Submitted by stagn2 in meta (edited )

(I don't know, is this the right forum for this kind of post? )

A lot of information can be found,for example phone model, security patch....
This is not a problem, almost all sites do not remove thems, and I think it should be the users who are interested in their privacy to remove the metadata before uploading images to internet.

Some software like gimp allows you to remove exif and other metadata when exporting image. A usefull command-line program is exiftool, for remove all metadata:
exiftool -ALL= "file_path "

I found and tested a method to integrate this on postmill, but I'm not sure if it's a good idea.
Adding exiftool to dependencies and add this line in DataTransfer/ImageManager.php findOrCreateFromFile()
system("exiftool -ALL= submission_images/$filename -overwrite_original");

this is simple but very dirty because have many problem: to my knowledge a system call is usually not a good programming rule. In this case break compatibility whit other os not officially supported (but i can add some solution).
add exiftool to dependencies, adding too many things not necessary can go against the philosophy of lightness and simplicity......

this is the entire function:

public function findOrCreateFromFile(string $path): Image {
    $filename = $this->imageNameGenerator->generateName($path);
    /*added*/escapeshellcmd($filename); //** the name is generate whit hash_file()+mimetipe so is safe, this is only a extra paranoia
    $sha256 = hash_file('sha256', $path, true);
    $image = $this->images->findOneBySha256($sha256);

    if (!$image) {
        [$width, $height] = @getimagesize($path);
        $image = new Image($filename, $sha256, $width, $height);
    } elseif (!$image->getWidth() || !$image->getHeight()) {
        [$width, $height] = @getimagesize($path);
        $image->setDimensions($width, $height);

    $this->storage->store($path, $filename);
    /*added*/system("exiftool -ALL= submission_images/$filename -overwrite_original");//**
    return $image;


You must log in or register to comment.

emma wrote (edited )

As you say, this solution is not portable. The proper solution would be to regenerate the image from bitmap data (memory intensive), or use a plain PHP library to scrub EXIF without regenerating it (possibly worse results).

Using findOrCreateFromFile for this purpose would be undesirable, though. There are numerous problems with the proposed code changes, but in short, it's buggy and I wouldn't accept a quick hack like this. A file that wasn't uploaded before is not even stored in submission_images when system() is called. Edit: It is under some configurations.


capitan wrote

By plain PHP do you mean pure PHP, or just not shelling out to a CLI tool?

I found this gmagick library, but I'm 99% sure it links to ImageMagick, which is itself not portable across architectures.


emma wrote

I meant pure PHP, but an extension or even a CLI tool are also acceptable. My concerns are that changing something on the server doesn't break EXIF stripping, and that having an obscure CLI tool installed cannot be a requirement for being able to upload images in Postmill.

I've already laid out a plan to deal with this, but GitLab kind of pulled the rug on the project with breaking CI for contributors, then reducing the amount of CI hours to practically nothing for anyone who doesn't apply for their open source programme, which I'm not doing. That is why I've barely worked on Postmill this year. I've been meaning to set up my own git hosting thing + CI runner, but finding good alternatives that aren't unmanageable for me has been further demotivating.


wednesday wrote

fwiw, that's not a correct use of escapeshellcmd. it doesn't modify the string in-place, it returns the escaped string, so you would need something like $safe_filename = escapeshellcmd($filename).

however in this case i think you actually want escapeshellarg instead, since the filename is a single argument.


Delonix wrote

What to do unordered to understand code like u guys