugin/instance.rb @@ -161,10 +161,20 @@ class Plugin::Instance end def whitelist_staff_user_custom_field(field) + Discourse.deprecate("whitelist_staff_user_custom_field is deprecated, use the allow_staff_user_custom_field.", drop_from: "2.6") + allow_staff_user_custom_field(field) + end + + def allow_staff_user_custom_field(field) DiscoursePluginRegistry.register_staff_user_custom_field(field, self) end def whitelist_public_user_custom_field(field) + Discourse.deprecate("whitelist_public_user_custom_field is deprecated, use the allow_public_user_custom_field.", drop_from: "2.6") + allow_public_user_custom_field(field) + end + + def allow_public_user_custom_field(field) DiscoursePluginRegistry.register_public_user_custom_field(field, self) end @@ -256,10 +266,15 @@ class Plugin::Instance end end - # Add a post_custom_fields_whitelister block to the TopicView, respecting if the plugin is enabled def topic_view_post_custom_fields_whitelister(&block) + Discourse.deprecate("topic_view_post_custom_fields_whitelister is deprecated, use the topic_view_post_custom_fields_allowlister.", drop_from: "2.6") + topic_view_post_custom_fields_allowlister(&block) + end + + # Add a post_custom_fields_allowlister block to the TopicView, respecting if the plugin is enabled + def topic_view_post_custom_fields_allowlister(&block) reloadable_patch do |plugin| - ::TopicView.add_post_custom_fields_whitelister do |user| + ::TopicView.add_post_custom_fields_allowlister do |user| plugin.enabled? ? block.call(user) : [] end end diff --git a/lib/pretty_text.rb b/lib/pretty_text.rb index e17a90e44bc..03f4dcb4c30 100644 --- a/lib/pretty_text.rb +++ b/lib/pretty_text.rb @@ -284,10 +284,10 @@ module PrettyText end def self.add_rel_nofollow_to_user_content(doc) - whitelist = [] + allowlist = [] domains = SiteSetting.exclude_rel_nofollow_domains - whitelist = domains.split('|') if domains.present? + allowlist = domains.split('|') if domains.present? site_uri = nil doc.css("a").each do |l| @@ -299,7 +299,7 @@ module PrettyText if !uri.host.present? || uri.host == site_uri.host || uri.host.ends_with?(".#{site_uri.host}") || - whitelist.any? { |u| uri.host == u || uri.host.ends_with?(".#{u}") } + allowlist.any? { |u| uri.host == u || uri.host.ends_with?(".#{u}") } # we are good no need for nofollow l.remove_attribute("rel") else diff --git a/lib/site_setting_extension.rb b/lib/site_setting_extension.rb index 09b616eda99..da3f6cf9814 100644 --- a/lib/site_setting_extension.rb +++ b/lib/site_setting_extension.rb @@ -378,8 +378,8 @@ module SiteSettingExtension end HOSTNAME_SETTINGS ||= %w{ - disabled_image_download_domains onebox_domains_blacklist exclude_rel_nofollow_domains - email_domains_blacklist email_domains_whitelist white_listed_spam_host_domains + disabled_image_download_domains blocked_onebox_domains exclude_rel_nofollow_domains + blocked_email_domains allowed_email_domains allowed_spam_host_domains } def filter_value(name, value) diff --git a/lib/spam_handler.rb b/lib/spam_handler.rb index 2071c079bbe..fc298f87665 100644 --- a/lib/spam_handler.rb +++ b/lib/spam_handler.rb @@ -17,8 +17,8 @@ class SpamHandler return false if staff_members_with_same_ip > 0 - ip_whitelisted = ScreenedIpAddress.is_whitelisted?(ip_address) - return false if ip_whitelisted + allowed_ip = ScreenedIpAddress.is_allowed?(ip_address) + return false if allowed_ip tl0_accounts_with_same_ip = User.unscoped .where(trust_level: TrustLevel[0]) diff --git a/lib/tasks/typepad.thor b/lib/tasks/typepad.thor index cb6eb8b6e5e..649f12db523 100644 --- a/lib/tasks/typepad.thor +++ b/lib/tasks/typepad.thor @@ -13,7 +13,7 @@ class Typepad < Thor require './config/environment' backup_settings = {} - %w(email_domains_blacklist).each do |s| + %w(blocked_email_domains).each do |s| backup_settings[s] = SiteSetting.get(s) end @@ -53,7 +53,7 @@ class Typepad < Thor end RateLimiter.disable - SiteSetting.email_domains_blacklist = "" + SiteSetting.blocked_email_domains = "" puts "Importing #{entries.size} entries" diff --git a/lib/topic_view.rb b/lib/topic_view.rb index 81b4449c4ed..0601a59f0c6 100644 --- a/lib/topic_view.rb +++ b/lib/topic_view.rb @@ -38,16 +38,16 @@ class TopicView @default_post_custom_fields ||= [Post::NOTICE_TYPE, Post::NOTICE_ARGS, "action_code_who"] end - def self.post_custom_fields_whitelisters - @post_custom_fields_whitelisters ||= Set.new + def self.post_custom_fields_allowlisters + @post_custom_fields_allowlisters ||= Set.new end - def self.add_post_custom_fields_whitelister(&block) - post_custom_fields_whitelisters << block + def self.add_post_custom_fields_allowlister(&block) + post_custom_fields_allowlisters << block end - def self.whitelisted_post_custom_fields(user) - wpcf = default_post_custom_fields + post_custom_fields_whitelisters.map { |w| w.call(user) } + def self.allowed_post_custom_fields(user) + wpcf = default_post_custom_fields + post_custom_fields_allowlisters.map { |w| w.call(user) } wpcf.flatten.uniq end @@ -87,12 +87,12 @@ class TopicView filter_posts(options) if @posts && !@skip_custom_fields - if (added_fields = User.whitelisted_user_custom_fields(@guardian)).present? + if (added_fields = User.allowed_user_custom_fields(@guardian)).present? @user_custom_fields = User.custom_fields_for_ids(@posts.pluck(:user_id), added_fields) end - if (whitelisted_fields = TopicView.whitelisted_post_custom_fields(@user)).present? - @post_custom_fields = Post.custom_fields_for_ids(@posts.pluck(:id), whitelisted_fields) + if (allowed_fields = TopicView.allowed_post_custom_fields(@user)).present? + @post_custom_fields = Post.custom_fields_for_ids(@posts.pluck(:id), allowed_fields) end end diff --git a/lib/upload_creator.rb b/lib/upload_creator.rb index acab69e9c07..f3d76cb2856 100644 --- a/lib/upload_creator.rb +++ b/lib/upload_creator.rb @@ -51,7 +51,7 @@ class UploadCreator return @upload if @upload.errors.present? if @image_info.type.to_s == "svg" - whitelist_svg! + clean_svg! elsif !Rails.env.test? || @opts[:force_optimize] convert_to_jpeg! if convert_png_to_jpeg? downsize! if should_downsize? @@ -302,9 +302,9 @@ class UploadCreator end end - def whitelist_svg! + def clean_svg! doc = Nokogiri::XML(@file) - doc.xpath(svg_whitelist_xpath).remove + doc.xpath(svg_allowlist_xpath).remove doc.xpath("//@*[starts-with(name(), 'on')]").remove doc.css('use').each do |use_el| if use_el.attr('href') @@ -400,8 +400,8 @@ class UploadCreator @allow_animation ||= @opts[:type] == "avatar" ? SiteSetting.allow_animated_avatars : SiteSetting.allow_animated_thumbnails end - def svg_whitelist_xpath - @@svg_whitelist_xpath ||= "//*[#{WHITELISTED_SVG_ELEMENTS.map { |e| "name()!='#{e}'" }.join(" and ") }]" + def svg_allowlist_xpath + @@svg_allowlist_xpath ||= "//*[#{WHITELISTED_SVG_ELEMENTS.map { |e| "name()!='#{e}'" }.join(" and ") }]" end def add_metadata! diff --git a/lib/upload_recovery.rb b/lib/upload_recovery.rb index fc687d7fd30..7ea190c02d8 100644 --- a/lib/upload_recovery.rb +++ b/lib/upload_recovery.rb @@ -17,7 +17,7 @@ class UploadRecovery analyzer.cooked_stripped.css("img", "a").each do |media| if media.name == "img" && orig_src = media["data-orig-src"] if dom_class = media["class"] - if (Post.white_listed_image_classes & dom_class.split).count > 0 + if (Post.allowed_image_classes & dom_class.split).count > 0 next end end diff --git a/lib/user_name_suggester.rb b/lib/user_name_suggester.rb index 2f7c7c920ab..ecd482b4900 100644 --- a/lib/user_name_suggester.rb +++ b/lib/user_name_suggester.rb @@ -115,7 +115,7 @@ module UserNameSuggester end name.gsub!(UsernameValidator.invalid_char_pattern, '_') - name = apply_whitelist(name) if UsernameValidator.char_whitelist_exists? + name = apply_allowlist(name) if UsernameValidator.char_allowlist_exists? name.gsub!(UsernameValidator::INVALID_LEADING_CHAR_PATTERN, '') name.gsub!(UsernameValidator::CONFUSING_EXTENSIONS, "_") name.gsub!(UsernameValidator::INVALID_TRAILING_CHAR_PATTERN, '') @@ -123,9 +123,9 @@ module UserNameSuggester name end - def self.apply_whitelist(name) + def self.apply_allowlist(name) name.grapheme_clusters - .map { |c| UsernameValidator.whitelisted_char?(c) ? c : '_' } + .map { |c| UsernameValidator.allowed_char?(c) ? c : '_' } .join end diff --git a/lib/validators/email_validator.rb b/lib/validators/email_validator.rb index 7090f2516b1..47200da2b9f 100644 --- a/lib/validators/email_validator.rb +++ b/lib/validators/email_validator.rb @@ -17,9 +17,9 @@ class EmailValidator < ActiveModel::EachValidator end def self.allowed?(email) - if (setting = SiteSetting.email_domains_whitelist).present? + if (setting = SiteSetting.allowed_email_domains).present? return email_in_restriction_setting?(setting, email) || is_developer?(email) - elsif (setting = SiteSetting.email_domains_blacklist).present? + elsif (setting = SiteSetting.blocked_email_domains).present? return !(email_in_restriction_setting?(setting, email) && !is_developer?(email)) end diff --git a/lib/validators/unicode_username_whitelist_validator.rb b/lib/validators/unicode_username_allowlist_validator.rb similarity index 59% rename from lib/validators/unicode_username_whitelist_validator.rb rename to lib/validators/unicode_username_allowlist_validator.rb index 21aabe6eee2..f47d37b92f5 100644 --- a/lib/validators/unicode_username_whitelist_validator.rb +++ b/lib/validators/unicode_username_allowlist_validator.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class UnicodeUsernameWhitelistValidator +class UnicodeUsernameAllowlistValidator def initialize(opts = {}) @opts = opts end @@ -10,12 +10,12 @@ class UnicodeUsernameWhitelistValidator return true if value.blank? if value.match?(/^\/.*\/[imxo]*$/) - @error_message = I18n.t("site_settings.errors.unicode_username_whitelist.leading_trailing_slash") + @error_message = I18n.t("site_settings.errors.allowed_unicode_usernames.leading_trailing_slash") else begin Regexp.new(value) rescue RegexpError => e - @error_message = I18n.t("site_settings.errors.unicode_username_whitelist.regex_invalid", error: e.message) + @error_message = I18n.t("site_settings.errors.allowed_unicode_usernames.regex_invalid", error: e.message) end end diff --git a/lib/validators/upload_validator.rb b/lib/validators/upload_validator.rb index deb49854bf6..4238a77ff97 100644 --- a/lib/validators/upload_validator.rb +++ b/lib/validators/upload_validator.rb @@ -12,9 +12,9 @@ class UploadValidator < ActiveModel::Validator return true if upload.user&.staff? end - # check the attachment blacklist + # check the attachment blocklist if upload.for_group_message && SiteSetting.allow_all_attachments_for_group_messages - return upload.original_filename =~ SiteSetting.attachment_filename_blacklist_regex + return upload.original_filename =~ SiteSetting.blocked_attachment_filenames_regex end extension = File.extname(upload.original_filename)[1..-1] || "" diff --git a/plugins/poll/plugin.rb b/plugins/poll/plugin.rb index ec4a7570a6d..8331b8fca63 100644 --- a/plugins/poll/plugin.rb +++ b/plugins/poll/plugin.rb @@ -562,7 +562,7 @@ after_initialize do register_post_custom_field_type(DiscoursePoll::HAS_POLLS, :boolean) - topic_view_post_custom_fields_whitelister { [DiscoursePoll::HAS_POLLS] } + topic_view_post_custom_fields_allowlister { [DiscoursePoll::HAS_POLLS] } add_to_class(:topic_view, :polls) do @polls ||= begin diff --git a/script/import_scripts/base.rb b/script/import_scripts/base.rb index 64de94ba75f..bc780e68869 100644 --- a/script/import_scripts/base.rb +++ b/script/import_scripts/base.rb @@ -70,7 +70,7 @@ class ImportScripts::Base def get_site_settings_for_import { - email_domains_blacklist: '', + blocked_email_domains: '', min_topic_title_length: 1, min_post_length: 1, min_first_post_length: 1, diff --git a/script/import_scripts/friendsmegplus.rb b/script/import_scripts/friendsmegplus.rb index 3eb76239515..ee22dd9cbca 100644 --- a/script/import_scripts/friendsmegplus.rb +++ b/script/import_scripts/friendsmegplus.rb @@ -68,12 +68,12 @@ class ImportScripts::FMGP < ImportScripts::Base @usermap = {} # G+ user IDs to filter out (spam, abuse) — no topics or posts, silence and suspend when creating - # loaded from blacklist.json as array of google ids `[ 92310293874, 12378491235293 ]` - @blacklist = Set[] + # loaded from blocklist.json as array of google ids `[ 92310293874, 12378491235293 ]` + @blocklist = Set[] # G+ user IDs whose posts are useful; if this is set, include only - # posts (and non-blacklisted comments) authored by these IDs - @whitelist = nil + # posts (and non-blocklisted comments) authored by these IDs + @allowlist = nil # Tags to apply to every topic; empty Array to not have any tags applied everywhere @globaltags = [ "gplus" ] @@ -117,10 +117,10 @@ class ImportScripts::FMGP < ImportScripts::Base @categories = load_fmgp_json(arg) elsif arg.end_with?("usermap.json") @usermap = load_fmgp_json(arg) - elsif arg.end_with?('blacklist.json') - @blacklist = load_fmgp_json(arg).map { |i| i.to_s }.to_set - elsif arg.end_with?('whitelist.json') - @whitelist = load_fmgp_json(arg).map { |i| i.to_s }.to_set + elsif arg.end_with?('blocklist.json') + @blocklist = load_fmgp_json(arg).map { |i| i.to_s }.to_set + elsif arg.end_with?('allowlist.json') + @allowlist = load_fmgp_json(arg).map { |i| i.to_s }.to_set elsif arg.end_with?('.json') @feeds << load_fmgp_json(arg) elsif arg == '--dry-run' @@ -149,8 +149,8 @@ class ImportScripts::FMGP < ImportScripts::Base @posts_imported = 0 @topics_skipped = 0 @posts_skipped = 0 - @topics_blacklisted = 0 - @posts_blacklisted = 0 + @blocked_topics = 0 + @blocked_posts = 0 # count uploaded file size @totalsize = 0 @@ -324,10 +324,10 @@ class ImportScripts::FMGP < ImportScripts::Base newuser.approved = true newuser.approved_by_id = @system_user.id newuser.approved_at = newuser.created_at - if @blacklist.include?(id.to_s) + if @blocklist.include?(id.to_s) now = DateTime.now forever = 1000.years.from_now - # you can suspend as well if you want your blacklist to + # you can suspend as well if you want your blocklist to # be hard to recover from #newuser.suspended_at = now #newuser.suspended_till = forever @@ -348,7 +348,7 @@ class ImportScripts::FMGP < ImportScripts::Base # user already on system u = User.find(google_user_info.user_id) if u.silenced? || u.suspended? - @blacklist.add(id) + @blocklist.add(id) end @users[id] = u email = u.email @@ -371,7 +371,7 @@ class ImportScripts::FMGP < ImportScripts::Base category["posts"].each do |post| # G+ post / Discourse topic import_topic(post, category) - print("\r#{@topics_imported}/#{@posts_imported} topics/posts (skipped: #{@topics_skipped}/#{@posts_skipped} blacklisted: #{@topics_blacklisted}/#{@posts_blacklisted}) ") + print("\r#{@topics_imported}/#{@posts_imported} topics/posts (skipped: #{@topics_skipped}/#{@posts_skipped} blocklisted: #{@blocked_topics}/#{@blocked_posts}) ") end end end @@ -389,13 +389,13 @@ class ImportScripts::FMGP < ImportScripts::Base @topics_skipped += 1 else # new post - if !@whitelist.nil? && !@whitelist.include?(post["author"]["id"]) - # only ignore non-whitelisted if whitelist defined + if !@allowlist.nil? && !@allowlist.include?(post["author"]["id"]) + # only ignore non-allowlisted if allowlist defined return end postmap = make_postmap(post, category, nil) if postmap.nil? - @topics_blacklisted += 1 + @blocked_topics += 1 return end p = create_post(postmap, postmap[:id]) if !@dryrun @@ -409,7 +409,7 @@ class ImportScripts::FMGP < ImportScripts::Base else commentmap = make_postmap(comment, nil, p) if commentmap.nil? - @posts_blacklisted += 1 + @blocked_posts += 1 else @posts_imported += 1 new_comment = create_post(commentmap, commentmap[:id]) if !@dryrun @@ -420,7 +420,7 @@ class ImportScripts::FMGP < ImportScripts::Base def make_postmap(post, category, parent) post_author_id = post["author"]["id"] - return nil if @blacklist.include?(post_author_id.to_s) + return nil if @blocklist.include?(post_author_id.to_s) raw = formatted_message(post) # if no message, image, or images, it's just empty diff --git a/script/import_scripts/smf1.rb b/script/import_scripts/smf1.rb index 99f068c5ed8..5f83eef6734 100644 --- a/script/import_scripts/smf1.rb +++ b/script/import_scripts/smf1.rb @@ -497,10 +497,10 @@ class ImportScripts::Smf1 < ImportScripts::Base def import_banned_domains puts "", "Importing banned email domains..." - blacklist = SiteSetting.email_domains_blacklist.split("|") + blocklist = SiteSetting.blocked_email_domains.split("|") banned_domains = mysql_query("SELECT SUBSTRING(email_address, 3) domain FROM smf_ban_items WHERE email_address RLIKE '^%@[^%]+$' GROUP BY email_address").map { |r| r["domain"] } - SiteSetting.email_domains_blacklist = (blacklist + banned_domains).uniq.sort.join("|") + SiteSetting.blocked_email_domains = (blocklist + banned_domains).uniq.sort.join("|") end def import_banned_emails diff --git a/spec/components/auth/github_authenticator_spec.rb b/spec/components/auth/github_authenticator_spec.rb index ae50424c904..b9a9f4788df 100644 --- a/spec/components/auth/github_authenticator_spec.rb +++ b/spec/components/auth/github_authenticator_spec.rb @@ -178,38 +178,38 @@ describe Auth::GithubAuthenticator do expect(result.email_valid).to eq(hash[:info][:email].present?) end - it 'will skip blacklisted domains for non existing users' do + it 'will skip blocklisted domains for non existing users' do hash = { extra: { all_emails: [{ - email: "not_allowed@blacklist.com", + email: "not_allowed@blocklist.com", primary: true, verified: true, }, { - email: "allowed@whitelist.com", + email: "allowed@allowlist.com", primary: false, verified: true, }] }, info: { - email: "not_allowed@blacklist.com", + email: "not_allowed@blocklist.com", nickname: "person", name: "Person Lastname", }, uid: "100" } - SiteSetting.email_domains_blacklist = "blacklist.com" + SiteSetting.blocked_email_domains = "blocklist.com" result = authenticator.after_authenticate(hash) expect(result.user).to eq(nil) expect(result.username).to eq(hash[:info][:nickname]) expect(result.name).to eq(hash[:info][:name]) - expect(result.email).to eq("allowed@whitelist.com") + expect(result.email).to eq("allowed@allowlist.com") expect(result.email_valid).to eq(true) end - it 'will find whitelisted domains for non existing users' do + it 'will find allowlisted domains for non existing users' do hash = { extra: { all_emails: [{ @@ -217,11 +217,11 @@ describe Auth::GithubAuthenticator do primary: true, verified: true, }, { - email: "not_allowed@blacklist.com", + email: "not_allowed@blocklist.com", primary: false, verified: true, }, { - email: "allowed@whitelist.com", + email: "allowed@allowlist.com", primary: false, verified: true, }] @@ -234,13 +234,13 @@ describe Auth::GithubAuthenticator do uid: "100" } - SiteSetting.email_domains_whitelist = "whitelist.com" + SiteSetting.allowed_email_domains = "allowlist.com" result = authenticator.after_authenticate(hash) expect(result.user).to eq(nil) expect(result.username).to eq(hash[:info][:nickname]) expect(result.name).to eq(hash[:info][:name]) - expect(result.email).to eq("allowed@whitelist.com") + expect(result.email).to eq("allowed@allowlist.com") expect(result.email_valid).to eq(true) end diff --git a/spec/components/concern/has_custom_fields_spec.rb b/spec/components/concern/has_custom_fields_spec.rb index 24ecefaca54..a567f3e8eda 100644 --- a/spec/components/concern/has_custom_fields_spec.rb +++ b/spec/components/concern/has_custom_fields_spec.rb @@ -235,7 +235,7 @@ describe HasCustomFields do it "supports bulk retrieval with a list of ids" do item1 = CustomFieldsTestItem.new - item1.custom_fields = { "a" => ["b", "c", "d"], 'not_whitelisted' => 'secret' } + item1.custom_fields = { "a" => ["b", "c", "d"], 'not_allowlisted' => 'secret' } item1.save item2 = CustomFieldsTestItem.new @@ -245,7 +245,7 @@ describe HasCustomFields do fields = CustomFieldsTestItem.custom_fields_for_ids([item1.id, item2.id], ['a', 'e']) expect(fields).to be_present expect(fields[item1.id]['a']).to match_array(['b', 'c', 'd']) - expect(fields[item1.id]['not_whitelisted']).to be_blank + expect(fields[item1.id]['not_allowlisted']).to be_blank expect(fields[item2.id]['e']).to eq('hallo') end diff --git a/spec/components/cooked_post_processor_spec.rb b/spec/components/cooked_post_processor_spec.rb index a4b9c2bc143..dc202453248 100644 --- a/spec/components/cooked_post_processor_spec.rb +++ b/spec/components/cooked_post_processor_spec.rb @@ -1600,7 +1600,7 @@ describe CookedPostProcessor do context "onebox" do before do Oneboxer.stubs(:onebox).with(anything, anything).returns(nil) - Oneboxer.stubs(:onebox).with('https://discourse.org', anything).returns("") + Oneboxer.stubs(:onebox).with('https://discourse.org', anything).returns("") end it "awards the badge for using an onebox" do diff --git a/spec/components/crawler_detection_spec.rb b/spec/components/crawler_detection_spec.rb index 1492d010fb5..c5f2a2056b9 100644 --- a/spec/components/crawler_detection_spec.rb +++ b/spec/components/crawler_detection_spec.rb @@ -70,13 +70,13 @@ describe CrawlerDetection do end describe 'allow_crawler?' do - it 'returns true if whitelist and blacklist are blank' do + it 'returns true if allowlist and blocklist are blank' do expect(CrawlerDetection.allow_crawler?('Googlebot/2.1 (+http://www.google.com/bot.html)')).to eq(true) end - context 'whitelist is set' do + context 'allowlist is set' do before do - SiteSetting.whitelisted_crawler_user_agents = 'Googlebot|Twitterbot' + SiteSetting.allowed_crawler_user_agents = 'Googlebot|Twitterbot' end it 'returns true for matching user agents' do @@ -91,20 +91,20 @@ describe CrawlerDetection do expect(CrawlerDetection.allow_crawler?('')).to eq(false) end - context 'and blacklist is set' do + context 'and blocklist is set' do before do - SiteSetting.blacklisted_crawler_user_agents = 'Googlebot-Image' + SiteSetting.blocked_crawler_user_agents = 'Googlebot-Image' end - it 'ignores the blacklist' do + it 'ignores the blocklist' do expect(CrawlerDetection.allow_crawler?('Googlebot-Image/1.0')).to eq(true) end end end - context 'blacklist is set' do + context 'blocklist is set' do before do - SiteSetting.blacklisted_crawler_user_agents = 'Googlebot|Twitterbot' + SiteSetting.blocked_crawler_user_agents = 'Googlebot|Twitterbot' end it 'returns true for crawlers that do not match' do @@ -122,47 +122,47 @@ describe CrawlerDetection do end describe 'is_blocked_crawler?' do - it 'is false if user agent is a crawler and no whitelist or blacklist is defined' do + it 'is false if user agent is a crawler and no allowlist or blocklist is defined' do expect(CrawlerDetection.is_blocked_crawler?('Twitterbot')).to eq(false) end - it 'is false if user agent is not a crawler and no whitelist or blacklist is defined' do + it 'is false if user agent is not a crawler and no allowlist or blocklist is defined' do expect(CrawlerDetection.is_blocked_crawler?('Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36')).to eq(false) end - it 'is true if user agent is a crawler and is not whitelisted' do - SiteSetting.whitelisted_crawler_user_agents = 'Googlebot' + it 'is true if user agent is a crawler and is not allowlisted' do + SiteSetting.allowed_crawler_user_agents = 'Googlebot' expect(CrawlerDetection.is_blocked_crawler?('Twitterbot')).to eq(true) end - it 'is false if user agent is not a crawler and there is a whitelist' do - SiteSetting.whitelisted_crawler_user_agents = 'Googlebot' + it 'is false if user agent is not a crawler and there is a allowlist' do + SiteSetting.allowed_crawler_user_agents = 'Googlebot' expect(CrawlerDetection.is_blocked_crawler?('Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36')).to eq(false) end - it 'is true if user agent is a crawler and is blacklisted' do - SiteSetting.blacklisted_crawler_user_agents = 'Twitterbot' + it 'is true if user agent is a crawler and is blocklisted' do + SiteSetting.blocked_crawler_user_agents = 'Twitterbot' expect(CrawlerDetection.is_blocked_crawler?('Twitterbot')).to eq(true) end - it 'is true if user agent is a crawler and is not blacklisted' do - SiteSetting.blacklisted_crawler_user_agents = 'Twitterbot' + it 'is true if user agent is a crawler and is not blocklisted' do + SiteSetting.blocked_crawler_user_agents = 'Twitterbot' expect(CrawlerDetection.is_blocked_crawler?('Googlebot')).to eq(false) end - it 'is false if user agent is not a crawler and blacklist is defined' do - SiteSetting.blacklisted_crawler_user_agents = 'Mozilla' + it 'is false if user agent is not a crawler and blocklist is defined' do + SiteSetting.blocked_crawler_user_agents = 'Mozilla' expect(CrawlerDetection.is_blocked_crawler?('Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36')).to eq(false) end - it 'is true if user agent is missing and whitelist is defined' do - SiteSetting.whitelisted_crawler_user_agents = 'Googlebot' + it 'is true if user agent is missing and allowlist is defined' do + SiteSetting.allowed_crawler_user_agents = 'Googlebot' expect(CrawlerDetection.is_blocked_crawler?('')).to eq(true) expect(CrawlerDetection.is_blocked_crawler?(nil)).to eq(true) end - it 'is false if user agent is missing and blacklist is defined' do - SiteSetting.blacklisted_crawler_user_agents = 'Googlebot' + it 'is false if user agent is missing and blocklist is defined' do + SiteSetting.blocked_crawler_user_agents = 'Googlebot' expect(CrawlerDetection.is_blocked_crawler?('')).to eq(false) expect(CrawlerDetection.is_blocked_crawler?(nil)).to eq(false) end diff --git a/spec/components/email/receiver_spec.rb b/spec/components/email/receiver_spec.rb index 44dae0fd8da..5cd9b9946cc 100644 --- a/spec/components/email/receiver_spec.rb +++ b/spec/components/email/receiver_spec.rb @@ -25,16 +25,16 @@ describe Email::Receiver do expect { process(:screened_email) }.to raise_error(Email::Receiver::ScreenedEmailError) end - it "raises EmailNotAllowed when email address is not on whitelist" do - SiteSetting.email_domains_whitelist = "example.com|bar.com" + it "raises EmailNotAllowed when email address is not on allowlist" do + SiteSetting.allowed_email_domains = "example.com|bar.com" Fabricate(:group, incoming_email: "some_group@bar.com") - expect { process(:blacklist_whitelist_email) }.to raise_error(Email::Receiver::EmailNotAllowed) + expect { process(:blocklist_allowlist_email) }.to raise_error(Email::Receiver::EmailNotAllowed) end - it "raises EmailNotAllowed when email address is on blacklist" do - SiteSetting.email_domains_blacklist = "email.com|mail.com" + it "raises EmailNotAllowed when email address is on blocklist" do + SiteSetting.blocked_email_domains = "email.com|mail.com" Fabricate(:group, incoming_email: "some_group@bar.com") - expect { process(:blacklist_whitelist_email) }.to raise_error(Email::Receiver::EmailNotAllowed) + expect { process(:blocklist_allowlist_email) }.to raise_error(Email::Receiver::EmailNotAllowed) end it "raises an UserNotFoundError when staged users are disabled" do @@ -419,9 +419,9 @@ describe Email::Receiver do expect { process(:invalid_from_2) }.to raise_error(Email::Receiver::NoSenderDetectedError) end - it "doesn't raise an AutoGeneratedEmailError when the mail is auto generated but is whitelisted" do - SiteSetting.auto_generated_whitelist = "foo@bar.com|discourse@bar.com" - expect { process(:auto_generated_whitelisted) }.to change { topic.posts.count } + it "doesn't raise an AutoGeneratedEmailError when the mail is auto generated but is allowlisted" do + SiteSetting.auto_generated_allowlist = "foo@bar.com|discourse@bar.com" + expect { process(:auto_generated_allowlisted) }.to change { topic.posts.count } end it "doesn't raise an AutoGeneratedEmailError when block_auto_generated_emails is disabled" do @@ -1211,41 +1211,41 @@ describe Email::Receiver do include_examples "does not create staged users", :unsubscribe_new_user, Email::Receiver::UnsubscribeNotAllowed end - context "when From email address is not on whitelist" do + context "when From email address is not on allowlist" do before do - SiteSetting.email_domains_whitelist = "example.com|bar.com" + SiteSetting.allowed_email_domains = "example.com|bar.com" Fabricate(:group, incoming_email: "some_group@bar.com") end - include_examples "does not create staged users", :blacklist_whitelist_email, Email::Receiver::EmailNotAllowed + include_examples "does not create staged users", :blocklist_allowlist_email, Email::Receiver::EmailNotAllowed end - context "when From email address is on blacklist" do + context "when From email address is on blocklist" do before do - SiteSetting.email_domains_blacklist = "email.com|mail.com" + SiteSetting.blocked_email_domains = "email.com|mail.com" Fabricate(:group, incoming_email: "some_group@bar.com") end - include_examples "does not create staged users", :blacklist_whitelist_email, Email::Receiver::EmailNotAllowed + include_examples "does not create staged users", :blocklist_allowlist_email, Email::Receiver::EmailNotAllowed end - context "blacklist and whitelist for To and Cc" do + context "blocklist and allowlist for To and Cc" do before do Fabricate(:group, incoming_email: "some_group@bar.com") end - it "does not create staged users for email addresses not on whitelist" do - SiteSetting.email_domains_whitelist = "mail.com|example.com" - process(:blacklist_whitelist_email) + it "does not create staged users for email addresses not on allowlist" do + SiteSetting.allowed_email_domains = "mail.com|example.com" + process(:blocklist_allowlist_email) expect(User.find_by_email("alice@foo.com")).to be_nil expect(User.find_by_email("bob@foo.com")).to be_nil expect(User.find_by_email("carol@example.com")).to be_present end - it "does not create staged users for email addresses on blacklist" do - SiteSetting.email_domains_blacklist = "email.com|foo.com" - process(:blacklist_whitelist_email) + it "does not create staged users for email addresses on blocklist" do + SiteSetting.blocked_email_domains = "email.com|foo.com" + process(:blocklist_allowlist_email) expect(User.find_by_email("alice@foo.com")).to be_nil expect(User.find_by_email("bob@foo.com")).to be_nil diff --git a/spec/components/final_destination_spec.rb b/spec/components/final_destination_spec.rb index 33f7bf19cb8..ff61289e8af 100644 --- a/spec/components/final_destination_spec.rb +++ b/spec/components/final_destination_spec.rb @@ -396,7 +396,7 @@ describe FinalDestination do end it "returns false for IPV6 via site settings" do - SiteSetting.blacklist_ip_blocks = '2001:abc:de::/48|2002:abc:de::/48' + SiteSetting.blocked_ip_blocks = '2001:abc:de::/48|2002:abc:de::/48' expect(fd('https://[2001:abc:de:01:0:3f0:6a65:c2bf]').is_dest_valid?).to eq(false) expect(fd('https://[2002:abc:de:01:0:3f0:6a65:c2bf]').is_dest_valid?).to eq(false) expect(fd('https://internal-ipv6.com').is_dest_valid?).to eq(false) @@ -404,7 +404,7 @@ describe FinalDestination do end it "ignores invalid ranges" do - SiteSetting.blacklist_ip_blocks = '2001:abc:de::/48|eviltrout' + SiteSetting.blocked_ip_blocks = '2001:abc:de::/48|eviltrout' expect(fd('https://[2001:abc:de:01:0:3f0:6a65:c2bf]').is_dest_valid?).to eq(false) end @@ -432,8 +432,8 @@ describe FinalDestination do expect(fd("https://cdn.example.com/some/asset").is_dest_valid?).to eq(true) end - it 'supports whitelisting via a site setting' do - SiteSetting.whitelist_internal_hosts = 'private-host.com' + it 'supports allowlisting via a site setting' do + SiteSetting.allowed_internal_hosts = 'private-host.com' expect(fd("https://private-host.com/some/url").is_dest_valid?).to eq(true) end end diff --git a/spec/components/guardian_spec.rb b/spec/components/guardian_spec.rb index 60dc6c9a0f4..59dd96aa900 100644 --- a/spec/components/guardian_spec.rb +++ b/spec/components/guardian_spec.rb @@ -51,8 +51,8 @@ describe Guardian do expect(Guardian.new(user).link_posting_access).to eq('none') end - it "is limited for a user of a low trust level with a whitelist" do - SiteSetting.whitelisted_link_domains = 'example.com' + it "is limited for a user of a low trust level with a allowlist" do + SiteSetting.allowed_link_domains = 'example.com' user.trust_level = 0 SiteSetting.min_trust_to_post_links = 1 expect(Guardian.new(user).link_posting_access).to eq('limited') @@ -78,9 +78,9 @@ describe Guardian do expect(Guardian.new(user).can_post_link?(host: host)).to eq(false) end - describe "whitelisted host" do + describe "allowlisted host" do before do - SiteSetting.whitelisted_link_domains = host + SiteSetting.allowed_link_domains = host end it "allows a new user to post the link to the host" do @@ -2931,17 +2931,17 @@ describe Guardian do let!(:theme) { Fabricate(:theme) } let!(:theme2) { Fabricate(:theme) } - context "whitelist mode" do + context "allowlist mode" do before do - GlobalSetting.reset_whitelisted_theme_ids! - global_setting :whitelisted_theme_repos, " https://magic.com/repo.git, https://x.com/git" + GlobalSetting.reset_allowed_theme_ids! + global_setting :allowed_theme_repos, " https://magic.com/repo.git, https://x.com/git" end after do - GlobalSetting.reset_whitelisted_theme_ids! + GlobalSetting.reset_allowed_theme_ids! end - it "should respect theme whitelisting" do + it "should respect theme allowlisting" do r = RemoteTheme.create!(remote_url: "https://magic.com/repo.git") theme.update!(remote_theme_id: r.id) diff --git a/spec/components/inline_oneboxer_spec.rb b/spec/components/inline_oneboxer_spec.rb index 47c5abd6bb5..d00c9822ccc 100644 --- a/spec/components/inline_oneboxer_spec.rb +++ b/spec/components/inline_oneboxer_spec.rb @@ -116,7 +116,7 @@ describe InlineOneboxer do expect(onebox[:title]).to eq("Hello 🍕 with an emoji") end - it "will not crawl domains that aren't whitelisted" do + it "will not crawl domains that aren't allowlisted" do onebox = InlineOneboxer.lookup("https://eviltrout.com", skip_cache: true) expect(onebox).to be_blank end @@ -153,8 +153,8 @@ describe InlineOneboxer do expect(onebox[:title]).to eq(nil) end - it "will lookup whitelisted domains" do - SiteSetting.inline_onebox_domains_whitelist = "eviltrout.com" + it "will lookup allowlisted domains" do + SiteSetting.allowed_inline_onebox_domains = "eviltrout.com" RetrieveTitle.stubs(:crawl).returns("Evil Trout's Blog") onebox = InlineOneboxer.lookup( diff --git a/spec/components/middleware/anonymous_cache_spec.rb b/spec/components/middleware/anonymous_cache_spec.rb index d6dcdb27a4f..3cb42ce8b48 100644 --- a/spec/components/middleware/anonymous_cache_spec.rb +++ b/spec/components/middleware/anonymous_cache_spec.rb @@ -215,8 +215,8 @@ describe Middleware::AnonymousCache::Helper do @status, @response_header, @response = middleware.call(@env) end - it "applies whitelisted_crawler_user_agents correctly" do - SiteSetting.whitelisted_crawler_user_agents = 'Googlebot' + it "applies allowed_crawler_user_agents correctly" do + SiteSetting.allowed_crawler_user_agents = 'Googlebot' get '/', headers: { 'HTTP_USER_AGENT' => 'Googlebot/2.1 (+http://www.google.com/bot.html)' @@ -236,7 +236,7 @@ describe Middleware::AnonymousCache::Helper do end it "doesn't block api requests" do - SiteSetting.whitelisted_crawler_user_agents = 'Googlebot' + SiteSetting.allowed_crawler_user_agents = 'Googlebot' api_key = Fabricate(:api_key) get "/latest?api_key=#{api_key.key}&api_username=system", headers: { @@ -245,8 +245,8 @@ describe Middleware::AnonymousCache::Helper do expect(@status).to eq(200) end - it "applies blacklisted_crawler_user_agents correctly" do - SiteSetting.blacklisted_crawler_user_agents = 'Googlebot' + it "applies blocked_crawler_user_agents correctly" do + SiteSetting.blocked_crawler_user_agents = 'Googlebot' get '/', headers: non_crawler expect(@status).to eq(200) @@ -265,7 +265,7 @@ describe Middleware::AnonymousCache::Helper do end it "should never block robots.txt" do - SiteSetting.blacklisted_crawler_user_agents = 'Googlebot' + SiteSetting.blocked_crawler_user_agents = 'Googlebot' get '/robots.txt', headers: { 'HTTP_USER_AGENT' => 'Googlebot/2.1 (+http://www.google.com/bot.html)' @@ -275,7 +275,7 @@ describe Middleware::AnonymousCache::Helper do end it "should never block srv/status" do - SiteSetting.blacklisted_crawler_user_agents = 'Googlebot' + SiteSetting.blocked_crawler_user_agents = 'Googlebot' get '/srv/status', headers: { 'HTTP_USER_AGENT' => 'Googlebot/2.1 (+http://www.google.com/bot.html)' @@ -285,7 +285,7 @@ describe Middleware::AnonymousCache::Helper do end it "blocked crawlers shouldn't log page views" do - SiteSetting.blacklisted_crawler_user_agents = 'Googlebot' + SiteSetting.blocked_crawler_user_agents = 'Googlebot' get '/', headers: { 'HTTP_USER_AGENT' => 'Googlebot/2.1 (+http://www.google.com/bot.html)' @@ -295,7 +295,7 @@ describe Middleware::AnonymousCache::Helper do end it "blocks json requests" do - SiteSetting.blacklisted_crawler_user_agents = 'Googlebot' + SiteSetting.blocked_crawler_user_agents = 'Googlebot' get '/srv/status.json', headers: { 'HTTP_USER_AGENT' => 'Googlebot/2.1 (+http://www.google.com/bot.html)' diff --git a/spec/components/middleware/request_tracker_spec.rb b/spec/components/middleware/request_tracker_spec.rb index 67efd8c975e..7b36e61f20f 100644 --- a/spec/components/middleware/request_tracker_spec.rb +++ b/spec/components/middleware/request_tracker_spec.rb @@ -343,7 +343,7 @@ describe Middleware::RequestTracker do tracker.call(env("REQUEST_URI" => uri, "ANON_CACHE_DURATION" => 60)) expect(@data[:cache]).to eq("true") - # not whitelisted + # not allowlisted request_params.delete("a") expect(@env["action_dispatch.request.parameters"]).to eq(request_params) diff --git a/spec/components/onebox/engine/allowlisted_generic_onebox_spec.rb b/spec/components/onebox/engine/allowlisted_generic_onebox_spec.rb new file mode 100644 index 00000000000..756ac1fa6f6 --- /dev/null +++ b/spec/components/onebox/engine/allowlisted_generic_onebox_spec.rb @@ -0,0 +1,49 @@ +# frozen_string_literal: true + +require 'rails_helper' +require 'oneboxer' + +describe Onebox::Engine::AllowlistedGenericOnebox do + + describe ".===" do + + it "matches any domain" do + expect(described_class === URI('http://foo.bar/resource')).to be(true) + end + + it "doesn't match an IP address" do + expect(described_class === URI('http://1.2.3.4/resource')).to be(false) + expect(described_class === URI('http://1.2.3.4:1234/resource')).to be(false) + end + + end + + it "allowlists iframes" do + allowlisted_body = '' + blocklisted_body = '' + + allowlisted_oembed = { + type: "rich", + height: "100", + html: "" + } + + blocklisted_oembed = { + type: "rich", + height: "100", + html: "" + } + + stub_request(:get, "https://blocklist.ed/iframes").to_return(status: 200, body: blocklisted_body) + stub_request(:get, "https://blocklist.ed/iframes.json").to_return(status: 200, body: blocklisted_oembed.to_json) + + stub_request(:get, "https://allowlist.ed/iframes").to_return(status: 200, body: allowlisted_body) + stub_request(:get, "https://allowlist.ed/iframes.json").to_return(status: 200, body: allowlisted_oembed.to_json) + + SiteSetting.allowed_iframes = "discourse.org|https://ifram.es" + + expect(Onebox.preview("https://blocklist.ed/iframes").to_s).to be_empty + expect(Onebox.preview("https://allowlist.ed/iframes").to_s).to match("iframe src") + end + +end diff --git a/spec/components/onebox/engine/whitelisted_generic_onebox_spec.rb b/spec/components/onebox/engine/whitelisted_generic_onebox_spec.rb deleted file mode 100644 index dac0062f128..00000000000 --- a/spec/components/onebox/engine/whitelisted_generic_onebox_spec.rb +++ /dev/null @@ -1,49 +0,0 @@ -# frozen_string_literal: true - -require 'rails_helper' -require 'oneboxer' - -describe Onebox::Engine::WhitelistedGenericOnebox do - - describe ".===" do - - it "matches any domain" do - expect(described_class === URI('http://foo.bar/resource')).to be(true) - end - - it "doesn't match an IP address" do - expect(described_class === URI('http://1.2.3.4/resource')).to be(false) - expect(described_class === URI('http://1.2.3.4:1234/resource')).to be(false) - end - - end - - it "whitelists iframes" do - whitelisted_body = '' - blacklisted_body = '' - - whitelisted_oembed = { - type: "rich", - height: "100", - html: "" - } - - blacklisted_oembed = { - type: "rich", - height: "100", - html: "" - } - - stub_request(:get, "https://blacklist.ed/iframes").to_return(status: 200, body: blacklisted_body) - stub_request(:get, "https://blacklist.ed/iframes.json").to_return(status: 200, body: blacklisted_oembed.to_json) - - stub_request(:get, "https://whitelist.ed/iframes").to_return(status: 200, body: whitelisted_body) - stub_request(:get, "https://whitelist.ed/iframes.json").to_return(status: 200, body: whitelisted_oembed.to_json) - - SiteSetting.allowed_iframes = "discourse.org|https://ifram.es" - - expect(Onebox.preview("https://blacklist.ed/iframes").to_s).to be_empty - expect(Onebox.preview("https://whitelist.ed/iframes").to_s).to match("iframe src") - end - -end diff --git a/spec/components/oneboxer_spec.rb b/spec/components/oneboxer_spec.rb index f1681e5bc2b..17843e2a9d3 100644 --- a/spec/components/oneboxer_spec.rb +++ b/spec/components/oneboxer_spec.rb @@ -155,8 +155,8 @@ describe Oneboxer do end end - it "does not crawl blacklisted URLs" do - SiteSetting.onebox_domains_blacklist = "git.*.com|bitbucket.com" + it "does not crawl blocklisted URLs" do + SiteSetting.blocked_onebox_domains = "git.*.com|bitbucket.com" url = 'https://github.com/discourse/discourse/commit/21b562852885f883be43032e03c709241e8e6d4f' stub_request(:head, 'https://discourse.org/').to_return(status: 302, body: "", headers: { location: url }) @@ -164,7 +164,7 @@ describe Oneboxer do expect(Oneboxer.external_onebox('https://discourse.org/')[:onebox]).to be_empty end - it "does not consider ignore_redirects domains as blacklisted" do + it "does not consider ignore_redirects domains as blocklisted" do url = 'https://store.steampowered.com/app/271590/Grand_Theft_Auto_V/' stub_request(:head, url).to_return(status: 200, body: "", headers: {}) stub_request(:get, url).to_return(status: 200, body: "", headers: {}) diff --git a/spec/components/pretty_text_spec.rb b/spec/components/pretty_text_spec.rb index 823fb8900c2..073957026b7 100644 --- a/spec/components/pretty_text_spec.rb +++ b/spec/components/pretty_text_spec.rb @@ -762,7 +762,7 @@ describe PrettyText do context 'option to preserve onebox source' do it "should return the right excerpt" do - onebox = "\n\n\n" + onebox = "\n\n\n" expected = "meta.discourse.org" expect(PrettyText.excerpt(onebox, 100, keep_onebox_source: true)) @@ -1554,7 +1554,7 @@ HTML end - it "can properly whitelist iframes" do + it "can properly allowlist iframes" do SiteSetting.allowed_iframes = "https://bob.com/a|http://silly.com?EMBED=" raw = <<~IFRAMES @@ -1619,12 +1619,12 @@ HTML expect(cooked).to include("data-theme-a") end - it "whitelists lang attribute" do + it "allowlists lang attribute" do cooked = PrettyText.cook("
tester
tester
tester")
expect(cooked).to eq("tester
tester
tester")
end
- it "whitelists ruby tags" do
+ it "allowlists ruby tags" do
# read all about ruby chars at: https://en.wikipedia.org/wiki/Ruby_character
# basically it is super hard to remember every single rare letter when there are
# so many, so ruby tags provide a hint.
diff --git a/spec/components/site_setting_extension_spec.rb b/spec/components/site_setting_extension_spec.rb
index ee856e144c0..a366db09571 100644
--- a/spec/components/site_setting_extension_spec.rb
+++ b/spec/components/site_setting_extension_spec.rb
@@ -595,18 +595,18 @@ describe SiteSettingExtension do
describe "filter domain name" do
before do
- settings.setting(:white_listed_spam_host_domains, "www.example.com")
+ settings.setting(:allowed_spam_host_domains, "www.example.com")
settings.refresh!
end
it "filters domain" do
- settings.set("white_listed_spam_host_domains", "http://www.discourse.org/")
- expect(settings.white_listed_spam_host_domains).to eq("www.discourse.org")
+ settings.set("allowed_spam_host_domains", "http://www.discourse.org/")
+ expect(settings.allowed_spam_host_domains).to eq("www.discourse.org")
end
it "returns invalid domain as is, without throwing exception" do
- settings.set("white_listed_spam_host_domains", "test!url")
- expect(settings.white_listed_spam_host_domains).to eq("test!url")
+ settings.set("allowed_spam_host_domains", "test!url")
+ expect(settings.allowed_spam_host_domains).to eq("test!url")
end
end
diff --git a/spec/components/spam_handler_spec.rb b/spec/components/spam_handler_spec.rb
index f4216854d2f..310c4a17929 100644
--- a/spec/components/spam_handler_spec.rb
+++ b/spec/components/spam_handler_spec.rb
@@ -48,11 +48,11 @@ describe SpamHandler do
Fabricate(:user, ip_address: "42.42.42.42", trust_level: TrustLevel[0])
end
- it "doesn't limit registrations when the IP is whitelisted" do
+ it "doesn't limit registrations when the IP is allowlisted" do
# setup
SiteSetting.max_new_accounts_per_registration_ip = 0
Fabricate(:user, ip_address: "42.42.42.42", trust_level: TrustLevel[0])
- ScreenedIpAddress.stubs(:is_whitelisted?).with("42.42.42.42").returns(true)
+ ScreenedIpAddress.stubs(:is_allowed?).with("42.42.42.42").returns(true)
# should not limit registration
SiteSetting.max_new_accounts_per_registration_ip = 1
diff --git a/spec/components/user_name_suggester_spec.rb b/spec/components/user_name_suggester_spec.rb
index a7e9b19fab5..ed1673b66bf 100644
--- a/spec/components/user_name_suggester_spec.rb
+++ b/spec/components/user_name_suggester_spec.rb
@@ -171,14 +171,14 @@ describe UserNameSuggester do
.to eq('য়া-য়া-য়া-য়া-য়া-য়া-য়া-য়া-য়া-য়া-য়া-য়া-য়া-য়া-য়া')
end
- it "uses whitelist" do
- SiteSetting.unicode_username_character_whitelist = "[äöüßÄÖÜẞ]"
+ it "uses allowlist" do
+ SiteSetting.allowed_unicode_username_characters = "[äöüßÄÖÜẞ]"
expect(UserNameSuggester.suggest('πουλί')).to eq('111')
expect(UserNameSuggester.suggest('a鳥b')).to eq('a_b')
expect(UserNameSuggester.suggest('Löwe')).to eq('Löwe')
- SiteSetting.unicode_username_character_whitelist = "[য়া]"
+ SiteSetting.allowed_unicode_username_characters = "[য়া]"
expect(UserNameSuggester.suggest('aয়াb鳥c')).to eq('aয়াb_c')
end
end
diff --git a/spec/components/validators/email_validator_spec.rb b/spec/components/validators/email_validator_spec.rb
index 41c29e1b511..0290c7c99c7 100644
--- a/spec/components/validators/email_validator_spec.rb
+++ b/spec/components/validators/email_validator_spec.rb
@@ -21,8 +21,8 @@ describe EmailValidator do
expect(blocks?('SAM@sam.com')).to eq(true)
end
- it "blocks based on email_domains_blacklist" do
- SiteSetting.email_domains_blacklist = "email.com|mail.com|e-mail.com"
+ it "blocks based on blocked_email_domains" do
+ SiteSetting.blocked_email_domains = "email.com|mail.com|e-mail.com"
expect(blocks?('sam@email.com')).to eq(true)
expect(blocks?('sam@EMAIL.com')).to eq(true)
expect(blocks?('sam@bob.email.com')).to eq(true)
@@ -30,8 +30,8 @@ describe EmailValidator do
expect(blocks?('sam@googlemail.com')).to eq(false)
end
- it "blocks based on email_domains_whitelist" do
- SiteSetting.email_domains_whitelist = "googlemail.com|email.com"
+ it "blocks based on allowed_email_domains" do
+ SiteSetting.allowed_email_domains = "googlemail.com|email.com"
expect(blocks?('sam@email.com')).to eq(false)
expect(blocks?('sam@EMAIL.com')).to eq(false)
expect(blocks?('sam@bob.email.com')).to eq(false)
@@ -49,8 +49,8 @@ describe EmailValidator do
expect(EmailValidator.can_auto_approve_user?("foobar@example.com")).to eq(true)
end
- it "returns false if domain not present in email_domains_whitelist" do
- SiteSetting.email_domains_whitelist = "googlemail.com"
+ it "returns false if domain not present in allowed_email_domains" do
+ SiteSetting.allowed_email_domains = "googlemail.com"
SiteSetting.auto_approve_email_domains = "example.com|googlemail.com"
expect(EmailValidator.can_auto_approve_user?("foobar@example.com")).to eq(false)
diff --git a/spec/components/validators/unicode_username_whitelist_validator_spec.rb b/spec/components/validators/unicode_username_allowlist_validator_spec.rb
similarity index 76%
rename from spec/components/validators/unicode_username_whitelist_validator_spec.rb
rename to spec/components/validators/unicode_username_allowlist_validator_spec.rb
index 0deb2da8e9c..dff71443ff6 100644
--- a/spec/components/validators/unicode_username_whitelist_validator_spec.rb
+++ b/spec/components/validators/unicode_username_allowlist_validator_spec.rb
@@ -2,16 +2,16 @@
require 'rails_helper'
-describe UnicodeUsernameWhitelistValidator do
+describe UnicodeUsernameAllowlistValidator do
subject { described_class.new }
- it "allows an empty whitelist" do
+ it "allows an empty allowlist" do
expect(subject.valid_value?("")).to eq(true)
expect(subject.error_message).to be_blank
end
it "disallows leading and trailing slashes" do
- expected_error = I18n.t("site_settings.errors.unicode_username_whitelist.leading_trailing_slash")
+ expected_error = I18n.t("site_settings.errors.allowed_unicode_usernames.leading_trailing_slash")
expect(subject.valid_value?("/foo/")).to eq(false)
expect(subject.error_message).to eq(expected_error)
@@ -30,7 +30,7 @@ describe UnicodeUsernameWhitelistValidator do
end
it "detects invalid regular expressions" do
- expected_error = I18n.t("site_settings.errors.unicode_username_whitelist.regex_invalid", error: "")
+ expected_error = I18n.t("site_settings.errors.allowed_unicode_usernames.regex_invalid", error: "")
expect(subject.valid_value?("\\p{Foo}")).to eq(false)
expect(subject.error_message).to start_with(expected_error)
diff --git a/spec/fixtures/emails/auto_generated_whitelisted.eml b/spec/fixtures/emails/auto_generated_allowlisted.eml
similarity index 100%
rename from spec/fixtures/emails/auto_generated_whitelisted.eml
rename to spec/fixtures/emails/auto_generated_allowlisted.eml
diff --git a/spec/fixtures/emails/blacklist_whitelist_email.eml b/spec/fixtures/emails/blocklist_allowlist_email.eml
similarity index 85%
rename from spec/fixtures/emails/blacklist_whitelist_email.eml
rename to spec/fixtures/emails/blocklist_allowlist_email.eml
index f9b0adf7905..7ffe3674ac0 100644
--- a/spec/fixtures/emails/blacklist_whitelist_email.eml
+++ b/spec/fixtures/emails/blocklist_allowlist_email.eml
@@ -8,4 +8,4 @@ Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
-Email from a domain on blacklist or whitelist.
+Email from a domain on blocklist or allowlist.
diff --git a/spec/lib/content_security_policy_spec.rb b/spec/lib/content_security_policy_spec.rb
index 4196b29d669..bad12dd2c31 100644
--- a/spec/lib/content_security_policy_spec.rb
+++ b/spec/lib/content_security_policy_spec.rb
@@ -66,7 +66,7 @@ describe ContentSecurityPolicy do
expect(script_srcs).to include("'report-sample'")
end
- it 'whitelists Google Analytics and Tag Manager when integrated' do
+ it 'allowlists Google Analytics and Tag Manager when integrated' do
SiteSetting.ga_universal_tracking_code = 'UA-12345678-9'
SiteSetting.gtm_container_id = 'GTM-ABCDEF'
@@ -75,7 +75,7 @@ describe ContentSecurityPolicy do
expect(script_srcs).to include('https://www.googletagmanager.com/gtm.js')
end
- it 'whitelists CDN assets when integrated' do
+ it 'allowlists CDN assets when integrated' do
set_cdn_url('https://cdn.com')
script_srcs = parse(policy)['script-src']
diff --git a/spec/lib/upload_creator_spec.rb b/spec/lib/upload_creator_spec.rb
index 91a431565cb..6ca63b7e3c6 100644
--- a/spec/lib/upload_creator_spec.rb
+++ b/spec/lib/upload_creator_spec.rb
@@ -402,7 +402,7 @@ RSpec.describe UploadCreator do
end
end
- describe '#whitelist_svg!' do
+ describe '#clean_svg!' do
let(:b64) do
Base64.encode64('')
end
@@ -428,7 +428,7 @@ RSpec.describe UploadCreator do
it 'removes event handlers' do
begin
- UploadCreator.new(file, 'file.svg').whitelist_svg!
+ UploadCreator.new(file, 'file.svg').clean_svg!
file_content = file.read
expect(file_content).not_to include('onload')
expect(file_content).to include('#pathdef')
diff --git a/spec/models/embeddable_host_spec.rb b/spec/models/embeddable_host_spec.rb
index 66b81b9bd45..2a76688553c 100644
--- a/spec/models/embeddable_host_spec.rb
+++ b/spec/models/embeddable_host_spec.rb
@@ -96,37 +96,37 @@ describe EmbeddableHost do
end
end
- describe "path_whitelist" do
+ describe "allowed_paths" do
it "matches the path" do
- Fabricate(:embeddable_host, path_whitelist: '^/fp/\d{4}/\d{2}/\d{2}/.*$')
+ Fabricate(:embeddable_host, allowed_paths: '^/fp/\d{4}/\d{2}/\d{2}/.*$')
expect(EmbeddableHost.url_allowed?('http://eviltrout.com')).to eq(false)
expect(EmbeddableHost.url_allowed?('http://eviltrout.com/fp/2016/08/25/test-page')).to eq(true)
end
it "respects query parameters" do
- Fabricate(:embeddable_host, path_whitelist: '^/fp$')
+ Fabricate(:embeddable_host, allowed_paths: '^/fp$')
expect(EmbeddableHost.url_allowed?('http://eviltrout.com/fp?test=1')).to eq(false)
expect(EmbeddableHost.url_allowed?('http://eviltrout.com/fp')).to eq(true)
end
it "allows multiple records with different paths" do
- Fabricate(:embeddable_host, path_whitelist: '/rick/.*')
- Fabricate(:embeddable_host, path_whitelist: '/morty/.*')
+ Fabricate(:embeddable_host, allowed_paths: '/rick/.*')
+ Fabricate(:embeddable_host, allowed_paths: '/morty/.*')
expect(EmbeddableHost.url_allowed?('http://eviltrout.com/rick/smith')).to eq(true)
expect(EmbeddableHost.url_allowed?('http://eviltrout.com/morty/sanchez')).to eq(true)
end
it "works with non-english paths" do
- Fabricate(:embeddable_host, path_whitelist: '/انگلیسی/.*')
- Fabricate(:embeddable_host, path_whitelist: '/definição/.*')
+ Fabricate(:embeddable_host, allowed_paths: '/انگلیسی/.*')
+ Fabricate(:embeddable_host, allowed_paths: '/definição/.*')
expect(EmbeddableHost.url_allowed?('http://eviltrout.com/انگلیسی/foo')).to eq(true)
expect(EmbeddableHost.url_allowed?('http://eviltrout.com/definição/foo')).to eq(true)
expect(EmbeddableHost.url_allowed?('http://eviltrout.com/bar/foo')).to eq(false)
end
it "works with URL encoded paths" do
- Fabricate(:embeddable_host, path_whitelist: '/definição/.*')
- Fabricate(:embeddable_host, path_whitelist: '/ingl%C3%A9s/.*')
+ Fabricate(:embeddable_host, allowed_paths: '/definição/.*')
+ Fabricate(:embeddable_host, allowed_paths: '/ingl%C3%A9s/.*')
expect(EmbeddableHost.url_allowed?('http://eviltrout.com/defini%C3%A7%C3%A3o/foo')).to eq(true)
expect(EmbeddableHost.url_allowed?('http://eviltrout.com/inglés/foo')).to eq(true)
diff --git a/spec/models/invite_spec.rb b/spec/models/invite_spec.rb
index 9bc3e33ff94..fc81d4d8d3f 100644
--- a/spec/models/invite_spec.rb
+++ b/spec/models/invite_spec.rb
@@ -33,12 +33,12 @@ describe Invite do
expect(invite.errors.details[:email].first[:error]).to eq(I18n.t("user.email.invalid"))
end
- it "should not allow an invite with blacklisted email" do
+ it "should not allow an invite with blocklisted email" do
invite = Invite.create(email: "test@mailinator.com", invited_by: coding_horror)
expect(invite).not_to be_valid
end
- it "should allow an invite with non-blacklisted email" do
+ it "should allow an invite with non-blocklisted email" do
invite = Fabricate(:invite, email: "test@mail.com", invited_by: coding_horror)
expect(invite).to be_valid
end
diff --git a/spec/models/post_analyzer_spec.rb b/spec/models/post_analyzer_spec.rb
index 70addd30cd2..f0dd58d814f 100644
--- a/spec/models/post_analyzer_spec.rb
+++ b/spec/models/post_analyzer_spec.rb
@@ -156,8 +156,8 @@ describe PostAnalyzer do
expect(post_analyzer.image_count).to eq(0)
end
- it "doesn't count whitelisted images" do
- Post.stubs(:white_listed_image_classes).returns(["classy"])
+ it "doesn't count allowlisted images" do
+ Post.stubs(:allowed_image_classes).returns(["classy"])
PrettyText.stubs(:cook).returns(raw_post_with_two_classy_images)
post_analyzer = PostAnalyzer.new(raw_post_with_two_classy_images, default_topic_id)
expect(post_analyzer.image_count).to eq(0)
diff --git a/spec/models/post_spec.rb b/spec/models/post_spec.rb
index 24c89305dd1..559b1ff06e8 100644
--- a/spec/models/post_spec.rb
+++ b/spec/models/post_spec.rb
@@ -310,9 +310,9 @@ describe Post do
expect(post_with_thumbnail.image_count).to eq(0)
end
- it "doesn't count whitelisted images" do
- Post.stubs(:white_listed_image_classes).returns(["classy"])
- # I dislike this, but passing in a custom whitelist is hard
+ it "doesn't count allowlisted images" do
+ Post.stubs(:allowed_image_classes).returns(["classy"])
+ # I dislike this, but passing in a custom allowlist is hard
PrettyText.stubs(:cook).returns(post_with_two_classy_images.raw)
expect(post_with_two_classy_images.image_count).to eq(0)
end
@@ -527,8 +527,8 @@ describe Post do
expect(post_one_link).not_to be_valid
end
- it "will skip the check for whitelisted domains" do
- SiteSetting.whitelisted_link_domains = 'www.bbc.co.uk'
+ it "will skip the check for allowlisted domains" do
+ SiteSetting.allowed_link_domains = 'www.bbc.co.uk'
SiteSetting.min_trust_to_post_links = 2
post_two_links.user.trust_level = TrustLevel[1]
expect(post_one_link).to be_valid
@@ -1107,7 +1107,7 @@ describe Post do
expect(post.has_host_spam?).to eq(true)
- SiteSetting.white_listed_spam_host_domains = "bla.com|boo.com | example.net "
+ SiteSetting.allowed_spam_host_domains = "bla.com|boo.com | example.net "
expect(post.has_host_spam?).to eq(false)
end
diff --git a/spec/models/screened_ip_address_spec.rb b/spec/models/screened_ip_address_spec.rb
index 84876a122ff..5c069135fb5 100644
--- a/spec/models/screened_ip_address_spec.rb
+++ b/spec/models/screened_ip_address_spec.rb
@@ -212,37 +212,37 @@ describe ScreenedIpAddress do
end
end
- describe '#is_whitelisted?' do
+ describe '#is_allowed?' do
it 'returns false when record does not exist' do
- expect(described_class.is_whitelisted?(ip_address)).to eq(false)
+ expect(described_class.is_allowed?(ip_address)).to eq(false)
end
it 'returns false when no record matches' do
Fabricate(:screened_ip_address, ip_address: '111.234.23.11', action_type: described_class.actions[:do_nothing])
- expect(described_class.is_whitelisted?('222.12.12.12')).to eq(false)
+ expect(described_class.is_allowed?('222.12.12.12')).to eq(false)
end
context 'IPv4' do
it 'returns true when when record matches and action is :do_nothing' do
Fabricate(:screened_ip_address, ip_address: '111.234.23.11', action_type: described_class.actions[:do_nothing])
- expect(described_class.is_whitelisted?('111.234.23.11')).to eq(true)
+ expect(described_class.is_allowed?('111.234.23.11')).to eq(true)
end
it 'returns false when when record matches and action is :block' do
Fabricate(:screened_ip_address, ip_address: '111.234.23.11', action_type: described_class.actions[:block])
- expect(described_class.is_whitelisted?('111.234.23.11')).to eq(false)
+ expect(described_class.is_allowed?('111.234.23.11')).to eq(false)
end
end
context 'IPv6' do
it 'returns true when when record matches and action is :do_nothing' do
Fabricate(:screened_ip_address, ip_address: '2001:db8::ff00:42:8329', action_type: described_class.actions[:do_nothing])
- expect(described_class.is_whitelisted?('2001:db8::ff00:42:8329')).to eq(true)
+ expect(described_class.is_allowed?('2001:db8::ff00:42:8329')).to eq(true)
end
it 'returns false when when record matches and action is :block' do
Fabricate(:screened_ip_address, ip_address: '2001:db8::ff00:42:8329', action_type: described_class.actions[:block])
- expect(described_class.is_whitelisted?('2001:db8::ff00:42:8329')).to eq(false)
+ expect(described_class.is_allowed?('2001:db8::ff00:42:8329')).to eq(false)
end
end
end
@@ -250,12 +250,12 @@ describe ScreenedIpAddress do
describe '#block_admin_login?' do
context 'no allow_admin records exist' do
- it "returns false when use_admin_ip_whitelist is false" do
+ it "returns false when use_admin_ip_allowlist is false" do
expect(described_class.block_admin_login?(Fabricate.build(:user), '123.12.12.12')).to eq(false)
end
- context "use_admin_ip_whitelist is true" do
- before { SiteSetting.use_admin_ip_whitelist = true }
+ context "use_admin_ip_allowlist is true" do
+ before { SiteSetting.use_admin_ip_allowlist = true }
it "returns false when user is nil" do
expect(described_class.block_admin_login?(nil, '123.12.12.12')).to eq(false)
@@ -281,12 +281,12 @@ describe ScreenedIpAddress do
Fabricate(:screened_ip_address, ip_address: @permitted_ip_address, action_type: described_class.actions[:allow_admin])
end
- it "returns false when use_admin_ip_whitelist is false" do
+ it "returns false when use_admin_ip_allowlist is false" do
expect(described_class.block_admin_login?(Fabricate.build(:admin), '123.12.12.12')).to eq(false)
end
- context "use_admin_ip_whitelist is true" do
- before { SiteSetting.use_admin_ip_whitelist = true }
+ context "use_admin_ip_allowlist is true" do
+ before { SiteSetting.use_admin_ip_allowlist = true }
it "returns false when user is nil" do
expect(described_class.block_admin_login?(nil, @permitted_ip_address)).to eq(false)
diff --git a/spec/models/site_setting_spec.rb b/spec/models/site_setting_spec.rb
index fc185415451..9b87678b3fd 100644
--- a/spec/models/site_setting_spec.rb
+++ b/spec/models/site_setting_spec.rb
@@ -197,11 +197,11 @@ describe SiteSetting do
describe 'cached settings' do
it 'should recalcualte cached setting when dependent settings are changed' do
- SiteSetting.attachment_filename_blacklist = 'foo'
- expect(SiteSetting.attachment_filename_blacklist_regex).to eq(/foo/)
+ SiteSetting.blocked_attachment_filenames = 'foo'
+ expect(SiteSetting.blocked_attachment_filenames_regex).to eq(/foo/)
- SiteSetting.attachment_filename_blacklist = 'foo|bar'
- expect(SiteSetting.attachment_filename_blacklist_regex).to eq(/foo|bar/)
+ SiteSetting.blocked_attachment_filenames = 'foo|bar'
+ expect(SiteSetting.blocked_attachment_filenames_regex).to eq(/foo|bar/)
end
end
end
diff --git a/spec/models/topic_embed_spec.rb b/spec/models/topic_embed_spec.rb
index bc061ddcbe4..48df6ce768f 100644
--- a/spec/models/topic_embed_spec.rb
+++ b/spec/models/topic_embed_spec.rb
@@ -192,7 +192,7 @@ describe TopicEmbed do
response = nil
before do
- SiteSetting.embed_classname_whitelist = 'emoji, foo'
+ SiteSetting.allowed_embed_classnames = 'emoji, foo'
file.stubs(:read).returns contents
TopicEmbed.stubs(:open).returns file
stub_request(:head, url)
@@ -252,7 +252,7 @@ describe TopicEmbed do
response = nil
before(:each) do
- SiteSetting.embed_classname_whitelist = ''
+ SiteSetting.allowed_embed_classnames = ''
file.stubs(:read).returns contents
TopicEmbed.stubs(:open).returns file
stub_request(:head, url)
diff --git a/spec/models/topic_link_click_spec.rb b/spec/models/topic_link_click_spec.rb
index 121bb872213..a4d6771db65 100644
--- a/spec/models/topic_link_click_spec.rb
+++ b/spec/models/topic_link_click_spec.rb
@@ -47,7 +47,7 @@ describe TopicLinkClick do
click = TopicLinkClick.create_from(url: "http://url-that-doesnt-exist.com", post_id: @post.id, ip: '127.0.0.1')
expect(click).to eq(nil)
- # redirects if whitelisted
+ # redirects if allowlisted
click = TopicLinkClick.create_from(url: "https://www.youtube.com/watch?v=jYd_5aggzd4", post_id: @post.id, ip: '127.0.0.1')
expect(click).to eq("https://www.youtube.com/watch?v=jYd_5aggzd4")
diff --git a/spec/models/user_profile_spec.rb b/spec/models/user_profile_spec.rb
index eb1121342ee..65221592b0b 100644
--- a/spec/models/user_profile_spec.rb
+++ b/spec/models/user_profile_spec.rb
@@ -47,8 +47,8 @@ describe UserProfile do
expect(user_profile).to_not be_valid
end
- it "validates website domain if user_website_domains_whitelist setting is present" do
- SiteSetting.user_website_domains_whitelist = "discourse.org"
+ it "validates website domain if allowed_user_website_domains setting is present" do
+ SiteSetting.allowed_user_website_domains = "discourse.org"
user_profile.website = "https://google.com"
expect(user_profile).not_to be_valid
@@ -58,7 +58,7 @@ describe UserProfile do
end
it "doesn't blow up with an invalid URI" do
- SiteSetting.user_website_domains_whitelist = "discourse.org"
+ SiteSetting.allowed_user_website_domains = "discourse.org"
user_profile.website = 'user - https://forum.example.com/user'
expect { user_profile.save! }.to raise_error(ActiveRecord::RecordInvalid)
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 313d3819900..fbaa52a4931 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -755,108 +755,108 @@ describe User do
expect(user).to be_valid
end
- it 'should reject some emails based on the email_domains_blacklist site setting' do
- SiteSetting.email_domains_blacklist = 'mailinator.com'
+ it 'should reject some emails based on the blocked_email_domains site setting' do
+ SiteSetting.blocked_email_domains = 'mailinator.com'
expect(Fabricate.build(:user, email: 'notgood@mailinator.com')).not_to be_valid
expect(Fabricate.build(:user, email: 'mailinator@gmail.com')).to be_valid
end
- it 'should reject some emails based on the email_domains_blacklist site setting' do
- SiteSetting.email_domains_blacklist = 'mailinator.com|trashmail.net'
+ it 'should reject some emails based on the blocked_email_domains site setting' do
+ SiteSetting.blocked_email_domains = 'mailinator.com|trashmail.net'
expect(Fabricate.build(:user, email: 'notgood@mailinator.com')).not_to be_valid
expect(Fabricate.build(:user, email: 'notgood@trashmail.net')).not_to be_valid
expect(Fabricate.build(:user, email: 'mailinator.com@gmail.com')).to be_valid
end
it 'should not reject partial matches' do
- SiteSetting.email_domains_blacklist = 'mail.com'
+ SiteSetting.blocked_email_domains = 'mail.com'
expect(Fabricate.build(:user, email: 'mailinator@gmail.com')).to be_valid
end
- it 'should reject some emails based on the email_domains_blacklist site setting ignoring case' do
- SiteSetting.email_domains_blacklist = 'trashmail.net'
+ it 'should reject some emails based on the blocked_email_domains site setting ignoring case' do
+ SiteSetting.blocked_email_domains = 'trashmail.net'
expect(Fabricate.build(:user, email: 'notgood@TRASHMAIL.NET')).not_to be_valid
end
- it 'should reject emails based on the email_domains_blacklist site setting matching subdomain' do
- SiteSetting.email_domains_blacklist = 'domain.com'
+ it 'should reject emails based on the blocked_email_domains site setting matching subdomain' do
+ SiteSetting.blocked_email_domains = 'domain.com'
expect(Fabricate.build(:user, email: 'notgood@sub.domain.com')).not_to be_valid
end
- it 'skips the blacklist if skip_email_validation is set' do
- SiteSetting.email_domains_blacklist = 'domain.com'
+ it 'skips the blocklist if skip_email_validation is set' do
+ SiteSetting.blocked_email_domains = 'domain.com'
user = Fabricate.build(:user, email: 'notgood@sub.domain.com')
user.skip_email_validation = true
expect(user).to be_valid
end
- it 'blacklist should not reject developer emails' do
+ it 'blocklist should not reject developer emails' do
Rails.configuration.stubs(:developer_emails).returns('developer@discourse.org')
- SiteSetting.email_domains_blacklist = 'discourse.org'
+ SiteSetting.blocked_email_domains = 'discourse.org'
expect(Fabricate.build(:user, email: 'developer@discourse.org')).to be_valid
end
it 'should not interpret a period as a wildcard' do
- SiteSetting.email_domains_blacklist = 'trashmail.net'
+ SiteSetting.blocked_email_domains = 'trashmail.net'
expect(Fabricate.build(:user, email: 'good@trashmailinet.com')).to be_valid
end
it 'should not be used to validate existing records' do
- u = Fabricate(:user, email: 'in_before_blacklisted@fakemail.com')
- SiteSetting.email_domains_blacklist = 'fakemail.com'
+ u = Fabricate(:user, email: 'in_before_blocklisted@fakemail.com')
+ SiteSetting.blocked_email_domains = 'fakemail.com'
expect(u).to be_valid
end
it 'should be used when email is being changed' do
- SiteSetting.email_domains_blacklist = 'mailinator.com'
+ SiteSetting.blocked_email_domains = 'mailinator.com'
u = Fabricate(:user, email: 'good@gmail.com')
u.email = 'nope@mailinator.com'
expect(u).not_to be_valid
end
- it 'whitelist should reject some emails based on the email_domains_whitelist site setting' do
- SiteSetting.email_domains_whitelist = 'vaynermedia.com'
+ it 'allowlist should reject some emails based on the allowed_email_domains site setting' do
+ SiteSetting.allowed_email_domains = 'vaynermedia.com'
user = Fabricate.build(:user, email: 'notgood@mailinator.com')
expect(user).not_to be_valid
expect(user.errors.messages[:primary_email]).to include(I18n.t('user.email.not_allowed'))
expect(Fabricate.build(:user, email: 'sbauch@vaynermedia.com')).to be_valid
end
- it 'should reject some emails based on the email_domains_whitelist site setting when whitelisting multiple domains' do
- SiteSetting.email_domains_whitelist = 'vaynermedia.com|gmail.com'
+ it 'should reject some emails based on the allowed_email_domains site setting when allowlisting multiple domains' do
+ SiteSetting.allowed_email_domains = 'vaynermedia.com|gmail.com'
expect(Fabricate.build(:user, email: 'notgood@mailinator.com')).not_to be_valid
expect(Fabricate.build(:user, email: 'notgood@trashmail.net')).not_to be_valid
expect(Fabricate.build(:user, email: 'mailinator.com@gmail.com')).to be_valid
expect(Fabricate.build(:user, email: 'mailinator.com@vaynermedia.com')).to be_valid
end
- it 'should accept some emails based on the email_domains_whitelist site setting ignoring case' do
- SiteSetting.email_domains_whitelist = 'vaynermedia.com'
+ it 'should accept some emails based on the allowed_email_domains site setting ignoring case' do
+ SiteSetting.allowed_email_domains = 'vaynermedia.com'
expect(Fabricate.build(:user, email: 'good@VAYNERMEDIA.COM')).to be_valid
end
- it 'whitelist should accept developer emails' do
+ it 'allowlist should accept developer emails' do
Rails.configuration.stubs(:developer_emails).returns('developer@discourse.org')
- SiteSetting.email_domains_whitelist = 'awesome.org'
+ SiteSetting.allowed_email_domains = 'awesome.org'
expect(Fabricate.build(:user, email: 'developer@discourse.org')).to be_valid
end
- it 'email whitelist should not be used to validate existing records' do
- u = Fabricate(:user, email: 'in_before_whitelisted@fakemail.com')
- SiteSetting.email_domains_blacklist = 'vaynermedia.com'
+ it 'email allowlist should not be used to validate existing records' do
+ u = Fabricate(:user, email: 'in_before_allowlisted@fakemail.com')
+ SiteSetting.blocked_email_domains = 'vaynermedia.com'
expect(u).to be_valid
end
- it 'email whitelist should be used when email is being changed' do
- SiteSetting.email_domains_whitelist = 'vaynermedia.com'
+ it 'email allowlist should be used when email is being changed' do
+ SiteSetting.allowed_email_domains = 'vaynermedia.com'
u = Fabricate(:user, email: 'good@vaynermedia.com')
u.email = 'nope@mailinator.com'
expect(u).not_to be_valid
end
it "doesn't validate email address for staged users" do
- SiteSetting.email_domains_whitelist = "foo.com"
- SiteSetting.email_domains_blacklist = "bar.com"
+ SiteSetting.allowed_email_domains = "foo.com"
+ SiteSetting.blocked_email_domains = "bar.com"
user = Fabricate.build(:user, staged: true, email: "foo@bar.com")
diff --git a/spec/models/username_validator_spec.rb b/spec/models/username_validator_spec.rb
index eb45a229982..5bf51119969 100644
--- a/spec/models/username_validator_spec.rb
+++ b/spec/models/username_validator_spec.rb
@@ -178,27 +178,27 @@ describe UsernameValidator do
expect_valid('தமிழ்')
end
- it 'allows all Unicode letters when the whitelist is empty' do
+ it 'allows all Unicode letters when the allowlist is empty' do
expect_valid('鳥')
end
- context "with Unicode whitelist" do
- before { SiteSetting.unicode_username_character_whitelist = "[äöüÄÖÜß]" }
+ context "with Unicode allowlist" do
+ before { SiteSetting.allowed_unicode_username_characters = "[äöüÄÖÜß]" }
- it 'is invalid when username contains non-whitelisted letters' do
+ it 'is invalid when username contains non-allowlisted letters' do
expect_invalid('鳥', 'francès', error_message: I18n.t(:'user.username.characters'))
end
- it 'is valid when username contains only whitelisted letters' do
+ it 'is valid when username contains only allowlisted letters' do
expect_valid('Löwe', 'Ötzi')
end
- it 'is valid when username contains only ASCII letters and numbers regardless of whitelist' do
+ it 'is valid when username contains only ASCII letters and numbers regardless of allowlist' do
expect_valid('a-z_A-Z.0-9')
end
it 'is valid after resetting the site setting' do
- SiteSetting.unicode_username_character_whitelist = ""
+ SiteSetting.allowed_unicode_username_characters = ""
expect_valid('鳥')
end
end
diff --git a/spec/requests/admin/themes_controller_spec.rb b/spec/requests/admin/themes_controller_spec.rb
index a7d42ce4f9b..1db8e6ce495 100644
--- a/spec/requests/admin/themes_controller_spec.rb
+++ b/spec/requests/admin/themes_controller_spec.rb
@@ -100,17 +100,17 @@ describe Admin::ThemesController do
file_from_fixtures("logo.png")
end
- context 'when theme whitelist mode is enabled' do
+ context 'when theme allowlist mode is enabled' do
before do
- GlobalSetting.reset_whitelisted_theme_ids!
- global_setting :whitelisted_theme_repos, "https://github.com/discourse/discourse-brand-header"
+ GlobalSetting.reset_allowed_theme_ids!
+ global_setting :allowed_theme_repos, "https://github.com/discourse/discourse-brand-header"
end
after do
- GlobalSetting.reset_whitelisted_theme_ids!
+ GlobalSetting.reset_allowed_theme_ids!
end
- it "allows whitelisted imports" do
+ it "allows allowlisted imports" do
RemoteTheme.stubs(:import_theme)
post "/admin/themes/import.json", params: {
remote: ' https://github.com/discourse/discourse-brand-header '
@@ -308,14 +308,14 @@ describe Admin::ThemesController do
expect(SiteSetting.default_theme_id).to eq(-1)
end
- context 'when theme whitelist mode is enabled' do
+ context 'when theme allowlist mode is enabled' do
before do
- GlobalSetting.reset_whitelisted_theme_ids!
- global_setting :whitelisted_theme_repos, " https://magic.com/repo.git, https://x.com/git"
+ GlobalSetting.reset_allowed_theme_ids!
+ global_setting :allowed_theme_repos, " https://magic.com/repo.git, https://x.com/git"
end
after do
- GlobalSetting.reset_whitelisted_theme_ids!
+ GlobalSetting.reset_allowed_theme_ids!
end
it 'unconditionally bans theme_fields from updating' do
diff --git a/spec/requests/posts_controller_spec.rb b/spec/requests/posts_controller_spec.rb
index 6622b42acf6..f2d11f4de6c 100644
--- a/spec/requests/posts_controller_spec.rb
+++ b/spec/requests/posts_controller_spec.rb
@@ -125,7 +125,7 @@ describe PostsController do
let(:url) { "/posts/#{post.id}/reply-history.json" }
end
- it "returns the replies with whitelisted user custom fields" do
+ it "returns the replies with allowlisted user custom fields" do
parent = Fabricate(:post)
child = Fabricate(:post, topic: parent.topic, reply_to_post_number: parent.post_number)
diff --git a/spec/requests/reviewables_controller_spec.rb b/spec/requests/reviewables_controller_spec.rb
index b8364592e6f..28a919b3094 100644
--- a/spec/requests/reviewables_controller_spec.rb
+++ b/spec/requests/reviewables_controller_spec.rb
@@ -196,7 +196,7 @@ describe ReviewablesController do
context "with user custom field" do
before do
plugin = Plugin::Instance.new
- plugin.whitelist_public_user_custom_field :public_field
+ plugin.allow_public_user_custom_field :public_field
end
after do
diff --git a/spec/requests/robots_txt_controller_spec.rb b/spec/requests/robots_txt_controller_spec.rb
index 151f9d60ba6..3fed57ccae6 100644
--- a/spec/requests/robots_txt_controller_spec.rb
+++ b/spec/requests/robots_txt_controller_spec.rb
@@ -93,8 +93,8 @@ RSpec.describe RobotsTxtController do
expect(response.body[i..-1]).to include("Disallow: /auth/")
end
- it "can whitelist user agents" do
- SiteSetting.whitelisted_crawler_user_agents = "Googlebot|Twitterbot"
+ it "can allowlist user agents" do
+ SiteSetting.allowed_crawler_user_agents = "Googlebot|Twitterbot"
get '/robots.txt'
expect(response.body).to include('User-agent: Googlebot')
expect(response.body).to include('User-agent: Twitterbot')
@@ -105,8 +105,8 @@ RSpec.describe RobotsTxtController do
expect_allowed_and_disallowed_sections(allowed_index, disallow_all_index)
end
- it "can blacklist user agents" do
- SiteSetting.blacklisted_crawler_user_agents = "Googlebot|Twitterbot"
+ it "can blocklist user agents" do
+ SiteSetting.blocked_crawler_user_agents = "Googlebot|Twitterbot"
get '/robots.txt'
expect(response.body).to include('User-agent: Googlebot')
expect(response.body).to include('User-agent: Twitterbot')
@@ -117,9 +117,9 @@ RSpec.describe RobotsTxtController do
expect_allowed_and_disallowed_sections(allow_index, disallow_index)
end
- it "ignores blacklist if whitelist is set" do
- SiteSetting.whitelisted_crawler_user_agents = "Googlebot|Twitterbot"
- SiteSetting.blacklisted_crawler_user_agents = "Bananabot"
+ it "ignores blocklist if allowlist is set" do
+ SiteSetting.allowed_crawler_user_agents = "Googlebot|Twitterbot"
+ SiteSetting.blocked_crawler_user_agents = "Bananabot"
get '/robots.txt'
expect(response.body).to_not include('Bananabot')
expect(response.body).to include('User-agent: Googlebot')
diff --git a/spec/requests/session_controller_spec.rb b/spec/requests/session_controller_spec.rb
index dd44d52970e..a4542c0cc5a 100644
--- a/spec/requests/session_controller_spec.rb
+++ b/spec/requests/session_controller_spec.rb
@@ -212,7 +212,7 @@ RSpec.describe SessionController do
action_type: ScreenedIpAddress.actions[:allow_admin]
)
- SiteSetting.use_admin_ip_whitelist = true
+ SiteSetting.use_admin_ip_allowlist = true
user.update!(admin: true)
end
@@ -1614,7 +1614,7 @@ RSpec.describe SessionController do
context 'when admins are restricted by ip address' do
before do
- SiteSetting.use_admin_ip_whitelist = true
+ SiteSetting.use_admin_ip_allowlist = true
ScreenedIpAddress.all.destroy_all
end
diff --git a/spec/requests/topics_controller_spec.rb b/spec/requests/topics_controller_spec.rb
index b71d3bbbabe..83c0ae9e006 100644
--- a/spec/requests/topics_controller_spec.rb
+++ b/spec/requests/topics_controller_spec.rb
@@ -679,7 +679,7 @@ RSpec.describe TopicsController do
expect(response.status).to eq(400)
end
- it 'raises an error with a status not in the whitelist' do
+ it 'raises an error with a status not in the allowlist' do
put "/t/#{topic.id}/status.json", params: {
status: 'title', enabled: 'true'
}
diff --git a/spec/requests/users_controller_spec.rb b/spec/requests/users_controller_spec.rb
index 629c8f2f55e..77c8b404734 100644
--- a/spec/requests/users_controller_spec.rb
+++ b/spec/requests/users_controller_spec.rb
@@ -2982,9 +2982,9 @@ describe UsersController do
expect(response.status).to eq(422)
end
- it "raises an error when the email is blacklisted" do
+ it "raises an error when the email is blocklisted" do
post_user
- SiteSetting.email_domains_blacklist = 'example.com'
+ SiteSetting.blocked_email_domains = 'example.com'
put "/u/update-activation-email.json", params: { email: 'test@example.com' }
expect(response.status).to eq(422)
end
diff --git a/spec/requests/users_email_controller_spec.rb b/spec/requests/users_email_controller_spec.rb
index 06cc9ced98c..936a9a93fec 100644
--- a/spec/requests/users_email_controller_spec.rb
+++ b/spec/requests/users_email_controller_spec.rb
@@ -371,8 +371,8 @@ describe UsersEmailController do
end
end
- it 'raises an error when new email domain is present in email_domains_blacklist site setting' do
- SiteSetting.email_domains_blacklist = "mailinator.com"
+ it 'raises an error when new email domain is present in blocked_email_domains site setting' do
+ SiteSetting.blocked_email_domains = "mailinator.com"
put "/u/#{user.username}/preferences/email.json", params: {
email: "not_good@mailinator.com"
@@ -381,8 +381,8 @@ describe UsersEmailController do
expect(response).to_not be_successful
end
- it 'raises an error when new email domain is not present in email_domains_whitelist site setting' do
- SiteSetting.email_domains_whitelist = "discourse.org"
+ it 'raises an error when new email domain is not present in allowed_email_domains site setting' do
+ SiteSetting.allowed_email_domains = "discourse.org"
put "/u/#{user.username}/preferences/email.json", params: {
email: new_email
diff --git a/spec/serializers/user_serializer_spec.rb b/spec/serializers/user_serializer_spec.rb
index 197adb9f9e7..42a1e1b725d 100644
--- a/spec/serializers/user_serializer_spec.rb
+++ b/spec/serializers/user_serializer_spec.rb
@@ -259,7 +259,7 @@ describe UserSerializer do
context "with user custom field" do
before do
plugin = Plugin::Instance.new
- plugin.whitelist_public_user_custom_field :public_field
+ plugin.allow_public_user_custom_field :public_field
end
after do
diff --git a/spec/services/anonymous_shadow_creator_spec.rb b/spec/services/anonymous_shadow_creator_spec.rb
index cb5fcb4abd7..cca0fe66975 100644
--- a/spec/services/anonymous_shadow_creator_spec.rb
+++ b/spec/services/anonymous_shadow_creator_spec.rb
@@ -73,8 +73,8 @@ describe AnonymousShadowCreator do
expect { AnonymousShadowCreator.get(user) }.to_not raise_error
end
- it "works when there is an email whitelist" do
- SiteSetting.email_domains_whitelist = "wayne.com"
+ it "works when there is an email allowlist" do
+ SiteSetting.allowed_email_domains = "wayne.com"
expect { AnonymousShadowCreator.get(user) }.to_not raise_error
end
diff --git a/spec/services/flag_sockpuppets_spec.rb b/spec/services/flag_sockpuppets_spec.rb
index cebb398a215..4483416350f 100644
--- a/spec/services/flag_sockpuppets_spec.rb
+++ b/spec/services/flag_sockpuppets_spec.rb
@@ -50,8 +50,8 @@ describe SpamRule::FlagSockpuppets do
expect(described_class.new(post2).reply_is_from_sockpuppet?).to eq(true)
end
- it 'is false if the ip address is whitelisted' do
- ScreenedIpAddress.stubs(:is_whitelisted?).with(user1.ip_address).returns(true)
+ it 'is false if the ip address is allowlisted' do
+ ScreenedIpAddress.stubs(:is_allowed?).with(user1.ip_address).returns(true)
post2 = Fabricate(:post, user: Fabricate(:user, ip_address: user1.ip_address), topic: post1.topic)
expect(described_class.new(post2).reply_is_from_sockpuppet?).to eq(false)
end
diff --git a/spec/services/user_anonymizer_spec.rb b/spec/services/user_anonymizer_spec.rb
index da61af7b222..71d0d2f3360 100644
--- a/spec/services/user_anonymizer_spec.rb
+++ b/spec/services/user_anonymizer_spec.rb
@@ -39,8 +39,8 @@ describe UserAnonymizer do
expect(user.reload.email).to eq("#{user.username}@anonymized.invalid")
end
- it "changes the primary email address when there is an email domain whitelist" do
- SiteSetting.email_domains_whitelist = 'example.net|wayne.com|discourse.org'
+ it "changes the primary email address when there is an email domain allowlist" do
+ SiteSetting.allowed_email_domains = 'example.net|wayne.com|discourse.org'
make_anonymous
expect(user.reload.email).to eq("#{user.username}@anonymized.invalid")
diff --git a/spec/services/user_merger_spec.rb b/spec/services/user_merger_spec.rb
index f8f66c99b8b..b7a8aef5071 100644
--- a/spec/services/user_merger_spec.rb
+++ b/spec/services/user_merger_spec.rb
@@ -991,7 +991,7 @@ describe UserMerger do
end
it "works even when email domains are restricted" do
- SiteSetting.email_domains_whitelist = "example.com|work.com"
+ SiteSetting.allowed_email_domains = "example.com|work.com"
source_user.update_attribute(:admin, true)
expect(User.find_by_username(source_user.username)).to be_present
diff --git a/test/javascripts/controllers/history-test.js b/test/javascripts/controllers/history-test.js
index 0d8788239dc..6767e810234 100644
--- a/test/javascripts/controllers/history-test.js
+++ b/test/javascripts/controllers/history-test.js
@@ -40,7 +40,7 @@ QUnit.test("displayEdit", async function(assert) {
const html = `
" width="276" height="183">