This commit is contained in:
czaks 2013-07-22 10:14:17 -04:00
commit 805c729892
4 changed files with 93 additions and 7 deletions

View File

@ -426,6 +426,9 @@
$config['thumb_method'] = 'gd'; $config['thumb_method'] = 'gd';
// Strip EXIF metadata from JPEG files
$config['strip_exif'] = false;
// Regular expression to check for IE MIME type detection XSS exploit. To disable, comment the line out // Regular expression to check for IE MIME type detection XSS exploit. To disable, comment the line out
// https://github.com/savetheinternet/Tinyboard/issues/20 // https://github.com/savetheinternet/Tinyboard/issues/20
$config['ie_mime_type_detection'] = '/<(?:body|head|html|img|plaintext|pre|script|table|title|a href|channel|scriptlet)/i'; $config['ie_mime_type_detection'] = '/<(?:body|head|html|img|plaintext|pre|script|table|title|a href|channel|scriptlet)/i';

View File

@ -175,6 +175,9 @@ class ImageImagick extends ImageBase {
} }
} }
public function to($src) { public function to($src) {
if ($config['strip_exif']) {
$this->image->stripImage();
}
if (preg_match('/\.gif$/i', $src)) if (preg_match('/\.gif$/i', $src))
$this->image->writeImages($src, true); $this->image->writeImages($src, true);
else else
@ -245,9 +248,14 @@ class ImageConvert extends ImageBase {
} }
} }
public function to($src) { public function to($src) {
global $config;
if (!$this->temp) { if (!$this->temp) {
// $config['redraw_image'] if ($config['strip_exif']) {
shell_exec('convert ' . escapeshellarg($this->src) . ' ' . escapeshellarg($src)); shell_exec('convert ' . escapeshellarg($this->src) . ' -strip ' . escapeshellarg($src));
} else {
shell_exec('convert ' . escapeshellarg($this->src) . ' ' . escapeshellarg($src));
}
} else { } else {
rename($this->temp, $src); rename($this->temp, $src);
chmod($src, 0664); chmod($src, 0664);

74
js/hide-threads.js Normal file
View File

@ -0,0 +1,74 @@
/*
* hide-threads.js
* https://github.com/savetheinternet/Tinyboard/blob/master/js/hide-threads.js
*
* Released under the MIT license
* Copyright (c) 2013 Michael Save <savetheinternet@tinyboard.org>
*
* Usage:
* $config['additional_javascript'][] = 'js/jquery.min.js';
* $config['additional_javascript'][] = 'js/hide-threads.js';
*
*/
$(document).ready(function(){
if($('div.banner').length != 0)
return; // not index
var board = $('form input[name="board"]').val().toString();
if (!localStorage.hiddenthreads)
localStorage.hiddenthreads = '{}';
// Load data from HTML5 localStorage
var hidden_data = JSON.parse(localStorage.hiddenthreads);
var store_data = function() {
localStorage.hiddenthreads = JSON.stringify(hidden_data);
};
// Delete old hidden threads (7+ days old)
for (var key in hidden_data) {
for (var id in hidden_data[key]) {
if (hidden_data[key][id] < Math.round(Date.now() / 1000) - 60 * 60 * 24 * 7) {
delete hidden_data[key][id];
store_data();
}
}
}
if (!hidden_data[board]) {
hidden_data[board] = {}; // id : timestamp
}
$('div.post.op').each(function() {
var id = $(this).children('p.intro').children('a.post_no:eq(1)').text();
var thread_container = $(this).parent();
$('<a class="hide-thread-link" style="float:left;margin-right:5px" href="javascript:void(0)">[-]</a><span> </span>')
.insertBefore(thread_container.find('p.fileinfo:first'))
.click(function() {
hidden_data[board][id] = Math.round(Date.now() / 1000);
store_data();
thread_container.find('div.post,img,p.fileinfo,a.hide-thread-link,br').hide();
var hidden_div = thread_container.find('div.post.op > p.intro').clone();
hidden_div.addClass('thread-hidden');
hidden_div.find('a[href],input').remove();
$('<a class="unhide-thread-link" style="float:left;margin-right:5px" href="javascript:void(0)">[+]</a><span> </span>')
.insertAfter(thread_container.find('a.hide-thread-link'))
.click(function() {
delete hidden_data[board][id];
store_data();
thread_container.find('div.post,img,p.fileinfo,a.hide-thread-link,br').show();
$(this).remove();
hidden_div.remove();
});
hidden_div.insertAfter(thread_container.find('p.fileinfo:first'));
});
if (hidden_data[board][id])
thread_container.find('.hide-thread-link').click();
});
});

View File

@ -422,10 +422,11 @@ if (isset($_POST['delete'])) {
error($config['error']['maxsize']); error($config['error']['maxsize']);
} }
// The following code corrects the image orientation based on EXIF.
// Currently only works with the 'convert' option selected but it could easily be expanded to work with the rest if you can be bothered. if ($post['extension'] == 'jpg' || $post['extension'] == 'jpeg') {
if ($config['thumb_method'] == 'convert') { // The following code corrects the image orientation.
if ($post['extension'] == 'jpg' || $post['extension'] == 'jpeg') { // Currently only works with the 'convert' option selected but it could easily be expanded to work with the rest if you can be bothered.
if ($config['thumb_method'] == 'convert') {
$exif = exif_read_data($upload); $exif = exif_read_data($upload);
if (isset($exif['Orientation']) && $exif['Orientation'] != 1) { if (isset($exif['Orientation']) && $exif['Orientation'] != 1) {
shell_exec('convert ' . escapeshellarg($upload) . ' -auto-orient ' . escapeshellarg($upload)); shell_exec('convert ' . escapeshellarg($upload) . ' -auto-orient ' . escapeshellarg($upload));
@ -475,7 +476,7 @@ if (isset($_POST['delete'])) {
$thumb->_destroy(); $thumb->_destroy();
} }
if ($config['redraw_image']) { if ($config['redraw_image'] || ($config['strip_exif'] && ($post['extension'] == 'jpg' || $post['extension'] == 'jpeg'))) {
$image->to($post['file']); $image->to($post['file']);
$dont_copy_file = true; $dont_copy_file = true;
} }