(I don't know, is this the right forum for this kind of post? )
A lot of information can be found,for example phone model, security patch....
This is not a problem, almost all sites do not remove thems, and I think it should be the users who are interested in their privacy to remove the metadata before uploading images to internet.
Some software like gimp allows you to remove exif and other metadata when exporting image. A usefull command-line program is exiftool, for remove all metadata:
exiftool -ALL= "file_path "
I found and tested a method to integrate this on postmill, but I'm not sure if it's a good idea.
Adding exiftool to dependencies and add this line in DataTransfer/ImageManager.php findOrCreateFromFile()
system("exiftool -ALL= submission_images/$filename -overwrite_original");
this is simple but very dirty because have many problem:
to my knowledge a system call is usually not a good programming rule. In this case break compatibility whit other os not officially supported (but i can add some solution).
add exiftool to dependencies, adding too many things not necessary can go against the philosophy of lightness and simplicity......
this is the entire function:
public function findOrCreateFromFile(string $path): Image {
$filename = $this->imageNameGenerator->generateName($path);
/*added*/escapeshellcmd($filename); //** the name is generate whit hash_file()+mimetipe so is safe, this is only a extra paranoia
$sha256 = hash_file('sha256', $path, true);
$image = $this->images->findOneBySha256($sha256);
if (!$image) {
[$width, $height] = @getimagesize($path);
$image = new Image($filename, $sha256, $width, $height);
} elseif (!$image->getWidth() || !$image->getHeight()) {
[$width, $height] = @getimagesize($path);
$image->setDimensions($width, $height);
}
$this->storage->store($path, $filename);
/*added*/system("exiftool -ALL= submission_images/$filename -overwrite_original");//**
return $image;
}
emma wrote (edited )
As you say, this solution is not portable. The proper solution would be to regenerate the image from bitmap data (memory intensive), or use a plain PHP library to scrub EXIF without regenerating it (possibly worse results).
Using
findOrCreateFromFile
for this purpose would be undesirable, though. There are numerous problems with the proposed code changes, but in short, it's buggy and I wouldn't accept a quick hack like this.A file that wasn't uploaded before is not even stored in submission_images whenEdit: It is under some configurations.system()
is called.