From 56d8e51a7eb58d3bf712a6acbe9dc7eca51fe283 Mon Sep 17 00:00:00 2001
From: Remigijus Kiminas <remdex@gmail.com>
Date: Thu, 31 Mar 2022 01:08:03 -0400
Subject: [PATCH] Clean EXIF data

---
 lhc_web/lib/core/lhcore/lhimageconverter.php | 10 +++++++---
 lhc_web/lib/core/lhcore/lhsearchhandler.php  | 10 ++++++++++
 2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/lhc_web/lib/core/lhcore/lhimageconverter.php b/lhc_web/lib/core/lhcore/lhimageconverter.php
index f23f5d4cdf..0a4c27984c 100644
--- a/lhc_web/lib/core/lhcore/lhimageconverter.php
+++ b/lhc_web/lib/core/lhcore/lhimageconverter.php
@@ -432,9 +432,9 @@ public static function upload( $file, $upload_name = 'SlideFile', $save_path = '
 		$saveDir = $save_path;
 
     	if (!@move_uploaded_file($file[$upload_name]["tmp_name"], $saveDir.$fileNameNew)) {
-			$errors[] = "File could not be saved.";
-			return $return = array( 'errors' => $errors );
-		}
+            $errors[] = "File could not be saved.";
+            return $return = array( 'errors' => $errors );
+        }
 
         // Clean SVG
         if ($fileSuffix == '.svg') {
@@ -442,6 +442,10 @@ public static function upload( $file, $upload_name = 'SlideFile', $save_path = '
             $dirtySVG = file_get_contents($saveDir . $fileNameNew);
             $cleanSVG = $sanitizer->sanitize($dirtySVG);
             file_put_contents($saveDir . $fileNameNew, $cleanSVG);
+        } else {
+            erLhcoreClassFileUploadAdmin::removeExif($saveDir . $fileNameNew, $saveDir . $fileNameNew . '_exif');
+            unlink($saveDir . $fileNameNew);
+            rename($saveDir . $fileNameNew . '_exif', $saveDir . $fileNameNew);
         }
 
 		$data = array( 'filename'  		   => $fileNameNew,
diff --git a/lhc_web/lib/core/lhcore/lhsearchhandler.php b/lhc_web/lib/core/lhcore/lhsearchhandler.php
index 77f7117596..5d51b30c06 100644
--- a/lhc_web/lib/core/lhcore/lhsearchhandler.php
+++ b/lhc_web/lib/core/lhcore/lhsearchhandler.php
@@ -609,6 +609,11 @@ public static function moveUploadedFile($fileName, $destination_dir, $extensionS
                 $dirtySVG = file_get_contents($destination_dir . $fileNamePhysic);
                 $cleanSVG = $sanitizer->sanitize($dirtySVG);
                 file_put_contents($destination_dir . $fileNamePhysic, $cleanSVG);
+            } elseif (in_array($extension,['jpg','jpeg','png','gif'])){
+                erLhcoreClassFileUploadAdmin::removeExif($destination_dir . $fileNamePhysic, $destination_dir . $fileNamePhysic . '_exif');
+                unlink($destination_dir . $fileNamePhysic);
+                rename($destination_dir . $fileNamePhysic . '_exif', $destination_dir . $fileNamePhysic);
+                chmod($destination_dir . $fileNamePhysic, 0644);
             }
 
             return $fileNamePhysic;
@@ -631,6 +636,11 @@ public static function moveLocalFile($fileName, $destination_dir, $extensionSepa
             $dirtySVG = file_get_contents($destination_dir . $fileNamePhysic);
             $cleanSVG = $sanitizer->sanitize($dirtySVG);
             file_put_contents($destination_dir . $fileNamePhysic, $cleanSVG);
+        } elseif (in_array($extension,['jpg','jpeg','png','gif'])) {
+            erLhcoreClassFileUploadAdmin::removeExif($destination_dir . $fileNamePhysic, $destination_dir . $fileNamePhysic . '_exif');
+            unlink($destination_dir . $fileNamePhysic);
+            rename($destination_dir . $fileNamePhysic . '_exif', $destination_dir . $fileNamePhysic);
+            chmod($destination_dir . $fileNamePhysic, 0644);
         }
 
         return $fileNamePhysic;