diff --git a/inc/config.php b/inc/config.php index 04ed6812..39c23c6f 100644 --- a/inc/config.php +++ b/inc/config.php @@ -426,6 +426,9 @@ $config['thumb_method'] = 'gd'; + // Strip EXIF metadata from JPEG files + $config['strip_exif'] = false; + // Regular expression to check for IE MIME type detection XSS exploit. To disable, comment the line out // https://github.com/savetheinternet/Tinyboard/issues/20 $config['ie_mime_type_detection'] = '/<(?:body|head|html|img|plaintext|pre|script|table|title|a href|channel|scriptlet)/i'; diff --git a/inc/image.php b/inc/image.php index 8c9e380e..7aea9bfe 100644 --- a/inc/image.php +++ b/inc/image.php @@ -175,6 +175,9 @@ class ImageImagick extends ImageBase { } } public function to($src) { + if ($config['strip_exif']) { + $this->image->stripImage(); + } if (preg_match('/\.gif$/i', $src)) $this->image->writeImages($src, true); else @@ -245,9 +248,14 @@ class ImageConvert extends ImageBase { } } public function to($src) { + global $config; + if (!$this->temp) { - // $config['redraw_image'] - shell_exec('convert ' . escapeshellarg($this->src) . ' ' . escapeshellarg($src)); + if ($config['strip_exif']) { + shell_exec('convert ' . escapeshellarg($this->src) . ' -strip ' . escapeshellarg($src)); + } else { + shell_exec('convert ' . escapeshellarg($this->src) . ' ' . escapeshellarg($src)); + } } else { rename($this->temp, $src); chmod($src, 0664); diff --git a/js/hide-threads.js b/js/hide-threads.js new file mode 100644 index 00000000..135fbf51 --- /dev/null +++ b/js/hide-threads.js @@ -0,0 +1,74 @@ +/* + * hide-threads.js + * https://github.com/savetheinternet/Tinyboard/blob/master/js/hide-threads.js + * + * Released under the MIT license + * Copyright (c) 2013 Michael Save + * + * Usage: + * $config['additional_javascript'][] = 'js/jquery.min.js'; + * $config['additional_javascript'][] = 'js/hide-threads.js'; + * + */ + +$(document).ready(function(){ + if($('div.banner').length != 0) + return; // not index + + var board = $('form input[name="board"]').val().toString(); + + if (!localStorage.hiddenthreads) + localStorage.hiddenthreads = '{}'; + + // Load data from HTML5 localStorage + var hidden_data = JSON.parse(localStorage.hiddenthreads); + + var store_data = function() { + localStorage.hiddenthreads = JSON.stringify(hidden_data); + }; + + // Delete old hidden threads (7+ days old) + for (var key in hidden_data) { + for (var id in hidden_data[key]) { + if (hidden_data[key][id] < Math.round(Date.now() / 1000) - 60 * 60 * 24 * 7) { + delete hidden_data[key][id]; + store_data(); + } + } + } + + if (!hidden_data[board]) { + hidden_data[board] = {}; // id : timestamp + } + + $('div.post.op').each(function() { + var id = $(this).children('p.intro').children('a.post_no:eq(1)').text(); + var thread_container = $(this).parent(); + $('[-] ') + .insertBefore(thread_container.find('p.fileinfo:first')) + .click(function() { + hidden_data[board][id] = Math.round(Date.now() / 1000); + store_data(); + + thread_container.find('div.post,img,p.fileinfo,a.hide-thread-link,br').hide(); + + var hidden_div = thread_container.find('div.post.op > p.intro').clone(); + hidden_div.addClass('thread-hidden'); + hidden_div.find('a[href],input').remove(); + + $('[+] ') + .insertAfter(thread_container.find('a.hide-thread-link')) + .click(function() { + delete hidden_data[board][id]; + store_data(); + thread_container.find('div.post,img,p.fileinfo,a.hide-thread-link,br').show(); + $(this).remove(); + hidden_div.remove(); + }); + + hidden_div.insertAfter(thread_container.find('p.fileinfo:first')); + }); + if (hidden_data[board][id]) + thread_container.find('.hide-thread-link').click(); + }); +}); diff --git a/post.php b/post.php index 91d5a2f5..aa7b665f 100644 --- a/post.php +++ b/post.php @@ -422,10 +422,11 @@ if (isset($_POST['delete'])) { error($config['error']['maxsize']); } - // The following code corrects the image orientation based on EXIF. - // Currently only works with the 'convert' option selected but it could easily be expanded to work with the rest if you can be bothered. - if ($config['thumb_method'] == 'convert') { - if ($post['extension'] == 'jpg' || $post['extension'] == 'jpeg') { + + if ($post['extension'] == 'jpg' || $post['extension'] == 'jpeg') { + // The following code corrects the image orientation. + // Currently only works with the 'convert' option selected but it could easily be expanded to work with the rest if you can be bothered. + if ($config['thumb_method'] == 'convert') { $exif = exif_read_data($upload); if (isset($exif['Orientation']) && $exif['Orientation'] != 1) { shell_exec('convert ' . escapeshellarg($upload) . ' -auto-orient ' . escapeshellarg($upload)); @@ -475,7 +476,7 @@ if (isset($_POST['delete'])) { $thumb->_destroy(); } - if ($config['redraw_image']) { + if ($config['redraw_image'] || ($config['strip_exif'] && ($post['extension'] == 'jpg' || $post['extension'] == 'jpeg'))) { $image->to($post['file']); $dont_copy_file = true; }