diff --git a/RELEASE-NOTES-1.42 b/RELEASE-NOTES-1.42
index 34a8189ca94..8208ae14161 100644
--- a/RELEASE-NOTES-1.42
+++ b/RELEASE-NOTES-1.42
@@ -58,6 +58,8 @@ For notes on 1.41.x and older releases, see HISTORY.
No longer customizable.
* $wgSquidPurgeUseHostHeader, deprecated since 1.33, has been removed.
No longer customizable and always true.
+* $wgAllowImageTag, deprecated since 1.35, has been removed.
+ Register an extension tag named ![]()
instead.
* …
=== New user-facing features in 1.42 ===
diff --git a/docs/config-schema.yaml b/docs/config-schema.yaml
index 6de95603a59..4a872fef20a 100644
--- a/docs/config-schema.yaml
+++ b/docs/config-schema.yaml
@@ -4154,17 +4154,6 @@ config-schema:
Set this to true to enable the on-wiki allow list (MediaWiki:External image whitelist)
Or false to disable it
@since 1.14
- AllowImageTag:
- default: false
- deprecated: 'since 1.35; register an extension tag named ![]()
instead.'
- description: |-
- A different approach to the above: simply allow the "![]()
" tag to be used.
- This allows you to specify alt text and other attributes, copy-paste HTML to
- your wiki more easily, etc. However, allowing external images in any manner
- will allow anyone with editing rights to snoop on your visitors' IP
- addresses and so forth, if they wanted to, by inserting links to images on
- sites they control.
- @deprecated since 1.35; register an extension tag named ![]()
instead.
TidyConfig:
default: { }
type: object
diff --git a/docs/config-vars.php b/docs/config-vars.php
index 8fcce3a8ff7..ce3e6192388 100644
--- a/docs/config-vars.php
+++ b/docs/config-vars.php
@@ -2337,13 +2337,6 @@ $wgAllowExternalImagesFrom = null;
*/
$wgEnableImageWhitelist = null;
-/**
- * Config variable stub for the AllowImageTag setting, for use by phpdoc and IDEs.
- * @see MediaWiki\MainConfigSchema::AllowImageTag
- * @deprecated since 1.35; register an extension tag named ![]()
instead.
- */
-$wgAllowImageTag = null;
-
/**
* Config variable stub for the TidyConfig setting, for use by phpdoc and IDEs.
* @see MediaWiki\MainConfigSchema::TidyConfig
diff --git a/includes/MainConfigNames.php b/includes/MainConfigNames.php
index 5d6653ada62..e87fccb52be 100644
--- a/includes/MainConfigNames.php
+++ b/includes/MainConfigNames.php
@@ -2352,13 +2352,6 @@ class MainConfigNames {
*/
public const EnableImageWhitelist = 'EnableImageWhitelist';
- /**
- * Name constant for the AllowImageTag setting, for use with Config::get()
- * @see MainConfigSchema::AllowImageTag
- * @deprecated since 1.35; register an extension tag named ![]()
instead.
- */
- public const AllowImageTag = 'AllowImageTag';
-
/**
* Name constant for the TidyConfig setting, for use with Config::get()
* @see MainConfigSchema::TidyConfig
diff --git a/includes/MainConfigSchema.php b/includes/MainConfigSchema.php
index c38fae9dbb5..e133d56a504 100644
--- a/includes/MainConfigSchema.php
+++ b/includes/MainConfigSchema.php
@@ -6499,22 +6499,6 @@ class MainConfigSchema {
'default' => false,
];
- /**
- * A different approach to the above: simply allow the "![]()
" tag to be used.
- *
- * This allows you to specify alt text and other attributes, copy-paste HTML to
- * your wiki more easily, etc. However, allowing external images in any manner
- * will allow anyone with editing rights to snoop on your visitors' IP
- * addresses and so forth, if they wanted to, by inserting links to images on
- * sites they control.
- *
- * @deprecated since 1.35; register an extension tag named ![]()
instead.
- */
- public const AllowImageTag = [
- 'default' => false,
- 'deprecated' => 'since 1.35; register an extension tag named ![]()
instead.',
- ];
-
/**
* Configuration for HTML postprocessing tool. Set this to a configuration
* array to enable an external tool. By default, we now use the RemexHtml
diff --git a/includes/Request/ContentSecurityPolicy.php b/includes/Request/ContentSecurityPolicy.php
index b71536d0d4b..51638bf5781 100644
--- a/includes/Request/ContentSecurityPolicy.php
+++ b/includes/Request/ContentSecurityPolicy.php
@@ -246,7 +246,6 @@ class ContentSecurityPolicy {
// CSP puts on external images.
if ( $mwConfig->get( MainConfigNames::AllowExternalImages )
|| $mwConfig->get( MainConfigNames::AllowExternalImagesFrom )
- || $mwConfig->get( MainConfigNames::AllowImageTag )
) {
$imgSrc = [ '*', 'data:', 'blob:' ];
} elseif ( $mwConfig->get( MainConfigNames::EnableImageWhitelist ) ) {
diff --git a/includes/config-schema.php b/includes/config-schema.php
index c310d26a105..6c8cf7ab632 100644
--- a/includes/config-schema.php
+++ b/includes/config-schema.php
@@ -794,7 +794,6 @@ return [
'AllowExternalImages' => false,
'AllowExternalImagesFrom' => '',
'EnableImageWhitelist' => false,
- 'AllowImageTag' => false,
'TidyConfig' => [
],
'ParsoidSettings' => [
@@ -3277,9 +3276,6 @@ return [
'LegalTitleChars' => [
'deprecated' => 'since 1.41; use Extension:TitleBlacklist to customize',
],
- 'AllowImageTag' => [
- 'deprecated' => 'since 1.35; register an extension tag named ![]()
instead.',
- ],
'ParserEnableLegacyMediaDOM' => [
'deprecated' => 'since 1.41',
],
diff --git a/includes/parser/Sanitizer.php b/includes/parser/Sanitizer.php
index 3d94968a802..d3937ada72b 100644
--- a/includes/parser/Sanitizer.php
+++ b/includes/parser/Sanitizer.php
@@ -153,10 +153,9 @@ class Sanitizer {
* @internal
*/
public static function getRecognizedTagData( array $extratags = [], array $removetags = [] ): array {
- global $wgAllowImageTag;
static $commonCase, $staticInitialised;
$isCommonCase = ( $extratags === [] && $removetags === [] );
- if ( $staticInitialised === $wgAllowImageTag && $isCommonCase && $commonCase ) {
+ if ( $staticInitialised === false && $isCommonCase && $commonCase ) {
return $commonCase;
}
@@ -165,8 +164,7 @@ class Sanitizer {
// Base our staticInitialised variable off of the global config state so that if the globals
// are changed (like in the screwed up test system) we will re-initialise the settings.
- $globalContext = $wgAllowImageTag;
- if ( !$staticInitialised || $staticInitialised !== $globalContext ) {
+ if ( !$staticInitialised ) {
$htmlpairsStatic = [ # Tags that must be closed
'b', 'bdi', 'del', 'i', 'ins', 'u', 'font', 'big', 'small', 'sub', 'sup', 'h1',
'h2', 'h3', 'h4', 'h5', 'h6', 'cite', 'code', 'em', 's',
@@ -206,13 +204,6 @@ class Sanitizer {
'li',
];
- if ( $wgAllowImageTag ) {
- wfDeprecatedMsg( 'Setting $wgAllowImageTag to true ' .
- 'is deprecated since MediaWiki 1.35', '1.35', false, false );
- $htmlsingle[] = 'img';
- $htmlsingleonly[] = 'img';
- }
-
$htmlsingleallowed = array_unique( array_merge( $htmlsingle, $tabletags ) );
$htmlelementsStatic = array_unique( array_merge( $htmlsingle, $htmlpairsStatic, $htmlnest ) );
@@ -222,15 +213,13 @@ class Sanitizer {
foreach ( $vars as $var ) {
$$var = array_fill_keys( $$var, true );
}
- $staticInitialised = $globalContext;
+ $staticInitialised = false;
}
# Populate $htmlpairs and $htmlelements with the $extratags and $removetags arrays
$extratags = array_fill_keys( $extratags, true );
$removetags = array_fill_keys( $removetags, true );
- // @phan-suppress-next-line PhanTypeMismatchArgumentNullableInternal The static var is always set
$htmlpairs = array_merge( $extratags, $htmlpairsStatic );
- // @phan-suppress-next-line PhanTypeMismatchArgumentNullableInternal The static var is always set
$htmlelements = array_diff_key( array_merge( $extratags, $htmlelementsStatic ), $removetags );
$result = [
@@ -1572,8 +1561,7 @@ class Sanitizer {
# 13.2
# Not usually allowed, but may be used for extension-style hooks
- # such as