FIX: use allowlist and blocklist terminology (#10209)

This is a PR of the renaming whitelist to allowlist and blacklist to the blocklist.

lib/auth/github_authenticator.rb

@@ -113,8 +113,8 @@ class Auth::GithubAuthenticator < Auth::Authenticator
       end
 
       # If we *still* don't have a user, check to see if there's an email that
-      # passes validation (this includes whitelist/blacklist filtering if any is
-      # configured).  When no whitelist/blacklist is in play, this will simply
+      # passes validation (this includes allowlist/blocklist filtering if any is
+      # configured).  When no allowlist/blocklist is in play, this will simply
       # choose the primary email since it's at the front of the list.
       if !user
         validator = EmailValidator.new(attributes: :email)

lib/cooked_post_processor.rb

@@ -592,7 +592,7 @@ class CookedPostProcessor
           found = false
           parent = img
           while parent = parent.parent
-            if parent["class"] && parent["class"].include?("whitelistedgeneric")
+            if parent["class"] && parent["class"].include?("allowlistedgeneric")
               found = true
               break
             end

lib/crawler_detection.rb

@@ -39,18 +39,18 @@ module CrawlerDetection
 
   # Given a user_agent that returns true from crawler?, should its request be allowed?
   def self.allow_crawler?(user_agent)
-    return true if SiteSetting.whitelisted_crawler_user_agents.blank? &&
-      SiteSetting.blacklisted_crawler_user_agents.blank?
+    return true if SiteSetting.allowed_crawler_user_agents.blank? &&
+      SiteSetting.blocked_crawler_user_agents.blank?
 
-    @whitelisted_matchers ||= {}
-    @blacklisted_matchers ||= {}
+    @allowlisted_matchers ||= {}
+    @blocklisted_matchers ||= {}
 
-    if SiteSetting.whitelisted_crawler_user_agents.present?
-      whitelisted = @whitelisted_matchers[SiteSetting.whitelisted_crawler_user_agents] ||= to_matcher(SiteSetting.whitelisted_crawler_user_agents)
-      !user_agent.nil? && user_agent.match?(whitelisted)
+    if SiteSetting.allowed_crawler_user_agents.present?
+      allowlisted = @allowlisted_matchers[SiteSetting.allowed_crawler_user_agents] ||= to_matcher(SiteSetting.allowed_crawler_user_agents)
+      !user_agent.nil? && user_agent.match?(allowlisted)
     else
-      blacklisted = @blacklisted_matchers[SiteSetting.blacklisted_crawler_user_agents] ||= to_matcher(SiteSetting.blacklisted_crawler_user_agents)
-      user_agent.nil? || !user_agent.match?(blacklisted)
+      blocklisted = @blocklisted_matchers[SiteSetting.blocked_crawler_user_agents] ||= to_matcher(SiteSetting.blocked_crawler_user_agents)
+      user_agent.nil? || !user_agent.match?(blocklisted)
     end
   end
 

lib/email/receiver.rb

@@ -62,7 +62,7 @@ module Email
     end
 
     def process!
-      return if is_blacklisted?
+      return if is_blocked?
       id_hash = Digest::SHA1.hexdigest(@message_id)
       DistributedMutex.synchronize("process_email_#{id_hash}") do
         begin
@@ -105,7 +105,7 @@ module Email
       end
     end
 
-    def is_blacklisted?
+    def is_blocked?
       return false if SiteSetting.ignore_by_title.blank?
       Regexp.new(SiteSetting.ignore_by_title, Regexp::IGNORECASE) =~ @mail.subject
     end
@@ -289,7 +289,7 @@ module Email
     end
 
     def is_auto_generated?
-      return false if SiteSetting.auto_generated_whitelist.split('|').include?(@from_email)
+      return false if SiteSetting.auto_generated_allowlist.split('|').include?(@from_email)
       @mail[:precedence].to_s[/list|junk|bulk|auto_reply/i] ||
       @mail[:from].to_s[/(mailer[\-_]?daemon|post[\-_]?master|no[\-_]?reply)@/i] ||
       @mail[:subject].to_s[/^\s*(Auto:|Automatic reply|Autosvar|Automatisk svar|Automatisch antwoord|Abwesenheitsnotiz|Risposta Non al computer|Automatisch antwoord|Auto Response|Respuesta automática|Fuori sede|Out of Office|Frånvaro|Réponse automatique)/i] ||
@@ -1009,18 +1009,18 @@ module Email
       raise InvalidPostAction.new if result.failed? && result.forbidden
     end
 
-    def is_whitelisted_attachment?(attachment)
-      attachment.content_type !~ SiteSetting.attachment_content_type_blacklist_regex &&
-      attachment.filename !~ SiteSetting.attachment_filename_blacklist_regex
+    def is_allowed?(attachment)
+      attachment.content_type !~ SiteSetting.blocked_attachment_content_types_regex &&
+      attachment.filename !~ SiteSetting.blocked_attachment_filenames_regex
     end
 
     def attachments
       @attachments ||= begin
-        attachments = @mail.attachments.select { |attachment| is_whitelisted_attachment?(attachment) }
-        attachments << @mail if @mail.attachment? && is_whitelisted_attachment?(@mail)
+        attachments = @mail.attachments.select { |attachment| is_allowed?(attachment) }
+        attachments << @mail if @mail.attachment? && is_allowed?(@mail)
 
         @mail.parts.each do |part|
-          attachments << part if part.attachment? && is_whitelisted_attachment?(part)
+          attachments << part if part.attachment? && is_allowed?(part)
         end
 
         attachments.uniq!

lib/email/styles.rb

@@ -152,7 +152,7 @@ module Email
       # iframes can't go in emails, so replace them with clickable links
       @fragment.css('iframe').each do |i|
         begin
-          # sometimes, iframes are blacklisted...
+          # sometimes, iframes are blocklisted...
           if i["src"].blank?
             i.remove
             next

lib/final_destination.rb

@@ -284,13 +284,13 @@ class FinalDestination
   def is_dest_valid?
     return false unless @uri && @uri.host
 
-    # Whitelisted hosts
+    # Allowlisted hosts
     return true if hostname_matches?(SiteSetting.Upload.s3_cdn_url) ||
       hostname_matches?(GlobalSetting.try(:cdn_url)) ||
       hostname_matches?(Discourse.base_url_no_prefix)
 
-    if SiteSetting.whitelist_internal_hosts.present?
-      return true if SiteSetting.whitelist_internal_hosts.split("|").any? { |h| h.downcase == @uri.hostname.downcase }
+    if SiteSetting.allowed_internal_hosts.present?
+      return true if SiteSetting.allowed_internal_hosts.split("|").any? { |h| h.downcase == @uri.hostname.downcase }
     end
 
     address_s = @opts[:lookup_ip].call(@uri.hostname)
@@ -320,7 +320,7 @@ class FinalDestination
 
   def private_ranges
     FinalDestination.standard_private_ranges +
-      SiteSetting.blacklist_ip_blocks.split('|').map { |r| IPAddr.new(r) rescue nil }.compact
+      SiteSetting.blocked_ip_blocks.split('|').map { |r| IPAddr.new(r) rescue nil }.compact
   end
 
   def log(log_level, message)

lib/flag_query.rb

@@ -137,7 +137,7 @@ module FlagQuery
 
     guardian = Guardian.new(current_user)
     users = User.includes(:user_stat).where(id: user_ids.to_a).to_a
-    User.preload_custom_fields(users, User.whitelisted_user_custom_fields(guardian))
+    User.preload_custom_fields(users, User.allowed_user_custom_fields(guardian))
 
     [
       posts,

lib/guardian.rb

@@ -477,9 +477,9 @@ class Guardian
   def allowed_theme_repo_import?(repo)
     return false if !@user.admin?
 
-    whitelisted_repos = GlobalSetting.whitelisted_theme_repos
-    if !whitelisted_repos.blank?
-      urls = whitelisted_repos.split(",").map(&:strip)
+    allowed_repos = GlobalSetting.allowed_theme_repos
+    if !allowed_repos.blank?
+      urls = allowed_repos.split(",").map(&:strip)
       return urls.include?(repo)
     end
 
@@ -489,8 +489,8 @@ class Guardian
   def allow_themes?(theme_ids, include_preview: false)
     return true if theme_ids.blank?
 
-    if whitelisted_theme_ids = GlobalSetting.whitelisted_theme_ids
-      if (theme_ids - whitelisted_theme_ids).present?
+    if allowed_theme_ids = GlobalSetting.allowed_theme_ids
+      if (theme_ids - allowed_theme_ids).present?
         return false
       end
     end

lib/guardian/post_guardian.rb

@@ -10,7 +10,7 @@ module PostGuardian
   def link_posting_access
     if unrestricted_link_posting?
       'full'
-    elsif SiteSetting.whitelisted_link_domains.present?
+    elsif SiteSetting.allowed_link_domains.present?
       'limited'
     else
       'none'
@@ -21,7 +21,7 @@ module PostGuardian
     return false if host.blank?
 
     unrestricted_link_posting? ||
-      SiteSetting.whitelisted_link_domains.split('|').include?(host)
+      SiteSetting.allowed_link_domains.split('|').include?(host)
   end
 
   # Can the user act on the post in a particular way.

lib/inline_oneboxer.rb

@@ -42,7 +42,7 @@ class InlineOneboxer
     end
 
     always_allow = SiteSetting.enable_inline_onebox_on_all_domains
-    domains = SiteSetting.inline_onebox_domains_whitelist&.split('|') unless always_allow
+    domains = SiteSetting.allowed_inline_onebox_domains&.split('|') unless always_allow
 
     if always_allow || domains
       uri = begin

lib/onebox/engine/allowlisted_generic_onebox.rb

@@ -4,9 +4,9 @@ require "ipaddr"
 
 module Onebox
   module Engine
-    class WhitelistedGenericOnebox
+    class AllowlistedGenericOnebox
 
-      # overwrite the whitelist
+      # overwrite the allowlist
       def self.===(other)
         other.is_a?(URI) ? (IPAddr.new(other.hostname) rescue nil).nil? : true
       end
@@ -18,10 +18,10 @@ module Onebox
 
       private
 
-      # overwrite to whitelist iframes
+      # overwrite to allowlist iframes
       def is_embedded?
         return false unless data[:html] && data[:height]
-        return true if WhitelistedGenericOnebox.html_providers.include?(data[:provider_name])
+        return true if AllowlistedGenericOnebox.html_providers.include?(data[:provider_name])
 
         if data[:html]["iframe"]
           fragment = Nokogiri::HTML5::fragment(data[:html])

lib/oneboxer.rb

@@ -292,8 +292,8 @@ module Oneboxer
     end
   end
 
-  def self.blacklisted_domains
-    SiteSetting.onebox_domains_blacklist.split("|")
+  def self.blocked_domains
+    SiteSetting.blocked_onebox_domains.split("|")
   end
 
   def self.preserve_fragment_url_hosts
@@ -304,12 +304,12 @@ module Oneboxer
     Discourse.cache.fetch(onebox_cache_key(url), expires_in: 1.day) do
       fd = FinalDestination.new(url,
                               ignore_redirects: ignore_redirects,
-                              ignore_hostnames: blacklisted_domains,
+                              ignore_hostnames: blocked_domains,
                               force_get_hosts: force_get_hosts,
                               force_custom_user_agent_hosts: force_custom_user_agent_hosts,
                               preserve_fragment_url_hosts: preserve_fragment_url_hosts)
       uri = fd.resolve
-      return blank_onebox if uri.blank? || blacklisted_domains.map { |hostname| uri.hostname.match?(hostname) }.any?
+      return blank_onebox if uri.blank? || blocked_domains.map { |hostname| uri.hostname.match?(hostname) }.any?
 
       options = {
         max_width: 695,

lib/plugin/instance.rb

@@ -161,10 +161,20 @@ class Plugin::Instance
   end
 
   def whitelist_staff_user_custom_field(field)
+    Discourse.deprecate("whitelist_staff_user_custom_field is deprecated, use the allow_staff_user_custom_field.", drop_from: "2.6")
+    allow_staff_user_custom_field(field)
+  end
+
+  def allow_staff_user_custom_field(field)
     DiscoursePluginRegistry.register_staff_user_custom_field(field, self)
   end
 
   def whitelist_public_user_custom_field(field)
+    Discourse.deprecate("whitelist_public_user_custom_field is deprecated, use the allow_public_user_custom_field.", drop_from: "2.6")
+    allow_public_user_custom_field(field)
+  end
+
+  def allow_public_user_custom_field(field)
     DiscoursePluginRegistry.register_public_user_custom_field(field, self)
   end
 
@@ -256,10 +266,15 @@ class Plugin::Instance
     end
   end
 
-  # Add a post_custom_fields_whitelister block to the TopicView, respecting if the plugin is enabled
   def topic_view_post_custom_fields_whitelister(&block)
+    Discourse.deprecate("topic_view_post_custom_fields_whitelister is deprecated, use the topic_view_post_custom_fields_allowlister.", drop_from: "2.6")
+    topic_view_post_custom_fields_allowlister(&block)
+  end
+
+  # Add a post_custom_fields_allowlister block to the TopicView, respecting if the plugin is enabled
+  def topic_view_post_custom_fields_allowlister(&block)
     reloadable_patch do |plugin|
-      ::TopicView.add_post_custom_fields_whitelister do |user|
+      ::TopicView.add_post_custom_fields_allowlister do |user|
         plugin.enabled? ? block.call(user) : []
       end
     end

lib/pretty_text.rb

@@ -284,10 +284,10 @@ module PrettyText
   end
 
   def self.add_rel_nofollow_to_user_content(doc)
-    whitelist = []
+    allowlist = []
 
     domains = SiteSetting.exclude_rel_nofollow_domains
-    whitelist = domains.split('|') if domains.present?
+    allowlist = domains.split('|') if domains.present?
 
     site_uri = nil
     doc.css("a").each do |l|
@@ -299,7 +299,7 @@ module PrettyText
         if !uri.host.present? ||
            uri.host == site_uri.host ||
            uri.host.ends_with?(".#{site_uri.host}") ||
-           whitelist.any? { |u| uri.host == u || uri.host.ends_with?(".#{u}") }
+           allowlist.any? { |u| uri.host == u || uri.host.ends_with?(".#{u}") }
           # we are good no need for nofollow
           l.remove_attribute("rel")
         else

lib/site_setting_extension.rb

@@ -378,8 +378,8 @@ module SiteSettingExtension
   end
 
   HOSTNAME_SETTINGS ||= %w{
-    disabled_image_download_domains onebox_domains_blacklist exclude_rel_nofollow_domains
-    email_domains_blacklist email_domains_whitelist white_listed_spam_host_domains
+    disabled_image_download_domains blocked_onebox_domains exclude_rel_nofollow_domains
+    blocked_email_domains allowed_email_domains allowed_spam_host_domains
   }
 
   def filter_value(name, value)

lib/spam_handler.rb

@@ -17,8 +17,8 @@ class SpamHandler
 
     return false if staff_members_with_same_ip > 0
 
-    ip_whitelisted = ScreenedIpAddress.is_whitelisted?(ip_address)
-    return false if ip_whitelisted
+    allowed_ip = ScreenedIpAddress.is_allowed?(ip_address)
+    return false if allowed_ip
 
     tl0_accounts_with_same_ip = User.unscoped
       .where(trust_level: TrustLevel[0])

lib/tasks/typepad.thor

@@ -13,7 +13,7 @@ class Typepad < Thor
     require './config/environment'
 
     backup_settings = {}
-    %w(email_domains_blacklist).each do |s|
+    %w(blocked_email_domains).each do |s|
       backup_settings[s] = SiteSetting.get(s)
     end
 
@@ -53,7 +53,7 @@ class Typepad < Thor
     end
 
     RateLimiter.disable
-    SiteSetting.email_domains_blacklist = ""
+    SiteSetting.blocked_email_domains = ""
 
     puts "Importing #{entries.size} entries"
 

lib/topic_view.rb

@@ -38,16 +38,16 @@ class TopicView
     @default_post_custom_fields ||= [Post::NOTICE_TYPE, Post::NOTICE_ARGS, "action_code_who"]
   end
 
-  def self.post_custom_fields_whitelisters
-    @post_custom_fields_whitelisters ||= Set.new
+  def self.post_custom_fields_allowlisters
+    @post_custom_fields_allowlisters ||= Set.new
   end
 
-  def self.add_post_custom_fields_whitelister(&block)
-    post_custom_fields_whitelisters << block
+  def self.add_post_custom_fields_allowlister(&block)
+    post_custom_fields_allowlisters << block
   end
 
-  def self.whitelisted_post_custom_fields(user)
-    wpcf = default_post_custom_fields + post_custom_fields_whitelisters.map { |w| w.call(user) }
+  def self.allowed_post_custom_fields(user)
+    wpcf = default_post_custom_fields + post_custom_fields_allowlisters.map { |w| w.call(user) }
     wpcf.flatten.uniq
   end
 
@@ -87,12 +87,12 @@ class TopicView
     filter_posts(options)
 
     if @posts && !@skip_custom_fields
-      if (added_fields = User.whitelisted_user_custom_fields(@guardian)).present?
+      if (added_fields = User.allowed_user_custom_fields(@guardian)).present?
         @user_custom_fields = User.custom_fields_for_ids(@posts.pluck(:user_id), added_fields)
       end
 
-      if (whitelisted_fields = TopicView.whitelisted_post_custom_fields(@user)).present?
-        @post_custom_fields = Post.custom_fields_for_ids(@posts.pluck(:id), whitelisted_fields)
+      if (allowed_fields = TopicView.allowed_post_custom_fields(@user)).present?
+        @post_custom_fields = Post.custom_fields_for_ids(@posts.pluck(:id), allowed_fields)
       end
     end
 

lib/upload_creator.rb

@@ -51,7 +51,7 @@ class UploadCreator
         return @upload if @upload.errors.present?
 
         if @image_info.type.to_s == "svg"
-          whitelist_svg!
+          clean_svg!
         elsif !Rails.env.test? || @opts[:force_optimize]
           convert_to_jpeg! if convert_png_to_jpeg?
           downsize!        if should_downsize?
@@ -302,9 +302,9 @@ class UploadCreator
     end
   end
 
-  def whitelist_svg!
+  def clean_svg!
     doc = Nokogiri::XML(@file)
-    doc.xpath(svg_whitelist_xpath).remove
+    doc.xpath(svg_allowlist_xpath).remove
     doc.xpath("//@*[starts-with(name(), 'on')]").remove
     doc.css('use').each do |use_el|
       if use_el.attr('href')
@@ -400,8 +400,8 @@ class UploadCreator
     @allow_animation ||= @opts[:type] == "avatar" ? SiteSetting.allow_animated_avatars : SiteSetting.allow_animated_thumbnails
   end
 
-  def svg_whitelist_xpath
-    @@svg_whitelist_xpath ||= "//*[#{WHITELISTED_SVG_ELEMENTS.map { |e| "name()!='#{e}'" }.join(" and ") }]"
+  def svg_allowlist_xpath
+    @@svg_allowlist_xpath ||= "//*[#{WHITELISTED_SVG_ELEMENTS.map { |e| "name()!='#{e}'" }.join(" and ") }]"
   end
 
   def add_metadata!

lib/upload_recovery.rb

@@ -17,7 +17,7 @@ class UploadRecovery
       analyzer.cooked_stripped.css("img", "a").each do |media|
         if media.name == "img" && orig_src = media["data-orig-src"]
           if dom_class = media["class"]
-            if (Post.white_listed_image_classes & dom_class.split).count > 0
+            if (Post.allowed_image_classes & dom_class.split).count > 0
               next
             end
           end

lib/user_name_suggester.rb

@@ -115,7 +115,7 @@ module UserNameSuggester
     end
 
     name.gsub!(UsernameValidator.invalid_char_pattern, '_')
-    name = apply_whitelist(name) if UsernameValidator.char_whitelist_exists?
+    name = apply_allowlist(name) if UsernameValidator.char_allowlist_exists?
     name.gsub!(UsernameValidator::INVALID_LEADING_CHAR_PATTERN, '')
     name.gsub!(UsernameValidator::CONFUSING_EXTENSIONS, "_")
     name.gsub!(UsernameValidator::INVALID_TRAILING_CHAR_PATTERN, '')
@@ -123,9 +123,9 @@ module UserNameSuggester
     name
   end
 
-  def self.apply_whitelist(name)
+  def self.apply_allowlist(name)
     name.grapheme_clusters
-      .map { |c| UsernameValidator.whitelisted_char?(c) ? c : '_' }
+      .map { |c| UsernameValidator.allowed_char?(c) ? c : '_' }
       .join
   end
 

lib/validators/email_validator.rb

@@ -17,9 +17,9 @@ class EmailValidator < ActiveModel::EachValidator
   end
 
   def self.allowed?(email)
-    if (setting = SiteSetting.email_domains_whitelist).present?
+    if (setting = SiteSetting.allowed_email_domains).present?
       return email_in_restriction_setting?(setting, email) || is_developer?(email)
-    elsif (setting = SiteSetting.email_domains_blacklist).present?
+    elsif (setting = SiteSetting.blocked_email_domains).present?
       return !(email_in_restriction_setting?(setting, email) && !is_developer?(email))
     end
 

lib/validators/unicode_username_allowlist_validator.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class UnicodeUsernameWhitelistValidator
+class UnicodeUsernameAllowlistValidator
   def initialize(opts = {})
     @opts = opts
   end
@@ -10,12 +10,12 @@ class UnicodeUsernameWhitelistValidator
     return true if value.blank?
 
     if value.match?(/^\/.*\/[imxo]*$/)
-      @error_message = I18n.t("site_settings.errors.unicode_username_whitelist.leading_trailing_slash")
+      @error_message = I18n.t("site_settings.errors.allowed_unicode_usernames.leading_trailing_slash")
     else
       begin
         Regexp.new(value)
       rescue RegexpError => e
-        @error_message = I18n.t("site_settings.errors.unicode_username_whitelist.regex_invalid", error: e.message)
+        @error_message = I18n.t("site_settings.errors.allowed_unicode_usernames.regex_invalid", error: e.message)
       end
     end
 

lib/validators/upload_validator.rb

@@ -12,9 +12,9 @@ class UploadValidator < ActiveModel::Validator
       return true if upload.user&.staff?
     end
 
-    # check the attachment blacklist
+    # check the attachment blocklist
     if upload.for_group_message && SiteSetting.allow_all_attachments_for_group_messages
-      return upload.original_filename =~ SiteSetting.attachment_filename_blacklist_regex
+      return upload.original_filename =~ SiteSetting.blocked_attachment_filenames_regex
     end
 
     extension = File.extname(upload.original_filename)[1..-1] || ""