iarv/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-03-28 17:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixes #2145 deal with array value in exif

Browse Source
This commit is contained in:
plegall
2024-04-10 12:24:24 +02:00
parent acf63a700d
commit 813d53b21f
2 changed files with 17 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
include/functions_metadata.inc.php
View File

@@ -183,11 +183,23 @@ function get_exif_data($filename, $map)
if (!$conf['allow_html_in_metadata'])
{
function strip_html_in_metadata(&$v, $k)
{
$v = strip_tags($v);
}
foreach ($result as $key => $value)
{
// in case the origin of the photo is unsecure (user upload), we remove
// HTML tags to avoid XSS (malicious execution of javascript)
$result[$key] = strip_tags($value);
if (is_array($value))
{
array_walk_recursive($value, 'strip_html_in_metadata');
}
else
{
$result[$key] = strip_tags($value);
}
}
}

6
include/picture_metadata.inc.php
View File

@@ -34,7 +34,8 @@ if (($conf['show_exif']) and (function_exists('exif_read_data')))
{
if (strpos($field, ';') === false)
{
if (isset($exif[$field]))
// template cannot deal with an array as value, we skip it
if (isset($exif[$field]) and !is_array($exif[$field]))
{
$key = $field;
if (isset($lang['exif_field_'.$field]))
@@ -47,7 +48,8 @@ if (($conf['show_exif']) and (function_exists('exif_read_data')))
else
{
$tokens = explode(';', $field);
if (isset($exif[$field]))
// template cannot deal with an array as value, we skip it
if (isset($exif[$field]) and !is_array($exif[$field]))
{
$key = $tokens[1];
if (isset($lang['exif_field_'.$key]))