From 2e6a74c3fea5ee7c18d97e19dfade945295b851f Mon Sep 17 00:00:00 2001 From: ilotterytea Date: Sun, 8 Jun 2025 03:05:14 +0400 Subject: feat: strip exif data --- lib/file.php | 7 +++++++ public/index.php | 6 ++++++ public/upload.php | 5 +++++ 3 files changed, 18 insertions(+) diff --git a/lib/file.php b/lib/file.php index d8f740e..fe7dae1 100644 --- a/lib/file.php +++ b/lib/file.php @@ -34,4 +34,11 @@ function delete_file(string $file_id, string $file_extension): bool } return true; +} + +function strip_exif(string $file_path) +{ + $file_path = escapeshellarg($file_path); + $output = shell_exec("exiftool -q -EXIF= $file_path $file_path"); + return empty($output); } \ No newline at end of file diff --git a/public/index.php b/public/index.php index 7c23b88..6f58fe8 100644 --- a/public/index.php +++ b/public/index.php @@ -299,6 +299,12 @@ $privacy_exists = is_file($_SERVER['DOCUMENT_ROOT'] . '/static/PRIVACY.txt'); Preserve original filename: + + + Strip EXIF data: + + + diff --git a/public/upload.php b/public/upload.php index a0810ef..11c0f15 100644 --- a/public/upload.php +++ b/public/upload.php @@ -108,6 +108,11 @@ try { throw new RuntimeException('Invalid file format.'); } + // striping exif data + if (FILE_STRIP_EXIF && $is_media && !strip_exif($file['tmp_name'])) { + throw new RuntimeException('Failed to strip EXIF tags.'); + } + $file_data = [ 'size' => $file['size'], 'mime' => $file_mime, -- cgit v1.2.3