Cool_Tools/vichan
1
0
Fork 0
mirror of https://github.com/vichan-devel/vichan.git synced 2024-11-23 23:20:57 +01:00
Code Releases Wiki Activity

Fix Exif leak in JPEG orientation conversion code

Browse Source 
https://github.com/vichan-devel/vichan/issues/735
This commit is contained in:
papereth 2024-05-04 15:01:17 +01:00 committed by GitHub
parent c3de90075e
commit 0dd064b2ea
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
post.php
View File

@ -1048,23 +1048,19 @@ if (isset($_POST['delete'])) {
error($config['error']['maxsize']); error($config['error']['maxsize']);
} }
// The following code corrects the image orientation.
if ($config['convert_auto_orient'] && ($file['extension'] == 'jpg' || $file['extension'] == 'jpeg')) { if ($config['convert_auto_orient'] && ($size[2] == IMAGETYPE_JPEG)) {
// The following code corrects the image orientation. // 'redraw_image' should already fix image orientation by itself
// Currently only works with the 'convert' option selected but it could easily be expanded to work with the rest if you can be bothered. if (!($config['redraw_image'])) {
if (!($config['redraw_image'] || (($config['strip_exif'] && !$config['use_exiftool']) && ($file['extension'] == 'jpg' || $file['extension'] == 'jpeg')))) {
if (in_array($config['thumb_method'], array('convert', 'convert+gifsicle', 'gm', 'gm+gifsicle'))) { if (in_array($config['thumb_method'], array('convert', 'convert+gifsicle', 'gm', 'gm+gifsicle'))) {
$exif = @exif_read_data($file['tmp_name']); $exif = @exif_read_data($file['tmp_name']);
$gm = in_array($config['thumb_method'], array('gm', 'gm+gifsicle')); $gm = in_array($config['thumb_method'], array('gm', 'gm+gifsicle'));
if (isset($exif['Orientation']) && $exif['Orientation'] != 1) { if (isset($exif['Orientation']) && $exif['Orientation'] != 1) {
$error = shell_exec_error(($gm ? 'gm ' : '') . 'convert ' . $error = shell_exec_error(($gm ? 'gm ' : '') . 'convert ' .
escapeshellarg($file['tmp_name']) . ' -auto-orient ' . escapeshellarg($upload)); escapeshellarg($file['tmp_name']) . ' -auto-orient ' . escapeshellarg($file['tmp_name']));
if ($error) if ($error)
error(_('Could not auto-orient image!'), null, $error); error(_('Could not auto-orient image!'), null, $error);
$size = @getimagesize($file['tmp_name']); $size = @getimagesize($file['tmp_name']);
if ($config['strip_exif'])
$file['exif_stripped'] = true;
} }
} }
} }