* (bug 27768) Make it possible to restrict use of RSS tags

Added URL whitelist to configuration

If there are items in the array, and the used URL isn't in the array, it will not be allowed

RSS.i18n.php

@@ -19,6 +19,7 @@ $messages['en'] = array(
 	'rss-invalid-url' => 'Not a valid URL: $1',
 	'rss-parse-error' => 'Error parsing XML for RSS',
 	'rss-ns-permission' => 'RSS is not allowed in this namespace',
+	'rss-url-permission' => 'This URL is not allowed to be included',
 	'rss-item' => '{{$1 | title = {{{title}}} | link = {{{link}}} | date = {{{date}}} | author = {{{author}}} }}',
 );
 

RSS.php

@@ -59,8 +59,10 @@ $wgRSSNamespaces = null;    // Ignore the RSS tag in all but the namespaces list
 						    // null (the default) means the <rss> tag can be used
 						    // anywhere.
 
+$wgRSSAllowedFeeds = array();
+
 // Agent to use for fetching feeds
 $wgRSSUserAgent = 'MediaWikiRSS/0.02 (+http://www.mediawiki.org/wiki/Extension:RSS) / MediaWiki RSS extension';
 
 // Proxy server to use for fetching feeds
-$wgRSSProxy = false;
+$wgRSSProxy = false;

RSSHooks.php

@@ -20,7 +20,7 @@ class RSSHooks {
 	 * @param $frame Frame parser context
 	 */
 	static function renderRss( $input, $args, $parser, $frame ) {
-		global $wgRSSCacheAge, $wgRSSCacheCompare, $wgRSSNamespaces;
+		global $wgRSSCacheAge, $wgRSSCacheCompare, $wgRSSNamespaces, $wgRSSAllowedFeeds;
 
 		if ( is_array( $wgRSSNamespaces ) && count( $wgRSSNamespaces ) ) {
 			$ns = $parser->getTitle()->getNamespace();
@@ -31,6 +31,10 @@ class RSSHooks {
 			}
 		}
 
+		if ( count( $wgRSSAllowedFeeds ) && !in_array( $input, $wgRSSAllowedFeeds ) ) {
+			return wfMsg( 'rss-url-permission ' );
+		}
+
 		if ( !Http::isValidURI( $input ) ) {
 			return wfMsg( 'rss-invalid-url', htmlspecialchars( $input ) );
 		}