Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FIX: use allowlist and blocklist terminology (#10209) 

This is a PR of the renaming whitelist to allowlist and blacklist to the blocklist.
This commit is contained in:
Krzysztof Kotlarek 2020-07-27 10:23:54 +10:00 committed by GitHub
parent 5077cf52fd
commit e0d9232259
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
130 changed files with 675 additions and 569 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Gemfile.lock
View File

@ -240,7 +240,7 @@ GEM
omniauth-twitter (1.4.0)
omniauth-oauth (~> 1.1)
rack
onebox (1.9.30)
onebox (2.0.0)
addressable (~> 2.7.0)
htmlentities (~> 4.3)
multi_json (~> 1.11)

2
app/assets/javascripts/admin/components/embeddable-host.js
View File

@ -42,7 +42,7 @@ export default Component.extend(bufferedProperty("host"), {
const props = this.buffered.getProperties(
"host",
"path_whitelist",
"allowed_paths",
"class_name"
);
props.category_id = this.categoryId;

8
app/assets/javascripts/admin/components/screened-ip-address-form.js
View File

@ -3,7 +3,7 @@ import discourseComputed from "discourse-common/utils/decorators";
import { schedule } from "@ember/runloop";
import Component from "@ember/component";
/**
A form to create an IP address that will be blocked or whitelisted.
A form to create an IP address that will be blocked or allowed.
Example usage:
{{screened-ip-address-form action=(action "recordAdded")}}
@ -21,9 +21,9 @@ export default Component.extend({
formSubmitted: false,
actionName: "block",
@discourseComputed("siteSettings.use_admin_ip_whitelist")
actionNames(adminWhitelistEnabled) {
if (adminWhitelistEnabled) {
@discourseComputed("siteSettings.use_admin_ip_allowlist")
actionNames(adminAllowlistEnabled) {
if (adminAllowlistEnabled) {
return [
{ id: "block", name: I18n.t("admin.logs.screened_ips.actions.block") },
{

6
app/assets/javascripts/admin/templates/components/embeddable-host.hbs
View File

@ -8,8 +8,8 @@
{{input value=buffered.class_name placeholder="class" enter=(action "save") class="class-name"}}
</td>
<td class="editing-input">
<div class="label">{{i18n "admin.embedding.path_whitelist"}}</div>
{{input value=buffered.path_whitelist placeholder="/blog/.*" enter=(action "save") class="path-whitelist"}}
<div class="label">{{i18n "admin.embedding.allowed_paths"}}</div>
{{input value=buffered.allowed_paths placeholder="/blog/.*" enter=(action "save") class="path-allowlist"}}
</td>
<td class="editing-input">
<div class="label">{{i18n "admin.embedding.category"}}</div>
@ -26,7 +26,7 @@
{{else}}
<td><div class="label">{{i18n "admin.embedding.host"}}</div>{{host.host}}</td>
<td><div class="label">{{i18n "admin.embedding.class_name"}}</div>{{host.class_name}}</td>
<td><div class="label">{{i18n "admin.embedding.path_whitelist"}}</div>{{host.path_whitelist}}</td>
<td><div class="label">{{i18n "admin.embedding.allowed_paths"}}</div>{{host.allowed_paths}}</td>
<td><div class="label">{{i18n "admin.embedding.category"}}</div>{{category-badge host.category}}</td>
<td class="controls">
{{d-button icon="pencil-alt" action=(action "edit")}}

14
app/assets/javascripts/admin/templates/embedding.hbs
View File

@ -4,7 +4,7 @@
<thead>
<th style="width: 25%">{{i18n "admin.embedding.host"}}</th>
<th style="width: 15%">{{i18n "admin.embedding.class_name"}}</th>
<th style="width: 25%">{{i18n "admin.embedding.path_whitelist"}}</th>
<th style="width: 25%">{{i18n "admin.embedding.allowed_paths"}}</th>
<th style="width: 25%">{{i18n "admin.embedding.category"}}</th>
<th style="width: 10%">&nbsp;</th>
</thead>
@ -45,16 +45,16 @@
<h3>{{i18n "admin.embedding.crawling_settings"}}</h3>
<p class="description">{{i18n "admin.embedding.crawling_description"}}</p>
{{embedding-setting field="embed_whitelist_selector"
value=embedding.embed_whitelist_selector
{{embedding-setting field="allowed_embed_selectors"
value=embedding.allowed_embed_selectors
placeholder="article, #story, .post"}}
{{embedding-setting field="embed_blacklist_selector"
value=embedding.embed_blacklist_selector
{{embedding-setting field="blocked_embed_selectors"
value=embedding.blocked_embed_selectors
placeholder=".ad-unit, header"}}
{{embedding-setting field="embed_classname_whitelist"
value=embedding.embed_classname_whitelist
{{embedding-setting field="allowed_embed_classnames"
value=embedding.allowed_embed_classnames
placeholder="emoji, classname"}}
</div>

6
app/assets/javascripts/discourse/app/lib/to-markdown.js
View File

@ -102,7 +102,7 @@ export class Tag {
];
}
static whitelists() {
static allowedTags() {
return ["ins", "del", "small", "big", "kbd", "ruby", "rt", "rb", "rp"];
}
@ -192,7 +192,7 @@ export class Tag {
};
}
static whitelist(name) {
static allowedTag(name) {
return class extends Tag {
constructor() {
super(name, `<${name}>`, `</${name}>`);
@ -526,7 +526,7 @@ function tags() {
...Tag.headings().map((h, i) => Tag.heading(h, i + 1)),
...Tag.slices().map(s => Tag.slice(s, "\n")),
...Tag.emphases().map(e => Tag.emphasis(e[0], e[1])),
...Tag.whitelists().map(t => Tag.whitelist(t)),
...Tag.allowedTags().map(t => Tag.allowedTag(t)),
Tag.aside(),
Tag.cell("td"),
Tag.cell("th"),

8
app/assets/javascripts/discourse/app/templates/preferences/categories.hbs
View File

@ -8,7 +8,7 @@
{{/if}}
{{category-selector
categories=model.watchedCategories
blacklist=selectedCategories
blocklist=selectedCategories
onChange=(action (mut model.watchedCategories))
}}
</div>
@ -21,7 +21,7 @@
{{/if}}
{{category-selector
categories=model.trackedCategories
blacklist=selectedCategories
blocklist=selectedCategories
onChange=(action (mut model.trackedCategories))
}}
</div>
@ -31,7 +31,7 @@
<label>{{d-icon "d-watching-first"}} {{i18n "user.watched_first_post_categories"}}</label>
{{category-selector
categories=model.watchedFirstPostCategories
blacklist=selectedCategories
blocklist=selectedCategories
onChange=(action (mut model.watchedFirstPostCategories))
}}
</div>
@ -45,7 +45,7 @@
{{/if}}
{{category-selector
categories=model.mutedCategories
blacklist=selectedCategories
blocklist=selectedCategories
onChange=(action (mut model.mutedCategories))
}}
</div>

8
app/assets/javascripts/discourse/app/templates/preferences/tags.hbs
View File

@ -6,7 +6,7 @@
<label>{{d-icon "d-watching" class="icon watching"}} {{i18n "user.watched_tags"}}</label>
{{tag-chooser
tags=model.watched_tags
blacklist=selectedTags
blocklist=selectedTags
allowCreate=false
everyTag=true
unlimitedTagCount=true
@ -19,7 +19,7 @@
<label>{{d-icon "d-tracking" class="icon tracking"}} {{i18n "user.tracked_tags"}}</label>
{{tag-chooser
tags=model.tracked_tags
blacklist=selectedTags
blocklist=selectedTags
allowCreate=false
everyTag=true
unlimitedTagCount=true}}
@ -31,7 +31,7 @@
<label>{{d-icon "d-watching-first" class="icon watching-first-post"}} {{i18n "user.watched_first_post_tags"}}</label>
{{tag-chooser
tags=model.watching_first_post_tags
blacklist=selectedTags
blocklist=selectedTags
allowCreate=false
everyTag=true
unlimitedTagCount=true}}
@ -45,7 +45,7 @@
<label>{{d-icon "d-muted" class="icon muted"}} {{i18n "user.muted_tags"}}</label>
{{tag-chooser
tags=model.muted_tags
blacklist=selectedTags
blocklist=selectedTags
allowCreate=false
everyTag=true
unlimitedTagCount=true}}

6
app/assets/javascripts/discourse/app/widgets/header.js
View File

@ -514,12 +514,12 @@ export default createWidget("header", {
const currentPath = this.register
.lookup("service:router")
.get("_router.currentPath");
const blacklist = [/^discovery\.categories/];
const whitelist = [/^topic\./];
const blocklist = [/^discovery\.categories/];
const allowlist = [/^topic\./];
const check = function(regex) {
return !!currentPath.match(regex);
};
let showSearch = whitelist.any(check) && !blacklist.any(check);
let showSearch = allowlist.any(check) && !blocklist.any(check);
// If we're viewing a topic, only intercept search if there are cloaked posts
if (showSearch && currentPath.match(/^topic\./)) {

2
app/assets/javascripts/pretty-text/addon/engines/discourse-markdown-it.js
View File

@ -389,7 +389,7 @@ export function setup(opts, siteSettings, state) {
}
export function cook(raw, opts) {
// we still have to hoist html_raw nodes so they bypass the whitelister
// we still have to hoist html_raw nodes so they bypass the allowlister
// this is the case for oneboxes
let hoisted = {};

2
app/assets/javascripts/pretty-text/addon/oneboxer.js
View File

@ -30,7 +30,7 @@ function resolveSize(img) {
// Detect square images and apply smaller onebox-avatar class
function applySquareGenericOnebox($elem) {
if (!$elem.hasClass("whitelistedgeneric")) {
if (!$elem.hasClass("allowlistedgeneric")) {
return;
}

2
app/assets/javascripts/pretty-text/addon/white-lister.js
View File

@ -108,7 +108,7 @@ export default class WhiteLister {
}
}
// Only add to `default` when you always want your whitelist to occur. In other words,
// Only add to `default` when you always want your allowlist to occur. In other words,
// don't change this for a plugin or a feature that can be disabled
export const DEFAULT_LIST = [
"a.attachment",

11
app/assets/javascripts/select-kit/addon/components/category-selector.js
View File

@ -8,7 +8,7 @@ export default MultiSelectComponent.extend({
pluginApiIdentifiers: ["category-selector"],
classNames: ["category-selector"],
categories: null,
blacklist: null,
blockedCategories: null,
selectKitOptions: {
filterable: true,
@ -22,14 +22,15 @@ export default MultiSelectComponent.extend({
this._super(...arguments);
if (!this.categories) this.set("categories", []);
if (!this.blacklist) this.set("blacklist", []);
if (!this.blockedCategories) this.set("blockedCategories", []);
},
content: computed("categories.[]", "blacklist.[]", function() {
const blacklist = makeArray(this.blacklist);
content: computed("categories.[]", "blockedCategories.[]", function() {
const blockedCategories = makeArray(this.blockedCategories);
return Category.list().filter(category => {
return (
this.categories.includes(category) || !blacklist.includes(category)
this.categories.includes(category) ||
!blockedCategories.includes(category)
);
});
}),

12
app/assets/javascripts/select-kit/addon/components/tag-chooser.js
View File

@ -19,7 +19,7 @@ export default MultiSelectComponent.extend(TagsMixin, {
return "tag-chooser-row";
},
blacklist: null,
blockedTags: null,
attributeBindings: ["categoryId"],
excludeSynonyms: false,
excludeHasSynonyms: false,
@ -49,7 +49,7 @@ export default MultiSelectComponent.extend(TagsMixin, {
this._super(...arguments);
this.setProperties({
blacklist: this.blacklist || [],
blockedTags: this.blockedTags || [],
termMatchesForbidden: false,
termMatchErrorMessage: null
});
@ -84,9 +84,9 @@ export default MultiSelectComponent.extend(TagsMixin, {
categoryId: this.categoryId
};
if (selectedTags.length || this.blacklist.length) {
if (selectedTags.length || this.blockedTags.length) {
data.selected_tags = selectedTags
.concat(this.blacklist)
.concat(this.blockedTags)
.uniq()
.slice(0, 100);
}
@ -106,9 +106,9 @@ export default MultiSelectComponent.extend(TagsMixin, {
termMatchErrorMessage: json.forbidden_message
});
if (context.blacklist) {
if (context.blockedTags) {
results = results.filter(result => {
return !context.blacklist.includes(result.id);
return !context.blockedTags.includes(result.id);
});
}

4
app/assets/stylesheets/common/base/onebox.scss
View File

@ -625,7 +625,8 @@ aside.onebox.stackexchange .onebox-body {
}
}
// whitelistedgeneric twitter labels
// allowlistedgeneric twitter labels
.onebox.allowlistedgeneric,
.onebox.whitelistedgeneric {
.label1,
.label2 {
@ -640,6 +641,7 @@ aside.onebox.stackexchange .onebox-body {
}
.onebox {
&.allowlistedgeneric,
&.whitelistedgeneric,
&.gfycat {
.site-icon {

2
app/controllers/admin/embeddable_hosts_controller.rb
View File

@ -22,7 +22,7 @@ class Admin::EmbeddableHostsController < Admin::AdminController
def save_host(host, action)
host.host = params[:embeddable_host][:host]
host.path_whitelist = params[:embeddable_host][:path_whitelist]
host.allowed_paths = params[:embeddable_host][:allowed_paths]
host.class_name = params[:embeddable_host][:class_name]
host.category_id = params[:embeddable_host][:category_id]
host.category_id = SiteSetting.uncategorized_category_id if host.category_id.blank?

14
app/controllers/admin/themes_controller.rb
View File

@ -15,7 +15,7 @@ class Admin::ThemesController < Admin::AdminController
def upload_asset
ban_in_whitelist_mode!
ban_in_allowlist_mode!
path = params[:file].path
@ -53,7 +53,7 @@ class Admin::ThemesController < Admin::AdminController
@theme = nil
if params[:theme] && params[:theme].content_type == "application/json"
ban_in_whitelist_mode!
ban_in_allowlist_mode!
# .dcstyle.json import. Deprecated, but still available to allow conversion
json = JSON::parse(params[:theme].read)
@ -104,7 +104,7 @@ class Admin::ThemesController < Admin::AdminController
end
elsif params[:bundle] || (params[:theme] && THEME_CONTENT_TYPES.include?(params[:theme].content_type))
ban_in_whitelist_mode!
ban_in_allowlist_mode!
# params[:bundle] used by theme CLI. params[:theme] used by admin UI
bundle = params[:bundle] || params[:theme]
@ -152,7 +152,7 @@ class Admin::ThemesController < Admin::AdminController
def create
ban_in_whitelist_mode!
ban_in_allowlist_mode!
@theme = Theme.new(name: theme_params[:name],
user_id: theme_user.id,
@ -297,8 +297,8 @@ class Admin::ThemesController < Admin::AdminController
private
def ban_in_whitelist_mode!
raise Discourse::InvalidAccess if !GlobalSetting.whitelisted_theme_ids.nil?
def ban_in_allowlist_mode!
raise Discourse::InvalidAccess if !GlobalSetting.allowed_theme_ids.nil?
end
def add_relative_themes!(kind, ids)
@ -358,7 +358,7 @@ class Admin::ThemesController < Admin::AdminController
def set_fields
return unless fields = theme_params[:theme_fields]
ban_in_whitelist_mode!
ban_in_allowlist_mode!
fields.each do |field|
@theme.set_field(

10
app/controllers/posts_controller.rb
View File

@ -276,7 +276,7 @@ class PostsController < ApplicationController
reply_history = post.reply_history(params[:max_replies].to_i, guardian)
user_custom_fields = {}
if (added_fields = User.whitelisted_user_custom_fields(guardian)).present?
if (added_fields = User.allowed_user_custom_fields(guardian)).present?
user_custom_fields = User.custom_fields_for_ids(reply_history.pluck(:user_id), added_fields)
end
@ -365,7 +365,7 @@ class PostsController < ApplicationController
replies = post.replies.secured(guardian)
user_custom_fields = {}
if (added_fields = User.whitelisted_user_custom_fields(guardian)).present?
if (added_fields = User.allowed_user_custom_fields(guardian)).present?
user_custom_fields = User.custom_fields_for_ids(replies.pluck(:user_id), added_fields)
end
@ -704,10 +704,10 @@ class PostsController < ApplicationController
end
result = params.permit(*permitted).tap do |whitelisted|
whitelisted[:image_sizes] = params[:image_sizes]
result = params.permit(*permitted).tap do |allowed|
allowed[:image_sizes] = params[:image_sizes]
# TODO this does not feel right, we should name what meta_data is allowed
whitelisted[:meta_data] = params[:meta_data]
allowed[:meta_data] = params[:meta_data]
end
# Staff are allowed to pass `is_warning`

8
app/controllers/robots_txt_controller.rb
View File

@ -55,15 +55,15 @@ class RobotsTxtController < ApplicationController
agents: []
}
if SiteSetting.whitelisted_crawler_user_agents.present?
SiteSetting.whitelisted_crawler_user_agents.split('|').each do |agent|
if SiteSetting.allowed_crawler_user_agents.present?
SiteSetting.allowed_crawler_user_agents.split('|').each do |agent|
result[:agents] << { name: agent, disallow: deny_paths }
end
result[:agents] << { name: '*', disallow: deny_all }
elsif SiteSetting.blacklisted_crawler_user_agents.present?
elsif SiteSetting.blocked_crawler_user_agents.present?
result[:agents] << { name: '*', disallow: deny_paths }
SiteSetting.blacklisted_crawler_user_agents.split('|').each do |agent|
SiteSetting.blocked_crawler_user_agents.split('|').each do |agent|
result[:agents] << { name: agent, disallow: deny_all }
end
else

2
app/controllers/users_controller.rb
View File

@ -117,7 +117,7 @@ class UsersController < ApplicationController
users = users.filter { |u| guardian.can_see_profile?(u) }
preload_fields = User.whitelisted_user_custom_fields(guardian) + UserField.all.pluck(:id).map { |fid| "#{User::USER_FIELD_PREFIX}#{fid}" }
preload_fields = User.allowed_user_custom_fields(guardian) + UserField.all.pluck(:id).map { |fid| "#{User::USER_FIELD_PREFIX}#{fid}" }
User.preload_custom_fields(users, preload_fields)
User.preload_recent_time_read(users)

2
app/jobs/regular/pull_hotlinked_images.rb
View File

@ -205,7 +205,7 @@ module Jobs
hostname = uri.hostname
return false unless hostname
# check the domains blacklist
# check the domains blocklist
SiteSetting.should_download_images?(src)
end

6
app/models/concerns/has_custom_fields.rb
View File

@ -72,15 +72,15 @@ module HasCustomFields
# To avoid n+1 queries, use this function to retrieve lots of custom fields in one go
# and create a "sideloaded" version for easy querying by id.
def self.custom_fields_for_ids(ids, whitelisted_fields)
def self.custom_fields_for_ids(ids, allowed_fields)
klass = "#{name}CustomField".constantize
foreign_key = "#{name.underscore}_id".to_sym
result = {}
return result if whitelisted_fields.blank?
return result if allowed_fields.blank?
klass.where(foreign_key => ids, :name => whitelisted_fields)
klass.where(foreign_key => ids, :name => allowed_fields)
.pluck(foreign_key, :name, :value).each do |cf|
result[cf[0]] ||= {}
append_custom_field(result[cf[0]], cf[1], cf[2])

9
app/models/embeddable_host.rb
View File

@ -10,6 +10,9 @@ class EmbeddableHost < ActiveRecord::Base
self.host.sub!(/\/.*$/, '')
end
# TODO(2021-07-23): Remove
self.ignored_columns = ["path_whitelist"]
def self.record_for_url(uri)
if uri.is_a?(String)
@ -31,9 +34,9 @@ class EmbeddableHost < ActiveRecord::Base
path << "?" << uri.query if uri.query.present?
where("lower(host) = ?", host).each do |eh|
return eh if eh.path_whitelist.blank?
return eh if eh.allowed_paths.blank?
path_regexp = Regexp.new(eh.path_whitelist)
path_regexp = Regexp.new(eh.allowed_paths)
return eh if path_regexp.match(path) || path_regexp.match(UrlHelper.unencode(path))
end
@ -78,6 +81,6 @@ end
# category_id :integer not null
# created_at :datetime not null
# updated_at :datetime not null
# path_whitelist :string
# allowed_paths :string
# class_name :string
#

6
app/models/embedding.rb
View File

@ -11,9 +11,9 @@ class Embedding < OpenStruct
embed_title_scrubber
embed_truncate
embed_unlisted
embed_whitelist_selector
embed_blacklist_selector
embed_classname_whitelist)
allowed_embed_selectors
blocked_embed_selectors
allowed_embed_classnames)
end
def base_url

12
app/models/global_setting.rb
View File

@ -204,15 +204,15 @@ class GlobalSetting
end
# test only
def self.reset_whitelisted_theme_ids!
@whitelisted_theme_ids = nil
def self.reset_allowed_theme_ids!
@allowed_theme_ids = nil
end
def self.whitelisted_theme_ids
return nil if whitelisted_theme_repos.blank?
def self.allowed_theme_ids
return nil if allowed_theme_repos.blank?
@whitelisted_theme_ids ||= begin
urls = whitelisted_theme_repos.split(",").map(&:strip)
@allowed_theme_ids ||= begin
urls = allowed_theme_repos.split(",").map(&:strip)
Theme
.joins(:remote_theme)
.where('remote_themes.remote_url in (?)', urls)

12
app/models/post.rb
View File

@ -254,8 +254,8 @@ class Post < ActiveRecord::Base
Digest::SHA1.hexdigest(raw)
end
def self.white_listed_image_classes
@white_listed_image_classes ||= ['avatar', 'favicon', 'thumbnail', 'emoji', 'ytp-thumbnail-image']
def self.allowed_image_classes
@allowed_image_classes ||= ['avatar', 'favicon', 'thumbnail', 'emoji', 'ytp-thumbnail-image']
end
def post_analyzer
@ -335,9 +335,9 @@ class Post < ActiveRecord::Base
self.last_editor_id ? (User.find_by_id(self.last_editor_id) || user) : user
end
def whitelisted_spam_hosts
def allowed_spam_hosts
hosts = SiteSetting
.white_listed_spam_host_domains
.allowed_spam_host_domains
.split('|')
.map { |h| h.strip }
.reject { |h| !h.include?('.') }
@ -349,10 +349,10 @@ class Post < ActiveRecord::Base
def total_hosts_usage
hosts = linked_hosts.clone
whitelisted = whitelisted_spam_hosts
allowlisted = allowed_spam_hosts
hosts.reject! do |h|
whitelisted.any? do |w|
allowlisted.any? do |w|
h.end_with?(w)
end
end

2
app/models/post_analyzer.rb
View File

@ -52,7 +52,7 @@ class PostAnalyzer
cooked_stripped.css("img").reject do |t|
if dom_class = t["class"]
(Post.white_listed_image_classes & dom_class.split).count > 0
(Post.allowed_image_classes & dom_class.split).count > 0
end
end.count
end

4
app/models/screened_ip_address.rb
View File

@ -75,7 +75,7 @@ class ScreenedIpAddress < ActiveRecord::Base
exists_for_ip_address_and_action?(ip_address, actions[:block])
end
def self.is_whitelisted?(ip_address)
def self.is_allowed?(ip_address)
exists_for_ip_address_and_action?(ip_address, actions[:do_nothing])
end
@ -87,7 +87,7 @@ class ScreenedIpAddress < ActiveRecord::Base
end
def self.block_admin_login?(user, ip_address)
return false unless SiteSetting.use_admin_ip_whitelist
return false unless SiteSetting.use_admin_ip_allowlist
return false if user.nil?
return false if !user.admin?
return false if ScreenedIpAddress.where(action_type: actions[:allow_admin]).count == 0

58
app/models/site_setting.rb
View File

@ -100,29 +100,29 @@ class SiteSetting < ActiveRecord::Base
WATCHED_SETTINGS ||= [
:default_locale,
:attachment_content_type_blacklist,
:attachment_filename_blacklist,
:unicode_username_character_whitelist,
:blocked_attachment_content_types,
:blocked_attachment_filenames,
:allowed_unicode_username_characters,
:markdown_typographer_quotation_marks
]
def self.reset_cached_settings!
@attachment_content_type_blacklist_regex = nil
@attachment_filename_blacklist_regex = nil
@unicode_username_whitelist_regex = nil
@blocked_attachment_content_types_regex = nil
@blocked_attachment_filenames_regex = nil
@allowed_unicode_username_regex = nil
end
def self.attachment_content_type_blacklist_regex
@attachment_content_type_blacklist_regex ||= Regexp.union(SiteSetting.attachment_content_type_blacklist.split("|"))
def self.blocked_attachment_content_types_regex
@blocked_attachment_content_types_regex ||= Regexp.union(SiteSetting.blocked_attachment_content_types.split("|"))
end
def self.attachment_filename_blacklist_regex
@attachment_filename_blacklist_regex ||= Regexp.union(SiteSetting.attachment_filename_blacklist.split("|"))
def self.blocked_attachment_filenames_regex
@blocked_attachment_filenames_regex ||= Regexp.union(SiteSetting.blocked_attachment_filenames.split("|"))
end
def self.unicode_username_character_whitelist_regex
@unicode_username_whitelist_regex ||= SiteSetting.unicode_username_character_whitelist.present? \
? Regexp.new(SiteSetting.unicode_username_character_whitelist) : nil
def self.allowed_unicode_username_characters_regex
@allowed_unicode_username_regex ||= SiteSetting.allowed_unicode_username_characters.present? \
? Regexp.new(SiteSetting.allowed_unicode_username_characters) : nil
end
# helpers for getting s3 settings that fallback to global
@ -213,6 +213,38 @@ class SiteSetting < ActiveRecord::Base
c.present? && c.to_i != SiteSetting.uncategorized_category_id.to_i
end
ALLOWLIST_DEPRECATED_SITE_SETTINGS = {
'email_domains_blacklist': 'blocked_email_domains',
'email_domains_whitelist': 'allowed_email_domains',
'unicode_username_character_whitelist': 'allowed_unicode_username_characters',
'user_website_domains_whitelist': 'allowed_user_website_domains',
'whitelisted_link_domains': 'allowed_link_domains',
'embed_whitelist_selector': 'allowed_embed_selectors',
'auto_generated_whitelist': 'auto_generated_allowlist',
'attachment_content_type_blacklist': 'blocked_attachment_content_types',
'attachment_filename_blacklist': 'blocked_attachment_filenames',
'use_admin_ip_whitelist': 'use_admin_ip_allowlist',
'blacklist_ip_blocks': 'blocked_ip_blocks',
'whitelist_internal_hosts': 'allowed_internal_hosts',
'whitelisted_crawler_user_agents': 'allowed_crawler_user_agents',
'blacklisted_crawler_user_agents': 'blocked_crawler_user_agents',
'onebox_domains_blacklist': 'blocked_onebox_domains',
'inline_onebox_domains_whitelist': 'allowed_inline_onebox_domains',
'white_listed_spam_host_domains': 'allowed_spam_host_domains',
'embed_blacklist_selector': 'blocked_embed_selectors',
'embed_classname_whitelist': 'allowed_embed_classnames',
}
ALLOWLIST_DEPRECATED_SITE_SETTINGS.each_pair do |old_method, new_method|
self.class.define_method(old_method) do
Discourse.deprecate("#{old_method.to_s} is deprecated, use the #{new_method.to_s}.", drop_from: "2.6")
send(new_method)
end
self.class.define_method("#{old_method}=") do |args|
Discourse.deprecate("#{old_method.to_s} is deprecated, use the #{new_method.to_s}.", drop_from: "2.6")
send("#{new_method}=", args)
end
end
end
# == Schema Information

10
app/models/topic_embed.rb
View File

@ -124,9 +124,9 @@ class TopicEmbed < ActiveRecord::Base
remove_empty_nodes: false
}
opts[:whitelist] = SiteSetting.embed_whitelist_selector if SiteSetting.embed_whitelist_selector.present?
opts[:blacklist] = SiteSetting.embed_blacklist_selector if SiteSetting.embed_blacklist_selector.present?
embed_classname_whitelist = SiteSetting.embed_classname_whitelist if SiteSetting.embed_classname_whitelist.present?
opts[:allowlist] = SiteSetting.allowed_embed_selectors if SiteSetting.allowed_embed_selectors.present?
opts[:blocklist] = SiteSetting.blocked_embed_selectors if SiteSetting.blocked_embed_selectors.present?
allowed_embed_classnames = SiteSetting.allowed_embed_classnames if SiteSetting.allowed_embed_classnames.present?
response = FetchResponse.new
begin
@ -169,8 +169,8 @@ class TopicEmbed < ActiveRecord::Base
# If there is a mistyped URL, just do nothing
end
end
# only allow classes in the whitelist
allowed_classes = if embed_classname_whitelist.blank? then [] else embed_classname_whitelist.split(/[ ,]+/i) end
# only allow classes in the allowlist
allowed_classes = if allowed_embed_classnames.blank? then [] else allowed_embed_classnames.split(/[ ,]+/i) end
doc.search('[class]:not([class=""])').each do |classnode|
classes = classnode[:class].split(' ').select { |classname| allowed_classes.include?(classname) }
if classes.length === 0

2
app/models/topic_link_click.rb
View File

@ -92,7 +92,7 @@ class TopicLinkClick < ActiveRecord::Base
return nil unless uri
# Only redirect to whitelisted hostnames
# Only redirect to allowlisted hostnames
return url if WHITELISTED_REDIRECT_HOSTNAMES.include?(uri.hostname) || is_cdn_link
return nil

2
app/models/translation_override.rb
View File

@ -3,7 +3,7 @@
require "i18n/i18n_interpolation_keys_finder"
class TranslationOverride < ActiveRecord::Base
# Whitelist i18n interpolation keys that can be included when customizing translations
# Allowlist i18n interpolation keys that can be included when customizing translations
CUSTOM_INTERPOLATION_KEYS_WHITELIST = {
"user_notifications.user_" => %w{
topic_title_url_encoded

2
app/models/user.rb
View File

@ -294,7 +294,7 @@ class User < ActiveRecord::Base
DiscoursePluginRegistry.register_public_user_custom_field(custom_field_name, plugin)
end
def self.whitelisted_user_custom_fields(guardian)
def self.allowed_user_custom_fields(guardian)
fields = []
fields.push *DiscoursePluginRegistry.public_user_custom_fields

2
app/models/user_profile.rb
View File

@ -131,7 +131,7 @@ class UserProfile < ActiveRecord::Base
end
def website_domain_validator
allowed_domains = SiteSetting.user_website_domains_whitelist
allowed_domains = SiteSetting.allowed_user_website_domains
return if (allowed_domains.blank? || self.website.blank?)
domain = begin

16
app/models/username_validator.rb
View File

@ -32,7 +32,7 @@ class UsernameValidator
username_length_min?
username_length_max?
username_char_valid?
username_char_whitelisted?
username_char_allowed?
username_first_char_valid?
username_last_char_valid?
username_no_double_special?
@ -85,10 +85,10 @@ class UsernameValidator
end
end
def username_char_whitelisted?
return unless errors.empty? && self.class.char_whitelist_exists?
def username_char_allowed?
return unless errors.empty? && self.class.char_allowlist_exists?
if username.chars.any? { |c| !self.class.whitelisted_char?(c) }
if username.chars.any? { |c| !self.class.allowed_char?(c) }
self.errors << I18n.t(:'user.username.characters')
end
end
@ -133,11 +133,11 @@ class UsernameValidator
SiteSetting.unicode_usernames ? UNICODE_INVALID_CHAR_PATTERN : ASCII_INVALID_CHAR_PATTERN
end
def self.char_whitelist_exists?
SiteSetting.unicode_usernames && SiteSetting.unicode_username_character_whitelist_regex.present?
def self.char_allowlist_exists?
SiteSetting.unicode_usernames && SiteSetting.allowed_unicode_username_characters.present?
end
def self.whitelisted_char?(c)
c.match?(/[\w.-]/) || c.match?(SiteSetting.unicode_username_character_whitelist_regex)
def self.allowed_char?(c)
c.match?(/[\w.-]/) || c.match?(SiteSetting.allowed_unicode_username_characters)
end
end

2
app/serializers/embeddable_host_serializer.rb
View File

@ -2,7 +2,7 @@
class EmbeddableHostSerializer < ApplicationSerializer
TO_SERIALIZE = [:id, :host, :path_whitelist, :class_name, :category_id]
TO_SERIALIZE = [:id, :host, :allowed_paths, :class_name, :category_id]
attributes *TO_SERIALIZE

2
app/serializers/flagged_user_serializer.rb
View File

@ -36,7 +36,7 @@ class FlaggedUserSerializer < BasicUserSerializer
end
def custom_fields
fields = User.whitelisted_user_custom_fields(scope)
fields = User.allowed_user_custom_fields(scope)
result = {}
fields.each do |k|

2
app/serializers/user_card_serializer.rb
View File

@ -216,6 +216,6 @@ class UserCardSerializer < BasicUserSerializer
def custom_field_keys
# Can be extended by other serializers
User.whitelisted_user_custom_fields(scope)
User.allowed_user_custom_fields(scope)
end
end

2
app/serializers/user_with_custom_fields_serializer.rb
View File

@ -22,6 +22,6 @@ class UserWithCustomFieldsSerializer < BasicUserSerializer
def custom_field_keys
# Can be extended by other serializers
User.whitelisted_user_custom_fields(scope)
User.allowed_user_custom_fields(scope)
end
end

2
app/services/spam_rule/flag_sockpuppets.rb
View File

@ -28,7 +28,7 @@ class SpamRule::FlagSockpuppets
@post.user != first_post.user &&
@post.user.ip_address == first_post.user.ip_address &&
@post.user.new_user? &&
!ScreenedIpAddress.is_whitelisted?(@post.user.ip_address)
!ScreenedIpAddress.is_allowed?(@post.user.ip_address)
end
def flag_sockpuppet_users

2
app/services/user_destroyer.rb
View File

@ -44,7 +44,7 @@ class UserDestroyer
if opts[:block_urls]
post.topic_links.each do |link|
next if link.internal
next if Oneboxer.engine(link.url) != Onebox::Engine::WhitelistedGenericOnebox
next if Oneboxer.engine(link.url) != Onebox::Engine::AllowlistedGenericOnebox
ScreenedUrl.watch(link.url, link.domain, ip_address: user.ip_address)&.record_match!
end
end

2
app/views/embed/embed_error.html.erb
View File

@ -12,7 +12,7 @@
<ul>
<%- @hosts.each do |eh| %>
<li>
<%= eh.host %><%- if eh.path_whitelist.present? %><%= eh.path_whitelist %><% end %>
<%= eh.host %><%- if eh.allowed_paths.present? %><%= eh.allowed_paths %><% end %>
</li>
<%- end %>
</ul>

4
config/discourse_defaults.conf
View File

@ -291,11 +291,11 @@ anon_cache_store_threshold = 2
# EXPERIMENTAL - not yet supported in production
# by default admins can install and amend any theme
# you may restrict it so only specific themes are approved
# in whitelist mode all theme updates must happen via git repos
# in allowlist mode all theme updates must happen via git repos
# themes missing from the list are automatically disallowed
# list is a comma seperated list of git repos eg:
# https://github.com/discourse/discourse-custom-header-links.git,https://github.com/discourse/discourse-simple-theme.git
whitelisted_theme_repos =
allowed_theme_repos =
# Demon::EmailSync is used in conjunction with the enable_imap site setting
# to sync N IMAP mailboxes with specific groups. It is a process started in

10
config/locales/client.en.yml
View File

@ -4255,7 +4255,7 @@ en:
domain: "Domain"
screened_ips:
title: "Screened IPs"
description: 'IP addresses that are being watched. Use "Allow" to whitelist IP addresses.'
description: 'IP addresses that are being watched. Use "Allow" to allowlist IP addresses.'
delete_confirm: "Are you sure you want to remove the rule for %{ip_address}?"
roll_up_confirm: "Are you sure you want to roll up commonly screened IP addresses into subnets?"
rolled_up_some_subnets: "Successfully rolled up IP ban entries to these subnets: %{subnets}."
@ -4777,7 +4777,7 @@ en:
title: "Embedding"
host: "Allowed Hosts"
class_name: "Class Name"
path_whitelist: "Path Whitelist"
allowed_paths: "Path Allowlist"
edit: "edit"
category: "Post to Category"
add_host: "Add Host"
@ -4790,9 +4790,9 @@ en:
embed_title_scrubber: "Regular expression used to scrub the title of posts"
embed_truncate: "Truncate the embedded posts"
embed_unlisted: "Imported topics will be unlisted until there is a reply."
embed_whitelist_selector: "CSS selector for elements that are allowed in embeds"
embed_blacklist_selector: "CSS selector for elements that are removed from embeds"
embed_classname_whitelist: "Allowed CSS class names"
allowed_embed_selectors: "CSS selector for elements that are allowed in embeds"
blocked_embed_selectors: "CSS selector for elements that are removed from embeds"
allowed_embed_classnames: "Allowed CSS class names"
save: "Save Embedding Settings"
permalink:

48
config/locales/server.en.yml
View File

@ -139,7 +139,7 @@ en:
bounced_email_error: "Email is a bounced email report."
screened_email_error: "Happens when the sender's email address was already screened."
unsubscribe_not_allowed: "Happens when unsubscribing via email is not allowed for this user."
email_not_allowed: "Happens when the email address is not on the whitelist or is on the blacklist."
email_not_allowed: "Happens when the email address is not on the allowlist or is on the blocklist."
unrecognized_error: "Unrecognized Error"
secure_media_placeholder: "Redacted: this site has secure media enabled, visit the topic to see the attached image/audio/video."
@ -1485,9 +1485,9 @@ en:
show_pinned_excerpt_mobile: "Show excerpt on pinned topics in mobile view."
show_pinned_excerpt_desktop: "Show excerpt on pinned topics in desktop view."
post_onebox_maxlength: "Maximum length of a oneboxed Discourse post in characters."
onebox_domains_blacklist: "A list of domains that will never be oneboxed."
inline_onebox_domains_whitelist: "A list of domains that will be oneboxed in miniature form if linked without a title"
enable_inline_onebox_on_all_domains: "Ignore inline_onebox_domain_whitelist site setting and allow inline onebox on all domains."
blocked_onebox_domains: "A list of domains that will never be oneboxed."
allowed_inline_onebox_domains: "A list of domains that will be oneboxed in miniature form if linked without a title"
enable_inline_onebox_on_all_domains: "Ignore inline_onebox_domain_allowlist site setting and allow inline onebox on all domains."
force_custom_user_agent_hosts: "Hosts for which to use the custom onebox user agent on all requests. (Especially useful for hosts that limit access by user agent)."
max_oneboxes_per_post: "Maximum number of oneboxes in a post."
@ -1556,22 +1556,22 @@ en:
ga_universal_tracking_code: "Google Universal Analytics (analytics.js) tracking code ID, eg: UA-12345678-9; see <a href='https://google.com/analytics' target='_blank'>https://google.com/analytics</a>"
ga_universal_domain_name: "Google Universal Analytics (analytics.js) domain name, eg: mysite.com; see <a href='https://google.com/analytics' target='_blank'>https://google.com/analytics</a>"
ga_universal_auto_link_domains: "Enable Google Universal Analytics (analytics.js) cross-domain tracking. Outgoing links to these domains will have the client id added to them. See <a href='https://support.google.com/analytics/answer/1034342?hl=en' target='_blank'>Google's Cross-Domain Tracking guide.</a>"
gtm_container_id: "Google Tag Manager container id. eg: GTM-ABCDEF. <br/>Note: Third-party scripts loaded by GTM may need to be whitelisted in 'content security policy script src'."
gtm_container_id: "Google Tag Manager container id. eg: GTM-ABCDEF. <br/>Note: Third-party scripts loaded by GTM may need to be allowlisted in 'content security policy script src'."
enable_escaped_fragments: "Fall back to Google's Ajax-Crawling API if no webcrawler is detected. See <a href='https://developers.google.com/webmasters/ajax-crawling/docs/learn-more' target='_blank'>https://developers.google.com/webmasters/ajax-crawling/docs/learn-more</a>"
moderators_create_categories: "Allow moderators to create new categories"
cors_origins: "Allowed origins for cross-origin requests (CORS). Each origin must include http:// or https://. The DISCOURSE_ENABLE_CORS env variable must be set to true to enable CORS."
use_admin_ip_whitelist: "Admins can only log in if they are at an IP address defined in the Screened IPs list (Admin > Logs > Screened Ips)."
blacklist_ip_blocks: "A list of private IP blocks that should never be crawled by Discourse"
whitelist_internal_hosts: "A list of internal hosts that discourse can safely crawl for oneboxing and other purposes"
use_admin_ip_allowlist: "Admins can only log in if they are at an IP address defined in the Screened IPs list (Admin > Logs > Screened Ips)."
blocked_ip_blocks: "A list of private IP blocks that should never be crawled by Discourse"
allowed_internal_hosts: "A list of internal hosts that discourse can safely crawl for oneboxing and other purposes"
allowed_iframes: "A list of iframe src domain prefixes that discourse can safely allow in posts"
whitelisted_crawler_user_agents: "User agents of web crawlers that should be allowed to access the site. WARNING! SETTING THIS WILL DISALLOW ALL CRAWLERS NOT LISTED HERE!"
blacklisted_crawler_user_agents: "Unique case insensitive word in the user agent string identifying web crawlers that should not be allowed to access the site. Does not apply if whitelist is defined."
allowed_crawler_user_agents: "User agents of web crawlers that should be allowed to access the site. WARNING! SETTING THIS WILL DISALLOW ALL CRAWLERS NOT LISTED HERE!"
blocked_crawler_user_agents: "Unique case insensitive word in the user agent string identifying web crawlers that should not be allowed to access the site. Does not apply if allowlist is defined."
slow_down_crawler_user_agents: "User agents of web crawlers that should be rate limited in robots.txt using the Crawl-delay directive"
slow_down_crawler_rate: "If slow_down_crawler_user_agents is specified this rate will apply to all the crawlers (number of seconds delay between requests)"
content_security_policy: "Enable Content-Security-Policy"
content_security_policy_report_only: "Enable Content-Security-Policy-Report-Only"
content_security_policy_collect_reports: "Enable CSP violation report collection at /csp_reports"
content_security_policy_script_src: "Additional whitelisted script sources. The current host and CDN are included by default. See <a href='https://meta.discourse.org/t/mitigate-xss-attacks-with-content-security-policy/104243' target='_blank'>Mitigate XSS Attacks with Content Security Policy.</a>"
content_security_policy_script_src: "Additional allowlisted script sources. The current host and CDN are included by default. See <a href='https://meta.discourse.org/t/mitigate-xss-attacks-with-content-security-policy/104243' target='_blank'>Mitigate XSS Attacks with Content Security Policy.</a>"
invalidate_inactive_admin_email_after_days: "Admin accounts that have not visited the site in this number of days will need to re-validate their email address before logging in. Set to 0 to disable."
top_menu: "Determine which items appear in the homepage navigation, and in what order. Example latest|new|unread|categories|top|read|posted|bookmarks"
post_menu: "Determine which items appear on the post menu, and in what order. Example like|edit|flag|delete|share|bookmark|reply"
@ -1601,8 +1601,8 @@ en:
enable_whispers: "Allow staff private communication within topics."
allow_index_in_robots_txt: "Specify in robots.txt that this site is allowed to be indexed by web search engines. In exceptional cases you can permanently <a href='%{base_path}/admin/customize/robots'>override robots.txt</a>."
email_domains_blacklist: "A pipe-delimited list of email domains that users are not allowed to register accounts with. Example: mailinator.com|trashmail.net"
email_domains_whitelist: "A pipe-delimited list of email domains that users MUST register accounts with. WARNING: Users with email domains other than those listed will not be allowed!"
blocked_email_domains: "A pipe-delimited list of email domains that users are not allowed to register accounts with. Example: mailinator.com|trashmail.net"
allowed_email_domains: "A pipe-delimited list of email domains that users MUST register accounts with. WARNING: Users with email domains other than those listed will not be allowed!"
auto_approve_email_domains: "Users with email addresses from this list of domains will be automatically approved."
hide_email_address_taken: "Don't inform users that an account exists with a given email address during signup and from the forgot password form."
log_out_strict: "When logging out, log out ALL sessions for the user on all devices"
@ -1618,7 +1618,7 @@ en:
min_username_length: "Minimum username length in characters. WARNING: if any existing users or groups have names shorter than this, your site will break!"
max_username_length: "Maximum username length in characters. WARNING: if any existing users or groups have names longer than this, your site will break!"
unicode_usernames: "Allow usernames and group names to contain Unicode letters and numbers."
unicode_username_character_whitelist: "Regular expression to allow only some Unicode characters within usernames. ASCII letters and numbers will always be allowed and don't need to be included in the whitelist."
allowed_unicode_username_characters: "Regular expression to allow only some Unicode characters within usernames. ASCII letters and numbers will always be allowed and don't need to be included in the allowlist."
reserved_usernames: "Usernames for which signup is not allowed. Wildcard symbol * can be used to match any character zero or more times."
@ -1819,7 +1819,7 @@ en:
min_trust_to_post_links: "The minimum trust level required to include links in posts"
min_trust_to_post_images: "The minimum trust level required to include images in a post"
whitelisted_link_domains: "Domains that users may link to even if they don't have the appropriate trust level to post links"
allowed_link_domains: "Domains that users may link to even if they don't have the appropriate trust level to post links"
newuser_max_links: "How many links a new user can add to a post."
newuser_max_images: "How many images a new user can add to a post."
@ -1887,7 +1887,7 @@ en:
newuser_spam_host_threshold: "How many times a new user can post a link to the same host within their `newuser_spam_host_threshold` posts before being considered spam."
white_listed_spam_host_domains: "A list of domains excluded from spam host testing. New users will never be restricted from creating posts with links to these domains."
allowed_spam_host_domains: "A list of domains excluded from spam host testing. New users will never be restricted from creating posts with links to these domains."
staff_like_weight: "How much extra weighting factor to give staff likes."
topic_view_duration_hours: "Count a new topic view once per IP/User every N hours"
user_profile_view_duration_hours: "Count a new user profile view once per IP/User every N hours"
@ -1933,7 +1933,7 @@ en:
max_emails_per_day_per_user: "Maximum number of emails to send users per day. 0 to disable the limit"
enable_staged_users: "Automatically create staged users when processing incoming emails."
maximum_staged_users_per_email: "Maximum number of staged users created when processing an incoming email."
auto_generated_whitelist: "List of email addresses that won't be checked for auto-generated content. Example: foo@bar.com|discourse@bar.com"
auto_generated_allowlist: "List of email addresses that won't be checked for auto-generated content. Example: foo@bar.com|discourse@bar.com"
block_auto_generated_emails: "Block incoming emails identified as being auto generated."
ignore_by_title: "Ignore incoming emails based on their title."
mailgun_api_key: "Mailgun Secret API key used to verify webhook messages."
@ -1943,8 +1943,8 @@ en:
bounce_score_threshold: "Max bounce score before we will stop emailing a user."
reset_bounce_score_after_days: "Automatically reset bounce score after X days."
attachment_content_type_blacklist: "List of keywords used to blacklist attachments based on the content type."
attachment_filename_blacklist: "List of keywords used to blacklist attachments based on the filename."
blocked_attachment_content_types: "List of keywords used to blocklist attachments based on the content type."
blocked_attachment_filenames: "List of keywords used to blocklist attachments based on the filename."
forwarded_emails_behaviour: "How to treat a forwarded email to Discourse"
always_show_trimmed_content: "Always show trimmed part of incoming emails. WARNING: might reveal email addresses."
@ -2046,7 +2046,7 @@ en:
max_notifications_per_user: "Maximum amount of notifications per user, if this number is exceeded old notifications will be deleted. Enforced weekly. Set to 0 to disable"
user_website_domains_whitelist: "User website will be verified against these domains. Pipe-delimited list."
allowed_user_website_domains: "User website will be verified against these domains. Pipe-delimited list."
allow_profile_backgrounds: "Allow users to upload profile backgrounds."
@ -2110,7 +2110,7 @@ en:
embed_truncate: "Truncate the embedded posts."
embed_unlisted: "Imported topics will be unlisted until a user replies."
embed_support_markdown: "Support Markdown formatting for embedded posts."
embed_whitelist_selector: "A comma separated list of CSS elements that are allowed in embeds."
allowed_embed_selectors: "A comma separated list of CSS elements that are allowed in embeds."
allowed_href_schemes: "Schemes allowed in links in addition to http and https."
embed_post_limit: "Maximum number of posts to embed."
embed_username_required: "The username for topic creation is required."
@ -2280,7 +2280,7 @@ en:
low_weight_invalid: "You cannot set the weight to be greater or equal to 1 or smaller than 'category_search_priority_very_low_weight'."
high_weight_invalid: "You cannot set the weight to be smaller or equal to 1 or greater than 'category_search_priority_very_high_weight'."
very_high_weight_invalid: "You cannot set the weight to be smaller than 'category_search_priority_high_weight'."
unicode_username_whitelist:
allowed_unicode_usernames:
regex_invalid: "The regular expression is invalid: %{error}"
leading_trailing_slash: "The regular expression must not start and end with a slash."
unicode_usernames_avatars: "The internal system avatars do not support Unicode usernames."
@ -2642,7 +2642,7 @@ en:
- Is your domain's [DKIM record][3] correct? This will significantly improve email deliverability. [Test your DKIM record][7] here.
- If you run your own mail server, check to make sure the IPs of your mail server are [not on any email blacklists][4]. Also verify that it is definitely sending a fully-qualified hostname that resolves in DNS in its HELO message. If not, this will cause your email to be rejected by many mail services.
- If you run your own mail server, check to make sure the IPs of your mail server are [not on any email blocklists][4]. Also verify that it is definitely sending a fully-qualified hostname that resolves in DNS in its HELO message. If not, this will cause your email to be rejected by many mail services.
- We highly recommend you **send a test email to [mail-tester.com][mt]** to verify that all the above is working correctly.
@ -3236,7 +3236,7 @@ en:
Please [review the user](%{user_url}).
This can be modified via the `newuser_spam_host_threshold` and `white_listed_spam_host_domains` site settings. Consider adding %{domains} to the whitelist if they should be exempt.
This can be modified via the `newuser_spam_host_threshold` and `allowed_spam_host_domains` site settings. Consider adding %{domains} to the allowlist if they should be exempt.
unsilenced:
title: "Unsilenced"

40
config/site_settings.yml
View File

@ -443,10 +443,10 @@ login:
sso_overrides_website: false
sso_overrides_card_background: false
sso_not_approved_url: ""
email_domains_blacklist:
blocked_email_domains:
default: "mailinator.com"
type: list
email_domains_whitelist:
allowed_email_domains:
default: ""
type: list
auto_approve_email_domains:
@ -478,8 +478,8 @@ users:
default: false
client: true
validator: "UnicodeUsernameValidator"
unicode_username_character_whitelist:
validator: "UnicodeUsernameWhitelistValidator"
allowed_unicode_username_characters:
validator: "UnicodeUsernameAllowlistValidator"
default: ""
locale_default:
cs: "[ěščřžýáíéóůúďťňĚŠČŘŽÝÁÍÉÓŮÚĎŤŇ]"
@ -573,7 +573,7 @@ users:
client: true
show_inactive_accounts:
default: false
user_website_domains_whitelist:
allowed_user_website_domains:
default: ""
type: list
hide_suspension_reasons:
@ -798,7 +798,7 @@ posting:
ko: 50
zh_CN: 50
zh_TW: 50
whitelisted_link_domains:
allowed_link_domains:
default: ""
type: list
newuser_max_links: 2
@ -908,7 +908,7 @@ posting:
embed_unlisted: false
embed_truncate: true
embed_support_markdown: false
embed_whitelist_selector: ""
allowed_embed_selectors: ""
allowed_href_schemes:
client: true
default: ""
@ -1082,7 +1082,7 @@ email:
max_emails_per_day_per_user: 100
enable_staged_users: true
maximum_staged_users_per_email: 10
auto_generated_whitelist:
auto_generated_allowlist:
default: ""
type: list
block_auto_generated_emails: true
@ -1109,11 +1109,11 @@ email:
reset_bounce_score_after_days:
default: 30
max: 36500
attachment_content_type_blacklist:
blocked_attachment_content_types:
type: list
default: "pkcs7|x-vcard"
list_type: compact
attachment_filename_blacklist:
blocked_attachment_filenames:
type: list
default: "smime.p7s|signature.asc|winmail.dat"
list_type: compact
@ -1456,25 +1456,25 @@ security:
cors_origins:
default: ""
type: list
use_admin_ip_whitelist:
use_admin_ip_allowlist:
default: false
client: true
blacklist_ip_blocks:
blocked_ip_blocks:
default: ""
type: list
list_type: compact
whitelist_internal_hosts:
allowed_internal_hosts:
default: ""
type: list
allowed_iframes:
default: "https://www.google.com/maps/embed?|https://www.openstreetmap.org/export/embed.html?|https://calendar.google.com/calendar/embed?|https://codepen.io/"
type: list
client: true
whitelisted_crawler_user_agents:
allowed_crawler_user_agents:
type: list
default: ""
list_type: compact
blacklisted_crawler_user_agents:
blocked_crawler_user_agents:
type: list
default: "mauibot|semrushbot|ahrefsbot|blexbot|seo spider"
list_type: compact
@ -1511,14 +1511,14 @@ onebox:
ja: 200
zh_CN: 200
zh_TW: 200
onebox_domains_blacklist:
blocked_onebox_domains:
default: ""
type: list
list_type: compact
max_oneboxes_per_post:
default: 50
client: true
inline_onebox_domains_whitelist:
allowed_inline_onebox_domains:
default: ""
type: list
list_type: compact
@ -1542,7 +1542,7 @@ spam:
notify_mods_when_user_silenced: false
flag_sockpuppets: false
newuser_spam_host_threshold: 3
white_listed_spam_host_domains:
allowed_spam_host_domains:
default: ""
type: list
levenshtein_distance_spammer_emails:
@ -1728,10 +1728,10 @@ embedding:
embed_title_scrubber:
default: ""
hidden: true
embed_blacklist_selector:
blocked_embed_selectors:
default: ""
hidden: true
embed_classname_whitelist:
allowed_embed_classnames:
default: "emoji"
hidden: true

23
db/migrate/20200709032247_allowlist_and_blocklist_site_settings.rb Normal file
View File

@ -0,0 +1,23 @@
# frozen_string_literal: true
class AllowlistAndBlocklistSiteSettings < ActiveRecord::Migration[6.0]
def up
SiteSetting::ALLOWLIST_DEPRECATED_SITE_SETTINGS.each_pair do |old_key, new_key|
DB.exec <<~SQL
INSERT INTO site_settings(name, data_type, value, created_at, updated_at)
SELECT '#{new_key}', data_type, value, created_at, updated_At
FROM site_settings
WHERE name = '#{old_key}'
SQL
end
end
def down
SiteSetting::ALLOWLIST_DEPRECATED_SITE_SETTINGS.each_pair do |_old_key, new_key|
DB.exec <<~SQL
DELETE FROM site_settings
WHERE name = '#{new_key}'
SQL
end
end
end

7
db/post_migrate/20200629232159_rename_path_whitelist_to_allowed_paths.rb Normal file
View File

@ -0,0 +1,7 @@
# frozen_string_literal: true
class RenamePathWhitelistToAllowedPaths < ActiveRecord::Migration[6.0]
def change
rename_column :embeddable_hosts, :path_whitelist, :allowed_paths
end
end

23
db/post_migrate/20200724060632_remove_deprecated_allowlist_settings.rb Normal file
View File

@ -0,0 +1,23 @@
# frozen_string_literal: true
class RemoveDeprecatedAllowlistSettings < ActiveRecord::Migration[6.0]
def up
SiteSetting::ALLOWLIST_DEPRECATED_SITE_SETTINGS.each_pair do |old_key, _new_key|
DB.exec <<~SQL
DELETE FROM site_settings
WHERE name = '#{old_key}'
SQL
end
end
def down
SiteSetting::ALLOWLIST_DEPRECATED_SITE_SETTINGS.each_pair do |old_key, new_key|
DB.exec <<~SQL
INSERT INTO site_settings(name, data_type, value, created_at, updated_at)
SELECT '#{old_key}', data_type, value, created_at, updated_At
FROM site_settings
WHERE name = '#{new_key}'
SQL
end
end
end

2
docs/SECURITY.md
View File

@ -29,7 +29,7 @@ There are 3 main scenarios we protect against:
3. **CSP is on by default** for [all Discourse installations](https://meta.discourse.org/t/mitigate-xss-attacks-with-content-security-policy/104243) as of Discourse 2.2. It can be switched off in the site settings, but it is default on.
On the server side we run a whitelist based sanitizer, implemented using the [Sanitize gem](https://github.com/rgrove/sanitize). See the [relevant Discourse code](https://github.com/discourse/discourse/blob/master/lib/pretty_text.rb).
On the server side we run a allowlist based sanitizer, implemented using the [Sanitize gem](https://github.com/rgrove/sanitize). See the [relevant Discourse code](https://github.com/discourse/discourse/blob/master/lib/pretty_text.rb).
In addition, titles and all other places where non-admins can enter code are protected either using the Handlebars library or standard Rails XSS protection.

4
lib/auth/github_authenticator.rb
View File

@ -113,8 +113,8 @@ class Auth::GithubAuthenticator < Auth::Authenticator
end
# If we *still* don't have a user, check to see if there's an email that
# passes validation (this includes whitelist/blacklist filtering if any is
# configured). When no whitelist/blacklist is in play, this will simply
# passes validation (this includes allowlist/blocklist filtering if any is
# configured). When no allowlist/blocklist is in play, this will simply
# choose the primary email since it's at the front of the list.
if !user
validator = EmailValidator.new(attributes: :email)

2
lib/cooked_post_processor.rb
View File

@ -592,7 +592,7 @@ class CookedPostProcessor
found = false
parent = img
while parent = parent.parent
if parent["class"] && parent["class"].include?("whitelistedgeneric")
if parent["class"] && parent["class"].include?("allowlistedgeneric")
found = true
break
end

18
lib/crawler_detection.rb
View File

@ -39,18 +39,18 @@ module CrawlerDetection
# Given a user_agent that returns true from crawler?, should its request be allowed?
def self.allow_crawler?(user_agent)
return true if SiteSetting.whitelisted_crawler_user_agents.blank? &&
SiteSetting.blacklisted_crawler_user_agents.blank?
return true if SiteSetting.allowed_crawler_user_agents.blank? &&
SiteSetting.blocked_crawler_user_agents.blank?
@whitelisted_matchers ||= {}
@blacklisted_matchers ||= {}
@allowlisted_matchers ||= {}
@blocklisted_matchers ||= {}
if SiteSetting.whitelisted_crawler_user_agents.present?
whitelisted = @whitelisted_matchers[SiteSetting.whitelisted_crawler_user_agents] ||= to_matcher(SiteSetting.whitelisted_crawler_user_agents)
!user_agent.nil? && user_agent.match?(whitelisted)
if SiteSetting.allowed_crawler_user_agents.present?
allowlisted = @allowlisted_matchers[SiteSetting.allowed_crawler_user_agents] ||= to_matcher(SiteSetting.allowed_crawler_user_agents)
!user_agent.nil? && user_agent.match?(allowlisted)
else
blacklisted = @blacklisted_matchers[SiteSetting.blacklisted_crawler_user_agents] ||= to_matcher(SiteSetting.blacklisted_crawler_user_agents)
user_agent.nil? || !user_agent.match?(blacklisted)
blocklisted = @blocklisted_matchers[SiteSetting.blocked_crawler_user_agents] ||= to_matcher(SiteSetting.blocked_crawler_user_agents)
user_agent.nil? || !user_agent.match?(blocklisted)
end
end

18
lib/email/receiver.rb
View File

@ -62,7 +62,7 @@ module Email
end
def process!
return if is_blacklisted?
return if is_blocked?
id_hash = Digest::SHA1.hexdigest(@message_id)
DistributedMutex.synchronize("process_email_#{id_hash}") do
begin
@ -105,7 +105,7 @@ module Email
end
end
def is_blacklisted?
def is_blocked?
return false if SiteSetting.ignore_by_title.blank?
Regexp.new(SiteSetting.ignore_by_title, Regexp::IGNORECASE) =~ @mail.subject
end
@ -289,7 +289,7 @@ module Email
end
def is_auto_generated?
return false if SiteSetting.auto_generated_whitelist.split('|').include?(@from_email)
return false if SiteSetting.auto_generated_allowlist.split('|').include?(@from_email)
@mail[:precedence].to_s[/list|junk|bulk|auto_reply/i] ||
@mail[:from].to_s[/(mailer[\-_]?daemon|post[\-_]?master|no[\-_]?reply)@/i] ||
@mail[:subject].to_s[/^\s*(Auto:|Automatic reply|Autosvar|Automatisk svar|Automatisch antwoord|Abwesenheitsnotiz|Risposta Non al computer|Automatisch antwoord|Auto Response|Respuesta automática|Fuori sede|Out of Office|Frånvaro|Réponse automatique)/i] ||
@ -1009,18 +1009,18 @@ module Email
raise InvalidPostAction.new if result.failed? && result.forbidden
end
def is_whitelisted_attachment?(attachment)
attachment.content_type !~ SiteSetting.attachment_content_type_blacklist_regex &&
attachment.filename !~ SiteSetting.attachment_filename_blacklist_regex
def is_allowed?(attachment)
attachment.content_type !~ SiteSetting.blocked_attachment_content_types_regex &&
attachment.filename !~ SiteSetting.blocked_attachment_filenames_regex
end
def attachments
@attachments ||= begin
attachments = @mail.attachments.select { |attachment| is_whitelisted_attachment?(attachment) }
attachments << @mail if @mail.attachment? && is_whitelisted_attachment?(@mail)
attachments = @mail.attachments.select { |attachment| is_allowed?(attachment) }
attachments << @mail if @mail.attachment? && is_allowed?(@mail)
@mail.parts.each do |part|
attachments << part if part.attachment? && is_whitelisted_attachment?(part)
attachments << part if part.attachment? && is_allowed?(part)
end
attachments.uniq!

2
lib/email/styles.rb
View File

@ -152,7 +152,7 @@ module Email
# iframes can't go in emails, so replace them with clickable links
@fragment.css('iframe').each do |i|
begin
# sometimes, iframes are blacklisted...
# sometimes, iframes are blocklisted...
if i["src"].blank?
i.remove
next

8
lib/final_destination.rb
View File

@ -284,13 +284,13 @@ class FinalDestination
def is_dest_valid?
return false unless @uri && @uri.host
# Whitelisted hosts
# Allowlisted hosts
return true if hostname_matches?(SiteSetting.Upload.s3_cdn_url) ||
hostname_matches?(GlobalSetting.try(:cdn_url)) ||
hostname_matches?(Discourse.base_url_no_prefix)
if SiteSetting.whitelist_internal_hosts.present?
return true if SiteSetting.whitelist_internal_hosts.split("|").any? { |h| h.downcase == @uri.hostname.downcase }
if SiteSetting.allowed_internal_hosts.present?
return true if SiteSetting.allowed_internal_hosts.split("|").any? { |h| h.downcase == @uri.hostname.downcase }
end
address_s = @opts[:lookup_ip].call(@uri.hostname)
@ -320,7 +320,7 @@ class FinalDestination
def private_ranges
FinalDestination.standard_private_ranges +
SiteSetting.blacklist_ip_blocks.split('|').map { |r| IPAddr.new(r) rescue nil }.compact
SiteSetting.blocked_ip_blocks.split('|').map { |r| IPAddr.new(r) rescue nil }.compact
end
def log(log_level, message)

2
lib/flag_query.rb
View File

@ -137,7 +137,7 @@ module FlagQuery
guardian = Guardian.new(current_user)
users = User.includes(:user_stat).where(id: user_ids.to_a).to_a
User.preload_custom_fields(users, User.whitelisted_user_custom_fields(guardian))
User.preload_custom_fields(users, User.allowed_user_custom_fields(guardian))
[
posts,

10
lib/guardian.rb
View File

@ -477,9 +477,9 @@ class Guardian
def allowed_theme_repo_import?(repo)
return false if !@user.admin?
whitelisted_repos = GlobalSetting.whitelisted_theme_repos
if !whitelisted_repos.blank?
urls = whitelisted_repos.split(",").map(&:strip)
allowed_repos = GlobalSetting.allowed_theme_repos
if !allowed_repos.blank?
urls = allowed_repos.split(",").map(&:strip)
return urls.include?(repo)
end
@ -489,8 +489,8 @@ class Guardian
def allow_themes?(theme_ids, include_preview: false)
return true if theme_ids.blank?
if whitelisted_theme_ids = GlobalSetting.whitelisted_theme_ids
if (theme_ids - whitelisted_theme_ids).present?
if allowed_theme_ids = GlobalSetting.allowed_theme_ids
if (theme_ids - allowed_theme_ids).present?
return false
end
end

4
lib/guardian/post_guardian.rb
View File

@ -10,7 +10,7 @@ module PostGuardian
def link_posting_access
if unrestricted_link_posting?
'full'
elsif SiteSetting.whitelisted_link_domains.present?
elsif SiteSetting.allowed_link_domains.present?
'limited'
else
'none'
@ -21,7 +21,7 @@ module PostGuardian
return false if host.blank?
unrestricted_link_posting? ||
SiteSetting.whitelisted_link_domains.split('|').include?(host)
SiteSetting.allowed_link_domains.split('|').include?(host)
end
# Can the user act on the post in a particular way.

2
lib/inline_oneboxer.rb
View File

@ -42,7 +42,7 @@ class InlineOneboxer
end
always_allow = SiteSetting.enable_inline_onebox_on_all_domains
domains = SiteSetting.inline_onebox_domains_whitelist&.split('|') unless always_allow
domains = SiteSetting.allowed_inline_onebox_domains&.split('|') unless always_allow
if always_allow || domains
uri = begin

8
lib/onebox/engine/whitelisted_generic_onebox.rb → lib/onebox/engine/allowlisted_generic_onebox.rb
View File

@ -4,9 +4,9 @@ require "ipaddr"
module Onebox
module Engine
class WhitelistedGenericOnebox
class AllowlistedGenericOnebox
# overwrite the whitelist
# overwrite the allowlist
def self.===(other)
other.is_a?(URI) ? (IPAddr.new(other.hostname) rescue nil).nil? : true
end
@ -18,10 +18,10 @@ module Onebox
private
# overwrite to whitelist iframes
# overwrite to allowlist iframes
def is_embedded?
return false unless data[:html] && data[:height]
return true if WhitelistedGenericOnebox.html_providers.include?(data[:provider_name])
return true if AllowlistedGenericOnebox.html_providers.include?(data[:provider_name])
if data[:html]["iframe"]
fragment = Nokogiri::HTML5::fragment(data[:html])

8
lib/oneboxer.rb
View File

@ -292,8 +292,8 @@ module Oneboxer
end
end
def self.blacklisted_domains
SiteSetting.onebox_domains_blacklist.split("|")
def self.blocked_domains
SiteSetting.blocked_onebox_domains.split("|")
end
def self.preserve_fragment_url_hosts
@ -304,12 +304,12 @@ module Oneboxer
Discourse.cache.fetch(onebox_cache_key(url), expires_in: 1.day) do
fd = FinalDestination.new(url,
ignore_redirects: ignore_redirects,
ignore_hostnames: blacklisted_domains,
ignore_hostnames: blocked_domains,
force_get_hosts: force_get_hosts,
force_custom_user_agent_hosts: force_custom_user_agent_hosts,
preserve_fragment_url_hosts: preserve_fragment_url_hosts)
uri = fd.resolve
return blank_onebox if uri.blank? || blacklisted_domains.map { |hostname| uri.hostname.match?(hostname) }.any?
return blank_onebox if uri.blank? || blocked_domains.map { |hostname| uri.hostname.match?(hostname) }.any?
options = {
max_width: 695,

19
lib/plugin/instance.rb
View File

@ -161,10 +161,20 @@ class Plugin::Instance
end
def whitelist_staff_user_custom_field(field)
Discourse.deprecate("whitelist_staff_user_custom_field is deprecated, use the allow_staff_user_custom_field.", drop_from: "2.6")
allow_staff_user_custom_field(field)
end
def allow_staff_user_custom_field(field)
DiscoursePluginRegistry.register_staff_user_custom_field(field, self)
end
def whitelist_public_user_custom_field(field)
Discourse.deprecate("whitelist_public_user_custom_field is deprecated, use the allow_public_user_custom_field.", drop_from: "2.6")
allow_public_user_custom_field(field)
end
def allow_public_user_custom_field(field)
DiscoursePluginRegistry.register_public_user_custom_field(field, self)
end
@ -256,10 +266,15 @@ class Plugin::Instance
end
end
# Add a post_custom_fields_whitelister block to the TopicView, respecting if the plugin is enabled
def topic_view_post_custom_fields_whitelister(&block)
Discourse.deprecate("topic_view_post_custom_fields_whitelister is deprecated, use the topic_view_post_custom_fields_allowlister.", drop_from: "2.6")
topic_view_post_custom_fields_allowlister(&block)
end
# Add a post_custom_fields_allowlister block to the TopicView, respecting if the plugin is enabled
def topic_view_post_custom_fields_allowlister(&block)
reloadable_patch do |plugin|
::TopicView.add_post_custom_fields_whitelister do |user|
::TopicView.add_post_custom_fields_allowlister do |user|
plugin.enabled? ? block.call(user) : []
end
end

6
lib/pretty_text.rb
View File

@ -284,10 +284,10 @@ module PrettyText
end
def self.add_rel_nofollow_to_user_content(doc)
whitelist = []
allowlist = []
domains = SiteSetting.exclude_rel_nofollow_domains
whitelist = domains.split('|') if domains.present?
allowlist = domains.split('|') if domains.present?
site_uri = nil
doc.css("a").each do |l|
@ -299,7 +299,7 @@ module PrettyText
if !uri.host.present? ||
uri.host == site_uri.host ||
uri.host.ends_with?(".#{site_uri.host}") ||
whitelist.any? { |u| uri.host == u || uri.host.ends_with?(".#{u}") }
allowlist.any? { |u| uri.host == u || uri.host.ends_with?(".#{u}") }
# we are good no need for nofollow
l.remove_attribute("rel")
else

4
lib/site_setting_extension.rb
View File

@ -378,8 +378,8 @@ module SiteSettingExtension
end
HOSTNAME_SETTINGS ||= %w{
disabled_image_download_domains onebox_domains_blacklist exclude_rel_nofollow_domains
email_domains_blacklist email_domains_whitelist white_listed_spam_host_domains
disabled_image_download_domains blocked_onebox_domains exclude_rel_nofollow_domains
blocked_email_domains allowed_email_domains allowed_spam_host_domains
}
def filter_value(name, value)

4
lib/spam_handler.rb
View File

@ -17,8 +17,8 @@ class SpamHandler
return false if staff_members_with_same_ip > 0
ip_whitelisted = ScreenedIpAddress.is_whitelisted?(ip_address)
return false if ip_whitelisted
allowed_ip = ScreenedIpAddress.is_allowed?(ip_address)
return false if allowed_ip
tl0_accounts_with_same_ip = User.unscoped
.where(trust_level: TrustLevel[0])

4
lib/tasks/typepad.thor
View File

@ -13,7 +13,7 @@ class Typepad < Thor
require './config/environment'
backup_settings = {}
%w(email_domains_blacklist).each do |s|
%w(blocked_email_domains).each do |s|
backup_settings[s] = SiteSetting.get(s)
end
@ -53,7 +53,7 @@ class Typepad < Thor
end
RateLimiter.disable
SiteSetting.email_domains_blacklist = ""
SiteSetting.blocked_email_domains = ""
puts "Importing #{entries.size} entries"

18
lib/topic_view.rb
View File

@ -38,16 +38,16 @@ class TopicView
@default_post_custom_fields ||= [Post::NOTICE_TYPE, Post::NOTICE_ARGS, "action_code_who"]
end
def self.post_custom_fields_whitelisters
@post_custom_fields_whitelisters ||= Set.new
def self.post_custom_fields_allowlisters
@post_custom_fields_allowlisters ||= Set.new
end
def self.add_post_custom_fields_whitelister(&block)
post_custom_fields_whitelisters << block
def self.add_post_custom_fields_allowlister(&block)
post_custom_fields_allowlisters << block
end
def self.whitelisted_post_custom_fields(user)
wpcf = default_post_custom_fields + post_custom_fields_whitelisters.map { |w| w.call(user) }
def self.allowed_post_custom_fields(user)
wpcf = default_post_custom_fields + post_custom_fields_allowlisters.map { |w| w.call(user) }
wpcf.flatten.uniq
end
@ -87,12 +87,12 @@ class TopicView
filter_posts(options)
if @posts && !@skip_custom_fields
if (added_fields = User.whitelisted_user_custom_fields(@guardian)).present?
if (added_fields = User.allowed_user_custom_fields(@guardian)).present?
@user_custom_fields = User.custom_fields_for_ids(@posts.pluck(:user_id), added_fields)
end
if (whitelisted_fields = TopicView.whitelisted_post_custom_fields(@user)).present?
@post_custom_fields = Post.custom_fields_for_ids(@posts.pluck(:id), whitelisted_fields)
if (allowed_fields = TopicView.allowed_post_custom_fields(@user)).present?
@post_custom_fields = Post.custom_fields_for_ids(@posts.pluck(:id), allowed_fields)
end
end

10
lib/upload_creator.rb
View File

@ -51,7 +51,7 @@ class UploadCreator
return @upload if @upload.errors.present?
if @image_info.type.to_s == "svg"
whitelist_svg!
clean_svg!
elsif !Rails.env.test? || @opts[:force_optimize]
convert_to_jpeg! if convert_png_to_jpeg?
downsize! if should_downsize?
@ -302,9 +302,9 @@ class UploadCreator
end
end
def whitelist_svg!
def clean_svg!
doc = Nokogiri::XML(@file)
doc.xpath(svg_whitelist_xpath).remove
doc.xpath(svg_allowlist_xpath).remove
doc.xpath("//@*[starts-with(name(), 'on')]").remove
doc.css('use').each do |use_el|
if use_el.attr('href')
@ -400,8 +400,8 @@ class UploadCreator
@allow_animation ||= @opts[:type] == "avatar" ? SiteSetting.allow_animated_avatars : SiteSetting.allow_animated_thumbnails
end
def svg_whitelist_xpath
@@svg_whitelist_xpath ||= "//*[#{WHITELISTED_SVG_ELEMENTS.map { |e| "name()!='#{e}'" }.join(" and ") }]"
def svg_allowlist_xpath
@@svg_allowlist_xpath ||= "//*[#{WHITELISTED_SVG_ELEMENTS.map { |e| "name()!='#{e}'" }.join(" and ") }]"
end
def add_metadata!

2
lib/upload_recovery.rb
View File

@ -17,7 +17,7 @@ class UploadRecovery
analyzer.cooked_stripped.css("img", "a").each do |media|
if media.name == "img" && orig_src = media["data-orig-src"]
if dom_class = media["class"]
if (Post.white_listed_image_classes & dom_class.split).count > 0
if (Post.allowed_image_classes & dom_class.split).count > 0
next
end
end

6
lib/user_name_suggester.rb
View File

@ -115,7 +115,7 @@ module UserNameSuggester
end
name.gsub!(UsernameValidator.invalid_char_pattern, '_')
name = apply_whitelist(name) if UsernameValidator.char_whitelist_exists?
name = apply_allowlist(name) if UsernameValidator.char_allowlist_exists?
name.gsub!(UsernameValidator::INVALID_LEADING_CHAR_PATTERN, '')
name.gsub!(UsernameValidator::CONFUSING_EXTENSIONS, "_")
name.gsub!(UsernameValidator::INVALID_TRAILING_CHAR_PATTERN, '')
@ -123,9 +123,9 @@ module UserNameSuggester
name
end
def self.apply_whitelist(name)
def self.apply_allowlist(name)
name.grapheme_clusters
.map { |c| UsernameValidator.whitelisted_char?(c) ? c : '_' }
.map { |c| UsernameValidator.allowed_char?(c) ? c : '_' }
.join
end

4
lib/validators/email_validator.rb
View File

@ -17,9 +17,9 @@ class EmailValidator < ActiveModel::EachValidator
end
def self.allowed?(email)
if (setting = SiteSetting.email_domains_whitelist).present?
if (setting = SiteSetting.allowed_email_domains).present?
return email_in_restriction_setting?(setting, email) || is_developer?(email)
elsif (setting = SiteSetting.email_domains_blacklist).present?
elsif (setting = SiteSetting.blocked_email_domains).present?
return !(email_in_restriction_setting?(setting, email) && !is_developer?(email))
end

6
lib/validators/unicode_username_whitelist_validator.rb → lib/validators/unicode_username_allowlist_validator.rb
View File

@ -1,6 +1,6 @@
# frozen_string_literal: true
class UnicodeUsernameWhitelistValidator
class UnicodeUsernameAllowlistValidator
def initialize(opts = {})
@opts = opts
end
@ -10,12 +10,12 @@ class UnicodeUsernameWhitelistValidator
return true if value.blank?
if value.match?(/^\/.*\/[imxo]*$/)
@error_message = I18n.t("site_settings.errors.unicode_username_whitelist.leading_trailing_slash")
@error_message = I18n.t("site_settings.errors.allowed_unicode_usernames.leading_trailing_slash")
else
begin
Regexp.new(value)
rescue RegexpError => e
@error_message = I18n.t("site_settings.errors.unicode_username_whitelist.regex_invalid", error: e.message)
@error_message = I18n.t("site_settings.errors.allowed_unicode_usernames.regex_invalid", error: e.message)
end
end

4
lib/validators/upload_validator.rb
View File

@ -12,9 +12,9 @@ class UploadValidator < ActiveModel::Validator
return true if upload.user&.staff?
end
# check the attachment blacklist
# check the attachment blocklist
if upload.for_group_message && SiteSetting.allow_all_attachments_for_group_messages
return upload.original_filename =~ SiteSetting.attachment_filename_blacklist_regex
return upload.original_filename =~ SiteSetting.blocked_attachment_filenames_regex
end
extension = File.extname(upload.original_filename)[1..-1] || ""

2
plugins/poll/plugin.rb
View File

@ -562,7 +562,7 @@ after_initialize do
register_post_custom_field_type(DiscoursePoll::HAS_POLLS, :boolean)
topic_view_post_custom_fields_whitelister { [DiscoursePoll::HAS_POLLS] }
topic_view_post_custom_fields_allowlister { [DiscoursePoll::HAS_POLLS] }
add_to_class(:topic_view, :polls) do
@polls ||= begin

2
script/import_scripts/base.rb
View File

@ -70,7 +70,7 @@ class ImportScripts::Base
def get_site_settings_for_import
{
email_domains_blacklist: '',
blocked_email_domains: '',
min_topic_title_length: 1,
min_post_length: 1,
min_first_post_length: 1,

38
script/import_scripts/friendsmegplus.rb
View File

@ -68,12 +68,12 @@ class ImportScripts::FMGP < ImportScripts::Base
@usermap = {}
# G+ user IDs to filter out (spam, abuse) — no topics or posts, silence and suspend when creating
# loaded from blacklist.json as array of google ids `[ 92310293874, 12378491235293 ]`
@blacklist = Set[]
# loaded from blocklist.json as array of google ids `[ 92310293874, 12378491235293 ]`
@blocklist = Set[]
# G+ user IDs whose posts are useful; if this is set, include only
# posts (and non-blacklisted comments) authored by these IDs
@whitelist = nil
# posts (and non-blocklisted comments) authored by these IDs
@allowlist = nil
# Tags to apply to every topic; empty Array to not have any tags applied everywhere
@globaltags = [ "gplus" ]
@ -117,10 +117,10 @@ class ImportScripts::FMGP < ImportScripts::Base
@categories = load_fmgp_json(arg)
elsif arg.end_with?("usermap.json")
@usermap = load_fmgp_json(arg)
elsif arg.end_with?('blacklist.json')
@blacklist = load_fmgp_json(arg).map { |i| i.to_s }.to_set
elsif arg.end_with?('whitelist.json')
@whitelist = load_fmgp_json(arg).map { |i| i.to_s }.to_set
elsif arg.end_with?('blocklist.json')
@blocklist = load_fmgp_json(arg).map { |i| i.to_s }.to_set
elsif arg.end_with?('allowlist.json')
@allowlist = load_fmgp_json(arg).map { |i| i.to_s }.to_set
elsif arg.end_with?('.json')
@feeds << load_fmgp_json(arg)
elsif arg == '--dry-run'
@ -149,8 +149,8 @@ class ImportScripts::FMGP < ImportScripts::Base
@posts_imported = 0
@topics_skipped = 0
@posts_skipped = 0
@topics_blacklisted = 0
@posts_blacklisted = 0
@blocked_topics = 0
@blocked_posts = 0
# count uploaded file size
@totalsize = 0
@ -324,10 +324,10 @@ class ImportScripts::FMGP < ImportScripts::Base
newuser.approved = true
newuser.approved_by_id = @system_user.id
newuser.approved_at = newuser.created_at
if @blacklist.include?(id.to_s)
if @blocklist.include?(id.to_s)
now = DateTime.now
forever = 1000.years.from_now
# you can suspend as well if you want your blacklist to
# you can suspend as well if you want your blocklist to
# be hard to recover from
#newuser.suspended_at = now
#newuser.suspended_till = forever
@ -348,7 +348,7 @@ class ImportScripts::FMGP < ImportScripts::Base
# user already on system
u = User.find(google_user_info.user_id)
if u.silenced? || u.suspended?
@blacklist.add(id)
@blocklist.add(id)
end
@users[id] = u
email = u.email
@ -371,7 +371,7 @@ class ImportScripts::FMGP < ImportScripts::Base
category["posts"].each do |post|
# G+ post / Discourse topic
import_topic(post, category)
print("\r#{@topics_imported}/#{@posts_imported} topics/posts (skipped: #{@topics_skipped}/#{@posts_skipped} blacklisted: #{@topics_blacklisted}/#{@posts_blacklisted}) ")
print("\r#{@topics_imported}/#{@posts_imported} topics/posts (skipped: #{@topics_skipped}/#{@posts_skipped} blocklisted: #{@blocked_topics}/#{@blocked_posts}) ")
end
end
end
@ -389,13 +389,13 @@ class ImportScripts::FMGP < ImportScripts::Base
@topics_skipped += 1
else
# new post
if !@whitelist.nil? && !@whitelist.include?(post["author"]["id"])
# only ignore non-whitelisted if whitelist defined
if !@allowlist.nil? && !@allowlist.include?(post["author"]["id"])
# only ignore non-allowlisted if allowlist defined
return
end
postmap = make_postmap(post, category, nil)
if postmap.nil?
@topics_blacklisted += 1
@blocked_topics += 1
return
end
p = create_post(postmap, postmap[:id]) if !@dryrun
@ -409,7 +409,7 @@ class ImportScripts::FMGP < ImportScripts::Base
else
commentmap = make_postmap(comment, nil, p)
if commentmap.nil?
@posts_blacklisted += 1
@blocked_posts += 1
else
@posts_imported += 1
new_comment = create_post(commentmap, commentmap[:id]) if !@dryrun
@ -420,7 +420,7 @@ class ImportScripts::FMGP < ImportScripts::Base
def make_postmap(post, category, parent)
post_author_id = post["author"]["id"]
return nil if @blacklist.include?(post_author_id.to_s)
return nil if @blocklist.include?(post_author_id.to_s)
raw = formatted_message(post)
# if no message, image, or images, it's just empty

4
script/import_scripts/smf1.rb
View File

@ -497,10 +497,10 @@ class ImportScripts::Smf1 < ImportScripts::Base
def import_banned_domains
puts "", "Importing banned email domains..."
blacklist = SiteSetting.email_domains_blacklist.split("|")
blocklist = SiteSetting.blocked_email_domains.split("|")
banned_domains = mysql_query("SELECT SUBSTRING(email_address, 3) domain FROM smf_ban_items WHERE email_address RLIKE '^%@[^%]+$' GROUP BY email_address").map { |r| r["domain"] }
SiteSetting.email_domains_blacklist = (blacklist + banned_domains).uniq.sort.join("|")
SiteSetting.blocked_email_domains = (blocklist + banned_domains).uniq.sort.join("|")
end
def import_banned_emails

22
spec/components/auth/github_authenticator_spec.rb
View File

@ -178,38 +178,38 @@ describe Auth::GithubAuthenticator do
expect(result.email_valid).to eq(hash[:info][:email].present?)
end
it 'will skip blacklisted domains for non existing users' do
it 'will skip blocklisted domains for non existing users' do
hash = {
extra: {
all_emails: [{
email: "not_allowed@blacklist.com",
email: "not_allowed@blocklist.com",
primary: true,
verified: true,
}, {
email: "allowed@whitelist.com",
email: "allowed@allowlist.com",
primary: false,
verified: true,
}]
},
info: {
email: "not_allowed@blacklist.com",
email: "not_allowed@blocklist.com",
nickname: "person",
name: "Person Lastname",
},
uid: "100"
}
SiteSetting.email_domains_blacklist = "blacklist.com"
SiteSetting.blocked_email_domains = "blocklist.com"
result = authenticator.after_authenticate(hash)
expect(result.user).to eq(nil)
expect(result.username).to eq(hash[:info][:nickname])
expect(result.name).to eq(hash[:info][:name])
expect(result.email).to eq("allowed@whitelist.com")
expect(result.email).to eq("allowed@allowlist.com")
expect(result.email_valid).to eq(true)
end
it 'will find whitelisted domains for non existing users' do
it 'will find allowlisted domains for non existing users' do
hash = {
extra: {
all_emails: [{
@ -217,11 +217,11 @@ describe Auth::GithubAuthenticator do
primary: true,
verified: true,
}, {
email: "not_allowed@blacklist.com",
email: "not_allowed@blocklist.com",
primary: false,
verified: true,
}, {
email: "allowed@whitelist.com",
email: "allowed@allowlist.com",
primary: false,
verified: true,
}]
@ -234,13 +234,13 @@ describe Auth::GithubAuthenticator do
uid: "100"
}
SiteSetting.email_domains_whitelist = "whitelist.com"
SiteSetting.allowed_email_domains = "allowlist.com"
result = authenticator.after_authenticate(hash)
expect(result.user).to eq(nil)
expect(result.username).to eq(hash[:info][:nickname])
expect(result.name).to eq(hash[:info][:name])
expect(result.email).to eq("allowed@whitelist.com")
expect(result.email).to eq("allowed@allowlist.com")
expect(result.email_valid).to eq(true)
end

4
spec/components/concern/has_custom_fields_spec.rb
View File

@ -235,7 +235,7 @@ describe HasCustomFields do
it "supports bulk retrieval with a list of ids" do
item1 = CustomFieldsTestItem.new
item1.custom_fields = { "a" => ["b", "c", "d"], 'not_whitelisted' => 'secret' }
item1.custom_fields = { "a" => ["b", "c", "d"], 'not_allowlisted' => 'secret' }
item1.save
item2 = CustomFieldsTestItem.new
@ -245,7 +245,7 @@ describe HasCustomFields do
fields = CustomFieldsTestItem.custom_fields_for_ids([item1.id, item2.id], ['a', 'e'])
expect(fields).to be_present
expect(fields[item1.id]['a']).to match_array(['b', 'c', 'd'])
expect(fields[item1.id]['not_whitelisted']).to be_blank
expect(fields[item1.id]['not_allowlisted']).to be_blank
expect(fields[item2.id]['e']).to eq('hallo')
end

2
spec/components/cooked_post_processor_spec.rb
View File

@ -1600,7 +1600,7 @@ describe CookedPostProcessor do
context "onebox" do
before do
Oneboxer.stubs(:onebox).with(anything, anything).returns(nil)
Oneboxer.stubs(:onebox).with('https://discourse.org', anything).returns("<aside class=\"onebox whitelistedgeneric\">the rest of the onebox</aside>")
Oneboxer.stubs(:onebox).with('https://discourse.org', anything).returns("<aside class=\"onebox allowlistedgeneric\">the rest of the onebox</aside>")
end
it "awards the badge for using an onebox" do

48
spec/components/crawler_detection_spec.rb
View File

@ -70,13 +70,13 @@ describe CrawlerDetection do
end
describe 'allow_crawler?' do
it 'returns true if whitelist and blacklist are blank' do
it 'returns true if allowlist and blocklist are blank' do
expect(CrawlerDetection.allow_crawler?('Googlebot/2.1 (+http://www.google.com/bot.html)')).to eq(true)
end
context 'whitelist is set' do
context 'allowlist is set' do
before do
SiteSetting.whitelisted_crawler_user_agents = 'Googlebot|Twitterbot'
SiteSetting.allowed_crawler_user_agents = 'Googlebot|Twitterbot'
end
it 'returns true for matching user agents' do
@ -91,20 +91,20 @@ describe CrawlerDetection do
expect(CrawlerDetection.allow_crawler?('')).to eq(false)
end
context 'and blacklist is set' do
context 'and blocklist is set' do
before do
SiteSetting.blacklisted_crawler_user_agents = 'Googlebot-Image'
SiteSetting.blocked_crawler_user_agents = 'Googlebot-Image'
end
it 'ignores the blacklist' do
it 'ignores the blocklist' do
expect(CrawlerDetection.allow_crawler?('Googlebot-Image/1.0')).to eq(true)
end
end
end
context 'blacklist is set' do
context 'blocklist is set' do
before do
SiteSetting.blacklisted_crawler_user_agents = 'Googlebot|Twitterbot'
SiteSetting.blocked_crawler_user_agents = 'Googlebot|Twitterbot'
end
it 'returns true for crawlers that do not match' do
@ -122,47 +122,47 @@ describe CrawlerDetection do
end
describe 'is_blocked_crawler?' do
it 'is false if user agent is a crawler and no whitelist or blacklist is defined' do
it 'is false if user agent is a crawler and no allowlist or blocklist is defined' do
expect(CrawlerDetection.is_blocked_crawler?('Twitterbot')).to eq(false)
end
it 'is false if user agent is not a crawler and no whitelist or blacklist is defined' do
it 'is false if user agent is not a crawler and no allowlist or blocklist is defined' do
expect(CrawlerDetection.is_blocked_crawler?('Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36')).to eq(false)
end
it 'is true if user agent is a crawler and is not whitelisted' do
SiteSetting.whitelisted_crawler_user_agents = 'Googlebot'
it 'is true if user agent is a crawler and is not allowlisted' do
SiteSetting.allowed_crawler_user_agents = 'Googlebot'
expect(CrawlerDetection.is_blocked_crawler?('Twitterbot')).to eq(true)
end
it 'is false if user agent is not a crawler and there is a whitelist' do
SiteSetting.whitelisted_crawler_user_agents = 'Googlebot'
it 'is false if user agent is not a crawler and there is a allowlist' do
SiteSetting.allowed_crawler_user_agents = 'Googlebot'
expect(CrawlerDetection.is_blocked_crawler?('Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36')).to eq(false)
end
it 'is true if user agent is a crawler and is blacklisted' do
SiteSetting.blacklisted_crawler_user_agents = 'Twitterbot'
it 'is true if user agent is a crawler and is blocklisted' do
SiteSetting.blocked_crawler_user_agents = 'Twitterbot'
expect(CrawlerDetection.is_blocked_crawler?('Twitterbot')).to eq(true)
end
it 'is true if user agent is a crawler and is not blacklisted' do
SiteSetting.blacklisted_crawler_user_agents = 'Twitterbot'
it 'is true if user agent is a crawler and is not blocklisted' do
SiteSetting.blocked_crawler_user_agents = 'Twitterbot'
expect(CrawlerDetection.is_blocked_crawler?('Googlebot')).to eq(false)
end
it 'is false if user agent is not a crawler and blacklist is defined' do
SiteSetting.blacklisted_crawler_user_agents = 'Mozilla'
it 'is false if user agent is not a crawler and blocklist is defined' do
SiteSetting.blocked_crawler_user_agents = 'Mozilla'
expect(CrawlerDetection.is_blocked_crawler?('Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36')).to eq(false)
end
it 'is true if user agent is missing and whitelist is defined' do
SiteSetting.whitelisted_crawler_user_agents = 'Googlebot'
it 'is true if user agent is missing and allowlist is defined' do
SiteSetting.allowed_crawler_user_agents = 'Googlebot'
expect(CrawlerDetection.is_blocked_crawler?('')).to eq(true)
expect(CrawlerDetection.is_blocked_crawler?(nil)).to eq(true)
end
it 'is false if user agent is missing and blacklist is defined' do
SiteSetting.blacklisted_crawler_user_agents = 'Googlebot'
it 'is false if user agent is missing and blocklist is defined' do
SiteSetting.blocked_crawler_user_agents = 'Googlebot'
expect(CrawlerDetection.is_blocked_crawler?('')).to eq(false)
expect(CrawlerDetection.is_blocked_crawler?(nil)).to eq(false)
end

44
spec/components/email/receiver_spec.rb
View File

@ -25,16 +25,16 @@ describe Email::Receiver do
expect { process(:screened_email) }.to raise_error(Email::Receiver::ScreenedEmailError)
end
it "raises EmailNotAllowed when email address is not on whitelist" do
SiteSetting.email_domains_whitelist = "example.com|bar.com"
it "raises EmailNotAllowed when email address is not on allowlist" do
SiteSetting.allowed_email_domains = "example.com|bar.com"
Fabricate(:group, incoming_email: "some_group@bar.com")
expect { process(:blacklist_whitelist_email) }.to raise_error(Email::Receiver::EmailNotAllowed)
expect { process(:blocklist_allowlist_email) }.to raise_error(Email::Receiver::EmailNotAllowed)
end
it "raises EmailNotAllowed when email address is on blacklist" do
SiteSetting.email_domains_blacklist = "email.com|mail.com"
it "raises EmailNotAllowed when email address is on blocklist" do
SiteSetting.blocked_email_domains = "email.com|mail.com"
Fabricate(:group, incoming_email: "some_group@bar.com")
expect { process(:blacklist_whitelist_email) }.to raise_error(Email::Receiver::EmailNotAllowed)
expect { process(:blocklist_allowlist_email) }.to raise_error(Email::Receiver::EmailNotAllowed)
end
it "raises an UserNotFoundError when staged users are disabled" do
@ -419,9 +419,9 @@ describe Email::Receiver do
expect { process(:invalid_from_2) }.to raise_error(Email::Receiver::NoSenderDetectedError)
end
it "doesn't raise an AutoGeneratedEmailError when the mail is auto generated but is whitelisted" do
SiteSetting.auto_generated_whitelist = "foo@bar.com|discourse@bar.com"
expect { process(:auto_generated_whitelisted) }.to change { topic.posts.count }
it "doesn't raise an AutoGeneratedEmailError when the mail is auto generated but is allowlisted" do
SiteSetting.auto_generated_allowlist = "foo@bar.com|discourse@bar.com"
expect { process(:auto_generated_allowlisted) }.to change { topic.posts.count }
end
it "doesn't raise an AutoGeneratedEmailError when block_auto_generated_emails is disabled" do
@ -1211,41 +1211,41 @@ describe Email::Receiver do
include_examples "does not create staged users", :unsubscribe_new_user, Email::Receiver::UnsubscribeNotAllowed
end
context "when From email address is not on whitelist" do
context "when From email address is not on allowlist" do
before do
SiteSetting.email_domains_whitelist = "example.com|bar.com"
SiteSetting.allowed_email_domains = "example.com|bar.com"
Fabricate(:group, incoming_email: "some_group@bar.com")
end
include_examples "does not create staged users", :blacklist_whitelist_email, Email::Receiver::EmailNotAllowed
include_examples "does not create staged users", :blocklist_allowlist_email, Email::Receiver::EmailNotAllowed
end
context "when From email address is on blacklist" do
context "when From email address is on blocklist" do
before do
SiteSetting.email_domains_blacklist = "email.com|mail.com"
SiteSetting.blocked_email_domains = "email.com|mail.com"
Fabricate(:group, incoming_email: "some_group@bar.com")
end
include_examples "does not create staged users", :blacklist_whitelist_email, Email::Receiver::EmailNotAllowed
include_examples "does not create staged users", :blocklist_allowlist_email, Email::Receiver::EmailNotAllowed
end
context "blacklist and whitelist for To and Cc" do
context "blocklist and allowlist for To and Cc" do
before do
Fabricate(:group, incoming_email: "some_group@bar.com")
end
it "does not create staged users for email addresses not on whitelist" do
SiteSetting.email_domains_whitelist = "mail.com|example.com"
process(:blacklist_whitelist_email)
it "does not create staged users for email addresses not on allowlist" do
SiteSetting.allowed_email_domains = "mail.com|example.com"
process(:blocklist_allowlist_email)
expect(User.find_by_email("alice@foo.com")).to be_nil
expect(User.find_by_email("bob@foo.com")).to be_nil
expect(User.find_by_email("carol@example.com")).to be_present
end
it "does not create staged users for email addresses on blacklist" do
SiteSetting.email_domains_blacklist = "email.com|foo.com"
process(:blacklist_whitelist_email)
it "does not create staged users for email addresses on blocklist" do
SiteSetting.blocked_email_domains = "email.com|foo.com"
process(:blocklist_allowlist_email)
expect(User.find_by_email("alice@foo.com")).to be_nil
expect(User.find_by_email("bob@foo.com")).to be_nil

8
spec/components/final_destination_spec.rb
View File

@ -396,7 +396,7 @@ describe FinalDestination do
end
it "returns false for IPV6 via site settings" do
SiteSetting.blacklist_ip_blocks = '2001:abc:de::/48|2002:abc:de::/48'
SiteSetting.blocked_ip_blocks = '2001:abc:de::/48|2002:abc:de::/48'
expect(fd('https://[2001:abc:de:01:0:3f0:6a65:c2bf]').is_dest_valid?).to eq(false)
expect(fd('https://[2002:abc:de:01:0:3f0:6a65:c2bf]').is_dest_valid?).to eq(false)
expect(fd('https://internal-ipv6.com').is_dest_valid?).to eq(false)
@ -404,7 +404,7 @@ describe FinalDestination do
end
it "ignores invalid ranges" do
SiteSetting.blacklist_ip_blocks = '2001:abc:de::/48|eviltrout'
SiteSetting.blocked_ip_blocks = '2001:abc:de::/48|eviltrout'
expect(fd('https://[2001:abc:de:01:0:3f0:6a65:c2bf]').is_dest_valid?).to eq(false)
end
@ -432,8 +432,8 @@ describe FinalDestination do
expect(fd("https://cdn.example.com/some/asset").is_dest_valid?).to eq(true)
end
it 'supports whitelisting via a site setting' do
SiteSetting.whitelist_internal_hosts = 'private-host.com'
it 'supports allowlisting via a site setting' do
SiteSetting.allowed_internal_hosts = 'private-host.com'
expect(fd("https://private-host.com/some/url").is_dest_valid?).to eq(true)
end
end

18
spec/components/guardian_spec.rb
View File

@ -51,8 +51,8 @@ describe Guardian do
expect(Guardian.new(user).link_posting_access).to eq('none')
end
it "is limited for a user of a low trust level with a whitelist" do
SiteSetting.whitelisted_link_domains = 'example.com'
it "is limited for a user of a low trust level with a allowlist" do
SiteSetting.allowed_link_domains = 'example.com'
user.trust_level = 0
SiteSetting.min_trust_to_post_links = 1
expect(Guardian.new(user).link_posting_access).to eq('limited')
@ -78,9 +78,9 @@ describe Guardian do
expect(Guardian.new(user).can_post_link?(host: host)).to eq(false)
end
describe "whitelisted host" do
describe "allowlisted host" do
before do
SiteSetting.whitelisted_link_domains = host
SiteSetting.allowed_link_domains = host
end
it "allows a new user to post the link to the host" do
@ -2931,17 +2931,17 @@ describe Guardian do
let!(:theme) { Fabricate(:theme) }
let!(:theme2) { Fabricate(:theme) }
context "whitelist mode" do
context "allowlist mode" do
before do
GlobalSetting.reset_whitelisted_theme_ids!
global_setting :whitelisted_theme_repos, " https://magic.com/repo.git, https://x.com/git"
GlobalSetting.reset_allowed_theme_ids!
global_setting :allowed_theme_repos, " https://magic.com/repo.git, https://x.com/git"
end
after do
GlobalSetting.reset_whitelisted_theme_ids!
GlobalSetting.reset_allowed_theme_ids!
end
it "should respect theme whitelisting" do
it "should respect theme allowlisting" do
r = RemoteTheme.create!(remote_url: "https://magic.com/repo.git")
theme.update!(remote_theme_id: r.id)

6
spec/components/inline_oneboxer_spec.rb
View File

@ -116,7 +116,7 @@ describe InlineOneboxer do
expect(onebox[:title]).to eq("Hello 🍕 with an emoji")
end
it "will not crawl domains that aren't whitelisted" do
it "will not crawl domains that aren't allowlisted" do
onebox = InlineOneboxer.lookup("https://eviltrout.com", skip_cache: true)
expect(onebox).to be_blank
end
@ -153,8 +153,8 @@ describe InlineOneboxer do
expect(onebox[:title]).to eq(nil)
end
it "will lookup whitelisted domains" do
SiteSetting.inline_onebox_domains_whitelist = "eviltrout.com"
it "will lookup allowlisted domains" do
SiteSetting.allowed_inline_onebox_domains = "eviltrout.com"
RetrieveTitle.stubs(:crawl).returns("Evil Trout's Blog")
onebox = InlineOneboxer.lookup(

18
spec/components/middleware/anonymous_cache_spec.rb
View File

@ -215,8 +215,8 @@ describe Middleware::AnonymousCache::Helper do
@status, @response_header, @response = middleware.call(@env)
end
it "applies whitelisted_crawler_user_agents correctly" do
SiteSetting.whitelisted_crawler_user_agents = 'Googlebot'
it "applies allowed_crawler_user_agents correctly" do
SiteSetting.allowed_crawler_user_agents = 'Googlebot'
get '/', headers: {
'HTTP_USER_AGENT' => 'Googlebot/2.1 (+http://www.google.com/bot.html)'
@ -236,7 +236,7 @@ describe Middleware::AnonymousCache::Helper do
end
it "doesn't block api requests" do
SiteSetting.whitelisted_crawler_user_agents = 'Googlebot'
SiteSetting.allowed_crawler_user_agents = 'Googlebot'
api_key = Fabricate(:api_key)
get "/latest?api_key=#{api_key.key}&api_username=system", headers: {
@ -245,8 +245,8 @@ describe Middleware::AnonymousCache::Helper do
expect(@status).to eq(200)
end
it "applies blacklisted_crawler_user_agents correctly" do
SiteSetting.blacklisted_crawler_user_agents = 'Googlebot'
it "applies blocked_crawler_user_agents correctly" do
SiteSetting.blocked_crawler_user_agents = 'Googlebot'
get '/', headers: non_crawler
expect(@status).to eq(200)
@ -265,7 +265,7 @@ describe Middleware::AnonymousCache::Helper do
end
it "should never block robots.txt" do
SiteSetting.blacklisted_crawler_user_agents = 'Googlebot'
SiteSetting.blocked_crawler_user_agents = 'Googlebot'
get '/robots.txt', headers: {
'HTTP_USER_AGENT' => 'Googlebot/2.1 (+http://www.google.com/bot.html)'
@ -275,7 +275,7 @@ describe Middleware::AnonymousCache::Helper do
end
it "should never block srv/status" do
SiteSetting.blacklisted_crawler_user_agents = 'Googlebot'
SiteSetting.blocked_crawler_user_agents = 'Googlebot'
get '/srv/status', headers: {
'HTTP_USER_AGENT' => 'Googlebot/2.1 (+http://www.google.com/bot.html)'
@ -285,7 +285,7 @@ describe Middleware::AnonymousCache::Helper do
end
it "blocked crawlers shouldn't log page views" do
SiteSetting.blacklisted_crawler_user_agents = 'Googlebot'
SiteSetting.blocked_crawler_user_agents = 'Googlebot'
get '/', headers: {
'HTTP_USER_AGENT' => 'Googlebot/2.1 (+http://www.google.com/bot.html)'
@ -295,7 +295,7 @@ describe Middleware::AnonymousCache::Helper do
end
it "blocks json requests" do
SiteSetting.blacklisted_crawler_user_agents = 'Googlebot'
SiteSetting.blocked_crawler_user_agents = 'Googlebot'
get '/srv/status.json', headers: {
'HTTP_USER_AGENT' => 'Googlebot/2.1 (+http://www.google.com/bot.html)'

2
spec/components/middleware/request_tracker_spec.rb
View File

@ -343,7 +343,7 @@ describe Middleware::RequestTracker do
tracker.call(env("REQUEST_URI" => uri, "ANON_CACHE_DURATION" => 60))
expect(@data[:cache]).to eq("true")
# not whitelisted
# not allowlisted
request_params.delete("a")
expect(@env["action_dispatch.request.parameters"]).to eq(request_params)

49
spec/components/onebox/engine/allowlisted_generic_onebox_spec.rb Normal file
View File

@ -0,0 +1,49 @@
# frozen_string_literal: true
require 'rails_helper'
require 'oneboxer'
describe Onebox::Engine::AllowlistedGenericOnebox do
describe ".===" do
it "matches any domain" do
expect(described_class === URI('http://foo.bar/resource')).to be(true)
end
it "doesn't match an IP address" do
expect(described_class === URI('http://1.2.3.4/resource')).to be(false)
expect(described_class === URI('http://1.2.3.4:1234/resource')).to be(false)
end
end
it "allowlists iframes" do
allowlisted_body = '<html><head><link rel="alternate" type="application/json+oembed" href="https://allowlist.ed/iframes.json" />'
blocklisted_body = '<html><head><link rel="alternate" type="application/json+oembed" href="https://blocklist.ed/iframes.json" />'
allowlisted_oembed = {
type: "rich",
height: "100",
html: "<iframe src='https://ifram.es/foo/bar'></iframe>"
}
blocklisted_oembed = {
type: "rich",
height: "100",
html: "<iframe src='https://malicious/discourse.org/'></iframe>"
}
stub_request(:get, "https://blocklist.ed/iframes").to_return(status: 200, body: blocklisted_body)
stub_request(:get, "https://blocklist.ed/iframes.json").to_return(status: 200, body: blocklisted_oembed.to_json)
stub_request(:get, "https://allowlist.ed/iframes").to_return(status: 200, body: allowlisted_body)
stub_request(:get, "https://allowlist.ed/iframes.json").to_return(status: 200, body: allowlisted_oembed.to_json)
SiteSetting.allowed_iframes = "discourse.org|https://ifram.es"
expect(Onebox.preview("https://blocklist.ed/iframes").to_s).to be_empty
expect(Onebox.preview("https://allowlist.ed/iframes").to_s).to match("iframe src")
end
end

49
spec/components/onebox/engine/whitelisted_generic_onebox_spec.rb
View File

@ -1,49 +0,0 @@
# frozen_string_literal: true
require 'rails_helper'
require 'oneboxer'
describe Onebox::Engine::WhitelistedGenericOnebox do
describe ".===" do
it "matches any domain" do
expect(described_class === URI('http://foo.bar/resource')).to be(true)
end
it "doesn't match an IP address" do
expect(described_class === URI('http://1.2.3.4/resource')).to be(false)
expect(described_class === URI('http://1.2.3.4:1234/resource')).to be(false)
end
end
it "whitelists iframes" do
whitelisted_body = '<html><head><link rel="alternate" type="application/json+oembed" href="https://whitelist.ed/iframes.json" />'
blacklisted_body = '<html><head><link rel="alternate" type="application/json+oembed" href="https://blacklist.ed/iframes.json" />'
whitelisted_oembed = {
type: "rich",
height: "100",
html: "<iframe src='https://ifram.es/foo/bar'></iframe>"
}
blacklisted_oembed = {
type: "rich",
height: "100",
html: "<iframe src='https://malicious/discourse.org/'></iframe>"
}
stub_request(:get, "https://blacklist.ed/iframes").to_return(status: 200, body: blacklisted_body)
stub_request(:get, "https://blacklist.ed/iframes.json").to_return(status: 200, body: blacklisted_oembed.to_json)
stub_request(:get, "https://whitelist.ed/iframes").to_return(status: 200, body: whitelisted_body)
stub_request(:get, "https://whitelist.ed/iframes.json").to_return(status: 200, body: whitelisted_oembed.to_json)
SiteSetting.allowed_iframes = "discourse.org|https://ifram.es"
expect(Onebox.preview("https://blacklist.ed/iframes").to_s).to be_empty
expect(Onebox.preview("https://whitelist.ed/iframes").to_s).to match("iframe src")
end
end

6
spec/components/oneboxer_spec.rb
View File

@ -155,8 +155,8 @@ describe Oneboxer do
end
end
it "does not crawl blacklisted URLs" do
SiteSetting.onebox_domains_blacklist = "git.*.com|bitbucket.com"
it "does not crawl blocklisted URLs" do
SiteSetting.blocked_onebox_domains = "git.*.com|bitbucket.com"
url = 'https://github.com/discourse/discourse/commit/21b562852885f883be43032e03c709241e8e6d4f'
stub_request(:head, 'https://discourse.org/').to_return(status: 302, body: "", headers: { location: url })
@ -164,7 +164,7 @@ describe Oneboxer do
expect(Oneboxer.external_onebox('https://discourse.org/')[:onebox]).to be_empty
end
it "does not consider ignore_redirects domains as blacklisted" do
it "does not consider ignore_redirects domains as blocklisted" do
url = 'https://store.steampowered.com/app/271590/Grand_Theft_Auto_V/'
stub_request(:head, url).to_return(status: 200, body: "", headers: {})
stub_request(:get, url).to_return(status: 200, body: "", headers: {})

8
spec/components/pretty_text_spec.rb
View File

@ -762,7 +762,7 @@ describe PrettyText do
context 'option to preserve onebox source' do
it "should return the right excerpt" do
onebox = "<aside class=\"onebox whitelistedgeneric\">\n <header class=\"source\">\n <a href=\"https://meta.discourse.org/t/infrequent-translation-updates-in-stable-branch/31213/9\">meta.discourse.org</a>\n </header>\n <article class=\"onebox-body\">\n <img src=\"https://cdn-enterprise.discourse.org/meta/user_avatar/meta.discourse.org/gerhard/200/70381_1.png\" width=\"\" height=\"\" class=\"thumbnail\">\n\n<h3><a href=\"https://meta.discourse.org/t/infrequent-translation-updates-in-stable-branch/31213/9\">Infrequent translation updates in stable branch</a></h3>\n\n<p>Well, there's an Italian translation for \"New Topic\" in beta, it's been there since November 2014 and it works here on meta. Do you have any plugins installed? Try disabling them. I'm quite confident that it's either a plugin or a site...</p>\n\n </article>\n <div class=\"onebox-metadata\">\n \n \n </div>\n <div style=\"clear: both\"></div>\n</aside>\n\n\n"
onebox = "<aside class=\"onebox allowlistedgeneric\">\n <header class=\"source\">\n <a href=\"https://meta.discourse.org/t/infrequent-translation-updates-in-stable-branch/31213/9\">meta.discourse.org</a>\n </header>\n <article class=\"onebox-body\">\n <img src=\"https://cdn-enterprise.discourse.org/meta/user_avatar/meta.discourse.org/gerhard/200/70381_1.png\" width=\"\" height=\"\" class=\"thumbnail\">\n\n<h3><a href=\"https://meta.discourse.org/t/infrequent-translation-updates-in-stable-branch/31213/9\">Infrequent translation updates in stable branch</a></h3>\n\n<p>Well, there's an Italian translation for \"New Topic\" in beta, it's been there since November 2014 and it works here on meta. Do you have any plugins installed? Try disabling them. I'm quite confident that it's either a plugin or a site...</p>\n\n </article>\n <div class=\"onebox-metadata\">\n \n \n </div>\n <div style=\"clear: both\"></div>\n</aside>\n\n\n"
expected = "<a href=\"https://meta.discourse.org/t/infrequent-translation-updates-in-stable-branch/31213/9\">meta.discourse.org</a>"
expect(PrettyText.excerpt(onebox, 100, keep_onebox_source: true))
@ -1554,7 +1554,7 @@ HTML
end
it "can properly whitelist iframes" do
it "can properly allowlist iframes" do
SiteSetting.allowed_iframes = "https://bob.com/a|http://silly.com?EMBED="
raw = <<~IFRAMES
<iframe src='https://www.google.com/maps/Embed?testing'></iframe>
@ -1619,12 +1619,12 @@ HTML
expect(cooked).to include("data-theme-a")
end
it "whitelists lang attribute" do
it "allowlists lang attribute" do
cooked = PrettyText.cook("<p lang='fr'>tester</p><div lang='fr'>tester</div><span lang='fr'>tester</span>")
expect(cooked).to eq("<p lang=\"fr\">tester</p><div lang=\"fr\">tester</div><span lang=\"fr\">tester</span>")
end
it "whitelists ruby tags" do
it "allowlists ruby tags" do
# read all about ruby chars at: https://en.wikipedia.org/wiki/Ruby_character
# basically it is super hard to remember every single rare letter when there are
# so many, so ruby tags provide a hint.

10
spec/components/site_setting_extension_spec.rb
View File

@ -595,18 +595,18 @@ describe SiteSettingExtension do
describe "filter domain name" do
before do
settings.setting(:white_listed_spam_host_domains, "www.example.com")
settings.setting(:allowed_spam_host_domains, "www.example.com")
settings.refresh!
end
it "filters domain" do
settings.set("white_listed_spam_host_domains", "http://www.discourse.org/")
expect(settings.white_listed_spam_host_domains).to eq("www.discourse.org")
settings.set("allowed_spam_host_domains", "http://www.discourse.org/")
expect(settings.allowed_spam_host_domains).to eq("www.discourse.org")
end
it "returns invalid domain as is, without throwing exception" do
settings.set("white_listed_spam_host_domains", "test!url")
expect(settings.white_listed_spam_host_domains).to eq("test!url")
settings.set("allowed_spam_host_domains", "test!url")
expect(settings.allowed_spam_host_domains).to eq("test!url")
end
end

4
spec/components/spam_handler_spec.rb
View File

@ -48,11 +48,11 @@ describe SpamHandler do
Fabricate(:user, ip_address: "42.42.42.42", trust_level: TrustLevel[0])
end
it "doesn't limit registrations when the IP is whitelisted" do
it "doesn't limit registrations when the IP is allowlisted" do
# setup
SiteSetting.max_new_accounts_per_registration_ip = 0
Fabricate(:user, ip_address: "42.42.42.42", trust_level: TrustLevel[0])
ScreenedIpAddress.stubs(:is_whitelisted?).with("42.42.42.42").returns(true)
ScreenedIpAddress.stubs(:is_allowed?).with("42.42.42.42").returns(true)
# should not limit registration
SiteSetting.max_new_accounts_per_registration_ip = 1

6
spec/components/user_name_suggester_spec.rb
View File

@ -171,14 +171,14 @@ describe UserNameSuggester do
.to eq('য়া-য়া-য়া-য়া-য়া-য়া-য়া-য়া-য়া-য়া-য়া-য়া-য়া-য়া-য়া')
end
it "uses whitelist" do
SiteSetting.unicode_username_character_whitelist = "[äöüßÄÖÜẞ]"
it "uses allowlist" do
SiteSetting.allowed_unicode_username_characters = "[äöüßÄÖÜẞ]"
expect(UserNameSuggester.suggest('πουλί')).to eq('111')
expect(UserNameSuggester.suggest('a鳥b')).to eq('a_b')
expect(UserNameSuggester.suggest('Löwe')).to eq('Löwe')
SiteSetting.unicode_username_character_whitelist = "[য়া]"
SiteSetting.allowed_unicode_username_characters = "[য়া]"
expect(UserNameSuggester.suggest('aয়াb鳥c')).to eq('aয়াb_c')
end
end

12
spec/components/validators/email_validator_spec.rb
View File

@ -21,8 +21,8 @@ describe EmailValidator do
expect(blocks?('SAM@sam.com')).to eq(true)
end
it "blocks based on email_domains_blacklist" do
SiteSetting.email_domains_blacklist = "email.com|mail.com|e-mail.com"
it "blocks based on blocked_email_domains" do
SiteSetting.blocked_email_domains = "email.com|mail.com|e-mail.com"
expect(blocks?('sam@email.com')).to eq(true)
expect(blocks?('sam@EMAIL.com')).to eq(true)
expect(blocks?('sam@bob.email.com')).to eq(true)
@ -30,8 +30,8 @@ describe EmailValidator do
expect(blocks?('sam@googlemail.com')).to eq(false)
end
it "blocks based on email_domains_whitelist" do
SiteSetting.email_domains_whitelist = "googlemail.com|email.com"
it "blocks based on allowed_email_domains" do
SiteSetting.allowed_email_domains = "googlemail.com|email.com"
expect(blocks?('sam@email.com')).to eq(false)
expect(blocks?('sam@EMAIL.com')).to eq(false)
expect(blocks?('sam@bob.email.com')).to eq(false)
@ -49,8 +49,8 @@ describe EmailValidator do
expect(EmailValidator.can_auto_approve_user?("foobar@example.com")).to eq(true)
end
it "returns false if domain not present in email_domains_whitelist" do
SiteSetting.email_domains_whitelist = "googlemail.com"
it "returns false if domain not present in allowed_email_domains" do
SiteSetting.allowed_email_domains = "googlemail.com"
SiteSetting.auto_approve_email_domains = "example.com|googlemail.com"
expect(EmailValidator.can_auto_approve_user?("foobar@example.com")).to eq(false)

8
spec/components/validators/unicode_username_whitelist_validator_spec.rb → spec/components/validators/unicode_username_allowlist_validator_spec.rb
View File

@ -2,16 +2,16 @@
require 'rails_helper'
describe UnicodeUsernameWhitelistValidator do
describe UnicodeUsernameAllowlistValidator do
subject { described_class.new }
it "allows an empty whitelist" do
it "allows an empty allowlist" do
expect(subject.valid_value?("")).to eq(true)
expect(subject.error_message).to be_blank
end
it "disallows leading and trailing slashes" do
expected_error = I18n.t("site_settings.errors.unicode_username_whitelist.leading_trailing_slash")
expected_error = I18n.t("site_settings.errors.allowed_unicode_usernames.leading_trailing_slash")
expect(subject.valid_value?("/foo/")).to eq(false)
expect(subject.error_message).to eq(expected_error)
@ -30,7 +30,7 @@ describe UnicodeUsernameWhitelistValidator do
end
it "detects invalid regular expressions" do
expected_error = I18n.t("site_settings.errors.unicode_username_whitelist.regex_invalid", error: "")
expected_error = I18n.t("site_settings.errors.allowed_unicode_usernames.regex_invalid", error: "")
expect(subject.valid_value?("\\p{Foo}")).to eq(false)
expect(subject.error_message).to start_with(expected_error)

0
spec/fixtures/emails/auto_generated_whitelisted.eml → spec/fixtures/emails/auto_generated_allowlisted.eml vendored
View File

BIN
spec/fixtures/emails/blacklist_whitelist_email.eml → spec/fixtures/emails/blocklist_allowlist_email.eml vendored
View File

Binary file not shown.

4
spec/lib/content_security_policy_spec.rb
View File

@ -66,7 +66,7 @@ describe ContentSecurityPolicy do
expect(script_srcs).to include("'report-sample'")
end
it 'whitelists Google Analytics and Tag Manager when integrated' do
it 'allowlists Google Analytics and Tag Manager when integrated' do
SiteSetting.ga_universal_tracking_code = 'UA-12345678-9'
SiteSetting.gtm_container_id = 'GTM-ABCDEF'
@ -75,7 +75,7 @@ describe ContentSecurityPolicy do
expect(script_srcs).to include('https://www.googletagmanager.com/gtm.js')
end
it 'whitelists CDN assets when integrated' do
it 'allowlists CDN assets when integrated' do
set_cdn_url('https://cdn.com')
script_srcs = parse(policy)['script-src']

Some files were not shown because too many files have changed in this diff Show More