diff --git a/imgboard.php b/imgboard.php
index 9600930..3a8351e 100644
--- a/imgboard.php
+++ b/imgboard.php
@@ -493,8 +493,6 @@ if (!isset($_GET['delete']) && !isset($_GET['manage']) && (isset($_POST['name'])
}
fancyDie(sprintf(__('Please %s.'), $allowed));
}
- } else {
- echo sprintf(__('%s uploaded.'), $post['file_original']) . '
';
}
if (!$loggedin && (($post['file'] != '' && TINYIB_REQMOD == 'files') || TINYIB_REQMOD == 'all')) {
@@ -1002,8 +1000,8 @@ EOF;
}
$action = sprintf(__('Deleted %s'),'>>' . $post['id']) . ' - ' . hashData($post['ip']);
- if ($post['text'] != '') {
- $stripped = strip_tags($post['text']);
+ $stripped = strip_tags($post['message']);
+ if ($stripped != '') {
$action .= ' - ' . htmlentities(substr($stripped, 0, 32));
if (strlen($stripped) > 32) {
$action .= '...';
diff --git a/inc/defines.php b/inc/defines.php
index c7dbd3e..ae52ab4 100644
--- a/inc/defines.php
+++ b/inc/defines.php
@@ -55,6 +55,9 @@ if (!defined('TINYIB_THUMBNAIL')) {
if (!defined('TINYIB_UPLOADVIAURL')) {
define('TINYIB_UPLOADVIAURL', false);
}
+if (!defined('TINYIB_STRIPMETADATA')) {
+ define('TINYIB_STRIPMETADATA', false);
+}
if (!defined('TINYIB_NOFILEOK')) {
define('TINYIB_NOFILEOK', false);
}
diff --git a/inc/functions.php b/inc/functions.php
index f97de87..1158e09 100644
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -39,7 +39,8 @@ function threadUpdated($id) {
}
function newPost($parent = TINYIB_NEWTHREAD) {
- return array('parent' => $parent,
+ return array(
+ 'parent' => $parent,
'timestamp' => '0',
'bumped' => '0',
'ip' => '',
@@ -62,7 +63,8 @@ function newPost($parent = TINYIB_NEWTHREAD) {
'thumb_height' => '0',
'stickied' => '0',
'locked' => '0',
- 'moderated' => '1');
+ 'moderated' => '1'
+ );
}
function convertBytes($number) {
@@ -312,8 +314,8 @@ function checkKeywords($text) {
$keywords = allKeywords();
foreach ($keywords as $keyword) {
if (substr($keyword['text'], 0, 7) == 'regexp:') {
- if (preg_match(substr($keyword['text'],7), $text)) {
- $keyword['text'] = substr($keyword['text'],7);
+ if (preg_match(substr($keyword['text'], 7), $text)) {
+ $keyword['text'] = substr($keyword['text'], 7);
return $keyword;
}
continue;
@@ -748,19 +750,6 @@ function attachFile($post, $filepath, $filename, $uploaded) {
fancyDie(__('File transfer failure. Please retry the submission.'));
}
- $filesize = filesize($filepath);
- if (TINYIB_MAXKB > 0 && $filesize > (TINYIB_MAXKB * 1024)) {
- @unlink($filepath);
- fancyDie(sprintf(__('That file is larger than %s.'), TINYIB_MAXKBDESC));
- }
-
- $post['file_original'] = trim(htmlentities(substr($filename, 0, 50), ENT_QUOTES));
- $post['file_hex'] = md5_file($filepath);
- $post['file_size'] = $filesize;
- $post['file_size_formatted'] = convertBytes($post['file_size']);
-
- checkDuplicateFile($post['file_hex']);
-
$file_mime_split = explode(' ', trim(mime_content_type($filepath)));
if (count($file_mime_split) > 0) {
$file_mime = strtolower(array_pop($file_mime_split));
@@ -775,68 +764,84 @@ function attachFile($post, $filepath, $filename, $uploaded) {
fancyDie(supportedFileTypes());
}
- $file_name = time() . substr(microtime(), 2, 3);
- $post['file'] = $file_name . '.' . $tinyib_uploads[$file_mime][0];
+ $file_name_pre = time() . substr(microtime(), 2, 3);
+ $file_name = $file_name_pre . '.' . $tinyib_uploads[$file_mime][0];
+ $file_src = 'src/' . $file_name;
- $file_location = 'src/' . $post['file'];
if ($uploaded) {
- if (!move_uploaded_file($filepath, $file_location)) {
+ if (!move_uploaded_file($filepath, $file_src)) {
fancyDie(__('Could not copy uploaded file.'));
}
} else {
- if (!rename($filepath, $file_location)) {
+ if (!rename($filepath, $file_src)) {
@unlink($filepath);
fancyDie(__('Could not copy uploaded file.'));
}
}
+ $filepath = $file_src;
- if (filesize($file_location) != $filesize) {
- @unlink($file_location);
+ $filesize = filesize($filepath);
+ if (filesize($filepath) != $filesize) {
+ @unlink($filepath);
fancyDie(__('File transfer failure. Please go back and try again.'));
+ } else if (TINYIB_MAXKB > 0 && $filesize > (TINYIB_MAXKB * 1024)) {
+ @unlink($filepath);
+ fancyDie(sprintf(__('That file is larger than %s.'), TINYIB_MAXKBDESC));
}
+ if (TINYIB_STRIPMETADATA) {
+ stripMetadata($filepath);
+ }
+
+ $post['file'] = $file_name;
+ $post['file_original'] = trim(htmlentities(substr($filename, 0, 50), ENT_QUOTES));
+ $post['file_hex'] = md5_file($filepath);
+ $post['file_size'] = $filesize;
+ $post['file_size_formatted'] = convertBytes($post['file_size']);
+ checkDuplicateFile($post['file_hex']);
+
if (in_array($file_mime, array('image/jpeg', 'image/pjpeg', 'image/png', 'image/gif', 'application/x-shockwave-flash'))) {
- $file_info = getimagesize($file_location);
+ $file_info = getimagesize($file_src);
$post['image_width'] = $file_info[0];
$post['image_height'] = $file_info[1];
}
if (isset($tinyib_uploads[$file_mime][1])) {
$thumbfile_split = explode('.', $tinyib_uploads[$file_mime][1]);
- $post['thumb'] = $file_name . 's.' . array_pop($thumbfile_split);
+ $post['thumb'] = $file_name_pre . 's.' . array_pop($thumbfile_split);
if (!copy($tinyib_uploads[$file_mime][1], 'thumb/' . $post['thumb'])) {
- @unlink($file_location);
+ @unlink($file_src);
fancyDie(__('Could not create thumbnail.'));
}
if ($file_mime == 'application/x-shockwave-flash') {
addVideoOverlay('thumb/' . $post['thumb']);
}
- $file_info = getimagesize($file_location);
+ $file_info = getimagesize($file_src);
$post['image_width'] = $file_info[0];
$post['image_height'] = $file_info[1];
} else if (in_array($file_mime, array('image/jpeg', 'image/pjpeg', 'image/png', 'image/gif'))) {
- $post['thumb'] = $file_name . 's.' . $tinyib_uploads[$file_mime][0];
+ $post['thumb'] = $file_name_pre . 's.' . $tinyib_uploads[$file_mime][0];
list($thumb_maxwidth, $thumb_maxheight) = thumbnailDimensions($post);
- if (!createThumbnail($file_location, 'thumb/' . $post['thumb'], $thumb_maxwidth, $thumb_maxheight)) {
- @unlink($file_location);
+ if (!createThumbnail($file_src, 'thumb/' . $post['thumb'], $thumb_maxwidth, $thumb_maxheight)) {
+ @unlink($file_src);
fancyDie(__('Could not create thumbnail.'));
}
} else if ($file_mime == 'audio/webm' || $file_mime == 'video/webm' || $file_mime == 'audio/mp4' || $file_mime == 'video/mp4') {
- list($post['image_width'], $post['image_height']) = videoDimensions($file_location);
+ list($post['image_width'], $post['image_height']) = videoDimensions($file_src);
if ($post['image_width'] > 0 && $post['image_height'] > 0) {
list($thumb_maxwidth, $thumb_maxheight) = thumbnailDimensions($post);
- $post['thumb'] = $file_name . 's.jpg';
- ffmpegThumbnail($file_location, 'thumb/' . $post['thumb'], $thumb_maxwidth, $thumb_maxheight);
+ $post['thumb'] = $file_name_pre . 's.jpg';
+ ffmpegThumbnail($file_src, 'thumb/' . $post['thumb'], $thumb_maxwidth, $thumb_maxheight);
$thumb_info = getimagesize('thumb/' . $post['thumb']);
$post['thumb_width'] = $thumb_info[0];
$post['thumb_height'] = $thumb_info[1];
if ($post['thumb_width'] <= 0 || $post['thumb_height'] <= 0) {
- @unlink($file_location);
+ @unlink($file_src);
@unlink('thumb/' . $post['thumb']);
fancyDie(__('Sorry, your video appears to be corrupt.'));
}
@@ -844,7 +849,7 @@ function attachFile($post, $filepath, $filename, $uploaded) {
addVideoOverlay('thumb/' . $post['thumb']);
}
- $duration = videoDuration($file_location);
+ $duration = videoDuration($file_src);
if ($duration > 0) {
$mins = floor(round($duration / 1000) / 60);
$secs = str_pad(floor(round($duration / 1000) % 60), 2, '0', STR_PAD_LEFT);
@@ -859,7 +864,7 @@ function attachFile($post, $filepath, $filename, $uploaded) {
$post['thumb_height'] = $thumb_info[1];
if ($post['thumb_width'] <= 0 || $post['thumb_height'] <= 0) {
- @unlink($file_location);
+ @unlink($file_src);
@unlink('thumb/' . $post['thumb']);
fancyDie(__('Sorry, your video appears to be corrupt.'));
}
@@ -868,6 +873,19 @@ function attachFile($post, $filepath, $filename, $uploaded) {
return $post;
}
+function stripMetadata($filename) {
+ $discard = '';
+ $exit_status = 1;
+ exec("exiftool -ver", $discard, $exit_status);
+ if ($exit_status != 0) {
+ fancyDie('ExifTool is not installed, or the exiftool executable is not in the server\'s $PATH.
Install ExifTool, or set TINYIB_STRIPMETADATA to false.');
+ }
+
+ $discard = '';
+ $exit_status = 1;
+ exec("exiftool -All= -overwrite_original_in_place " . escapeshellarg($filename), $discard, $exit_status);
+}
+
function remoteAddress() {
if (TINYIB_CLOUDFLARE) {
return $_SERVER['HTTP_CF_CONNECTING_IP'];
diff --git a/settings.default.php b/settings.default.php
index 3a4ede1..5859a60 100644
--- a/settings.default.php
+++ b/settings.default.php
@@ -90,6 +90,7 @@ define('TINYIB_MAXKB', 2048); // Maximum file size in kilobytes [0 to d
define('TINYIB_MAXKBDESC', '2 MB'); // Human-readable representation of the maximum file size
define('TINYIB_THUMBNAIL', 'gd'); // Thumbnail method to use: gd / ffmpeg / imagemagick (see README for instructions)
define('TINYIB_UPLOADVIAURL', false); // Allow files to be uploaded via URL
+define('TINYIB_STRIPMETADATA', false);// Attempt to strip all metadata from uploaded files (requires ExifTool)
define('TINYIB_NOFILEOK', false); // Allow the creation of new threads without uploading a file
// Thumbnail size - new thread