* $wgAllowExternalImagesFrom may now be an array of multiple strings.

* Added an on-wiki external image whitelist. Items in this whitelist are
  treated as regular expression fragments to match for when possibly
  displaying an external image inline. Controlled by $wgEnableImageWhitelist
  (true by default)

RELEASE-NOTES

@@ -43,7 +43,10 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
 * Editing the MediaWiki namespace is now unconditionally restricted to people 
   with the editinterface right, configuring this in $wgNamespaceProtection 
   is not required.
-
+* $wgAllowExternalImagesFrom may now be an array of multiple strings.
+* Introduced $wgEnableImageWhitelist to toggle the on-wiki external image
+  whitelist on or off.
+  
 === New features in 1.14 ===
 
 * New URL syntaxes for Special:ListUsers - 'Special:ListUsers/USER' and
@@ -106,6 +109,9 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
 * (bug 11884) Now support Flash EXIF attribute
 * Show thumbnails in the file history list, patch by User:Agbad
 * Added support of piped wikilinks using double-width brackets
+* Added an on-wiki external image whitelist. Items in this whitelist are
+  treated as regular expression fragments to match for when possibly
+  displaying an external image inline.
 
 === Bug fixes in 1.14 ===
 

includes/DefaultSettings.php

@@ -1583,12 +1583,24 @@ $wgAllowExternalImages = false;
 /** If the above is false, you can specify an exception here. Image URLs
   * that start with this string are then rendered, while all others are not.
   * You can use this to set up a trusted, simple repository of images.
+  * You may also specify an array of strings to allow multiple sites
   *
-  * Example:
+  * Examples:
   * $wgAllowExternalImagesFrom = 'http://127.0.0.1/';
+  * $wgAllowExternalImagesFrom = array( 'http://127.0.0.1/', 'http://example.com' );
   */
 $wgAllowExternalImagesFrom = '';
 
+/** If $wgAllowExternalImages is false, you can allow an on-wiki
+ * whitelist of regular expression fragments to match the image URL
+ * against. If the image matches one of the regular expression fragments,
+ * The image will be displayed.
+ *
+ * Set this to true to enable the on-wiki whitelist (MediaWiki:External image whitelist)
+ * Or false to disable it
+ */
+$wgEnableImageWhitelist = true;
+ 
 /** Allows to move images and other media files. Experemintal, not sure if it always works */
 $wgAllowImageMoving = false;
 

includes/parser/Parser.php

@@ -1442,7 +1442,7 @@ class Parser
 
 	/**
 	 * make an image if it's allowed, either through the global
-	 * option or through the exception
+	 * option, through the exception, or through the on-wiki whitelist
 	 * @private
 	 */
 	function maybeMakeExternalImage( $url ) {
@@ -1450,13 +1450,41 @@ class Parser
 		$imagesfrom = $this->mOptions->getAllowExternalImagesFrom();
 		$imagesexception = !empty($imagesfrom);
 		$text = false;
+		# $imagesfrom could be either a single string or an array of strings, parse out the latter
+		if( $imagesexception && is_array( $imagesfrom ) ) {
+			$imagematch = false;
+			foreach( $imagesfrom as $match ) {
+				if( strpos( $url, $match ) === 0 ) {
+					$imagematch = true;
+					break;
+				}
+			}
+		} elseif( $imagesexception ) {
+			$imagematch = (strpos( $url, $imagesfrom ) === 0);
+		} else {
+			$imagematch = false;
+		}
 		if ( $this->mOptions->getAllowExternalImages()
-		     || ( $imagesexception && strpos( $url, $imagesfrom ) === 0 ) ) {
+		     || ( $imagesexception && $imagematch ) ) {
 			if ( preg_match( self::EXT_IMAGE_REGEX, $url ) ) {
 				# Image found
 				$text = $sk->makeExternalImage( $url );
 			}
 		}
+		if( !$text && $this->mOptions->getEnableImageWhitelist()
+			 && preg_match( self::EXT_IMAGE_REGEX, $url ) ) {
+			$whitelist = explode( "\n", wfMsgForContent( 'external_image_whitelist' ) );
+			foreach( $whitelist as $entry ) {
+				# Sanitize the regex fragment, make it case-insensitive, ignore blank entries/comments
+				if( strpos( $entry, '#' ) === 0 || $entry === '' )
+					continue;
+				if( preg_match( '/' . str_replace( '/', '\\/', $entry ) . '/i', $url ) ) {
+					# Image matches a whitelist entry
+					$text = $sk->makeExternalImage( $url );
+					break;
+				}
+			}
+		}
 		return $text;
 	}
 

includes/parser/ParserOptions.php

@@ -13,6 +13,7 @@ class ParserOptions
 	var $mInterwikiMagic;            # Interlanguage links are removed and returned in an array
 	var $mAllowExternalImages;       # Allow external images inline
 	var $mAllowExternalImagesFrom;   # If not, any exception?
+	var $mEnableImageWhitelist;      # If not or it doesn't match, should we check an on-wiki whitelist?
 	var $mSkin;                      # Reference to the preferred skin
 	var $mDateFormat;                # Date format index
 	var $mEditSection;               # Create "edit section" links
@@ -37,6 +38,7 @@ class ParserOptions
 	function getInterwikiMagic()                { return $this->mInterwikiMagic; }
 	function getAllowExternalImages()           { return $this->mAllowExternalImages; }
 	function getAllowExternalImagesFrom()       { return $this->mAllowExternalImagesFrom; }
+	function getEnableImageWhitelist()          { return $this->mEnableImageWhitelist; }
 	function getEditSection()                   { return $this->mEditSection; }
 	function getNumberHeadings()                { return $this->mNumberHeadings; }
 	function getAllowSpecialInclusion()         { return $this->mAllowSpecialInclusion; }
@@ -77,6 +79,7 @@ class ParserOptions
 	function setInterwikiMagic( $x )            { return wfSetVar( $this->mInterwikiMagic, $x ); }
 	function setAllowExternalImages( $x )       { return wfSetVar( $this->mAllowExternalImages, $x ); }
 	function setAllowExternalImagesFrom( $x )   { return wfSetVar( $this->mAllowExternalImagesFrom, $x ); }
+	function setEnableImageWhitelist( $x )      { return wfSetVar( $this->mEnableImageWhitelist, $x ); }
 	function setDateFormat( $x )                { return wfSetVar( $this->mDateFormat, $x ); }
 	function setEditSection( $x )               { return wfSetVar( $this->mEditSection, $x ); }
 	function setNumberHeadings( $x )            { return wfSetVar( $this->mNumberHeadings, $x ); }
@@ -109,7 +112,7 @@ class ParserOptions
 	/** Get user options */
 	function initialiseFromUser( $userInput ) {
 		global $wgUseTeX, $wgUseDynamicDates, $wgInterwikiMagic, $wgAllowExternalImages;
-		global $wgAllowExternalImagesFrom, $wgAllowSpecialInclusion, $wgMaxArticleSize;
+		global $wgAllowExternalImagesFrom, $wgEnableImageWhitelist, $wgAllowSpecialInclusion, $wgMaxArticleSize;
 		global $wgMaxPPNodeCount, $wgMaxTemplateDepth, $wgMaxPPExpandDepth, $wgCleanSignatures;
 		$fname = 'ParserOptions::initialiseFromUser';
 		wfProfileIn( $fname );
@@ -131,6 +134,7 @@ class ParserOptions
 		$this->mInterwikiMagic = $wgInterwikiMagic;
 		$this->mAllowExternalImages = $wgAllowExternalImages;
 		$this->mAllowExternalImagesFrom = $wgAllowExternalImagesFrom;
+		$this->mEnableImageWhitelist = $wgEnableImageWhitelist;
 		$this->mSkin = null; # Deferred
 		$this->mDateFormat = null; # Deferred
 		$this->mEditSection = true;

languages/messages/MessagesEn.php

@@ -3588,4 +3588,13 @@ Enter the filename without the "{{ns:image}}:" prefix.',
 'blankpage'              => 'Blank page',
 'intentionallyblankpage' => 'This page is intentionally left blank',
 
+# External image whitelist
+'external_image_whitelist' => ' #Leave this line exactly as it is<pre>
+#Put regular expression fragments (just the part that goes between the //) below
+#These will be matched with the URLs of external (hotlinked) images
+#Those that match will be displayed as images, otherwise only a link to the image will be shown
+#Lines beginning with # are treated as comments
+
+#Put all regex fragments above this line. Leave this line exactly as it is</pre>',
+
 );