From 308f557fd503898406d7cb54ef7e6e6efb0f84ae Mon Sep 17 00:00:00 2001 From: Michael Foster Date: Sun, 21 Jul 2013 15:50:45 -0400 Subject: [PATCH 1/3] Option to automatically strip EXIF metadata from JPEGs --- inc/config.php | 3 +++ inc/image.php | 12 ++++++++++-- post.php | 11 ++++++----- 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/inc/config.php b/inc/config.php index 424d07d6..c2a68e6c 100644 --- a/inc/config.php +++ b/inc/config.php @@ -418,6 +418,9 @@ // - 'convert' The command line version of ImageMagick (`convert`). Fixes most of the bugs in PHP Imagick. $config['thumb_method'] = 'gd'; + // Strip EXIF metadata from JPEG files + $config['strip_exif'] = false; + // Regular expression to check for IE MIME type detection XSS exploit. To disable, comment the line out // https://github.com/savetheinternet/Tinyboard/issues/20 $config['ie_mime_type_detection'] = '/<(?:body|head|html|img|plaintext|pre|script|table|title|a href|channel|scriptlet)/i'; diff --git a/inc/image.php b/inc/image.php index abe27bcb..eb98ceda 100644 --- a/inc/image.php +++ b/inc/image.php @@ -166,6 +166,9 @@ class ImageImagick extends ImageBase { } } public function to($src) { + if ($config['strip_exif']) { + $this->image->stripImage(); + } if (preg_match('/\.gif$/i', $src)) $this->image->writeImages($src, true); else @@ -236,9 +239,14 @@ class ImageConvert extends ImageBase { } } public function to($src) { + global $config; + if (!$this->temp) { - // $config['redraw_image'] - shell_exec('convert ' . escapeshellarg($this->src) . ' ' . escapeshellarg($src)); + if ($config['strip_exif']) { + shell_exec('convert ' . escapeshellarg($this->src) . ' -strip ' . escapeshellarg($src)); + } else { + shell_exec('convert ' . escapeshellarg($this->src) . ' ' . escapeshellarg($src)); + } } else { rename($this->temp, $src); chmod($src, 0664); diff --git a/post.php b/post.php index 4e10c0cf..4e3a1a9f 100644 --- a/post.php +++ b/post.php @@ -420,10 +420,11 @@ if (isset($_POST['delete'])) { error($config['error']['maxsize']); } - // The following code corrects the image orientation based on EXIF. - // Currently only works with the 'convert' option selected but it could easily be expanded to work with the rest if you can be bothered. - if ($config['thumb_method'] == 'convert') { - if ($post['extension'] == 'jpg' || $post['extension'] == 'jpeg') { + + if ($post['extension'] == 'jpg' || $post['extension'] == 'jpeg') { + // The following code corrects the image orientation. + // Currently only works with the 'convert' option selected but it could easily be expanded to work with the rest if you can be bothered. + if ($config['thumb_method'] == 'convert') { $exif = exif_read_data($upload); if (isset($exif['Orientation']) && $exif['Orientation'] != 1) { shell_exec('convert ' . escapeshellarg($upload) . ' -auto-orient ' . escapeshellarg($upload)); @@ -473,7 +474,7 @@ if (isset($_POST['delete'])) { $thumb->_destroy(); } - if ($config['redraw_image']) { + if ($config['redraw_image'] || ($config['strip_exif'] && ($post['extension'] == 'jpg' || $post['extension'] == 'jpeg'))) { $image->to($post['file']); $dont_copy_file = true; } From 9123161870f0bf935624f7668d28fd62d2a60f8e Mon Sep 17 00:00:00 2001 From: Michael Foster Date: Sun, 21 Jul 2013 21:12:30 -0400 Subject: [PATCH 2/3] js/hide-threads.js: Simple thread-minimizing script --- js/hide-threads.js | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 js/hide-threads.js diff --git a/js/hide-threads.js b/js/hide-threads.js new file mode 100644 index 00000000..42475d2a --- /dev/null +++ b/js/hide-threads.js @@ -0,0 +1,74 @@ +/* + * hide-threads.js + * https://github.com/savetheinternet/Tinyboard/blob/master/js/hide-threads.js + * + * Released under the MIT license + * Copyright (c) 2013 Michael Save + * + * Usage: + * $config['additional_javascript'][] = 'js/jquery.min.js'; + * $config['additional_javascript'][] = 'js/hide-threads.js'; + * + */ + +$(document).ready(function(){ + if($('div.banner').length != 0) + return; // not index + + var board = $('form input[name="board"]').val().toString(); + + if (!localStorage.hiddenthreads) + localStorage.hiddenthreads = '{}'; + + // Load data from HTML5 localStorage + var hidden_data = JSON.parse(localStorage.hiddenthreads); + + var store_data = function() { + localStorage.hiddenthreads = JSON.stringify(hidden_data); + }; + + // Delete old hidden threads (7+ days old) + for (var key in hidden_data) { + for (var id in hidden_data[key]) { + if (hidden_data[key][id] < Math.round(Date.now() / 1000) - 60 * 60 * 24 * 7) { + delete hidden_data[key][id]; + store_data(); + } + } + } + + if (!hidden_data[board]) { + hidden_data[board] = {}; // id : timestamp + } + + $('div.post.op').each(function() { + var id = $(this).children('p.intro').children('a.post_no:eq(1)').text(); + var thread_container = $(this).parent(); + $('[-] ') + .insertBefore(thread_container.find('p.fileinfo')) + .click(function() { + hidden_data[board][id] = Math.round(Date.now() / 1000); + store_data(); + + thread_container.find('div.post,img,p.fileinfo,a.hide-thread-link,br').hide(); + + var hidden_div = thread_container.find('div.post.op > p.intro').clone(); + hidden_div.addClass('thread-hidden'); + hidden_div.find('a[href],input').remove(); + + $('[+] ') + .insertAfter(thread_container.find('a.hide-thread-link')) + .click(function() { + delete hidden_data[board][id]; + store_data(); + thread_container.find('div.post,img,p.fileinfo,a.hide-thread-link,br').show(); + $(this).remove(); + hidden_div.remove(); + }); + + hidden_div.insertAfter(thread_container.find('p.fileinfo')); + }); + if (hidden_data[board][id]) + thread_container.find('.hide-thread-link').click(); + }); +}); From 51361d02fb4b66a198dcdb5cd6350e6dada0aac9 Mon Sep 17 00:00:00 2001 From: Michael Foster Date: Sun, 21 Jul 2013 21:18:57 -0400 Subject: [PATCH 3/3] Strange bug in last commit --- js/hide-threads.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/js/hide-threads.js b/js/hide-threads.js index 42475d2a..135fbf51 100644 --- a/js/hide-threads.js +++ b/js/hide-threads.js @@ -45,7 +45,7 @@ $(document).ready(function(){ var id = $(this).children('p.intro').children('a.post_no:eq(1)').text(); var thread_container = $(this).parent(); $('[-] ') - .insertBefore(thread_container.find('p.fileinfo')) + .insertBefore(thread_container.find('p.fileinfo:first')) .click(function() { hidden_data[board][id] = Math.round(Date.now() / 1000); store_data(); @@ -66,7 +66,7 @@ $(document).ready(function(){ hidden_div.remove(); }); - hidden_div.insertAfter(thread_container.find('p.fileinfo')); + hidden_div.insertAfter(thread_container.find('p.fileinfo:first')); }); if (hidden_data[board][id]) thread_container.find('.hide-thread-link').click();