diff options
author | plegall <plg@piwigo.org> | 2013-05-14 08:04:33 +0000 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2013-05-14 08:04:33 +0000 |
commit | 68c0ce65118669e70eb47e46e553ddcd4c48de53 (patch) | |
tree | 6702edf758cceef28d0f4e04ce7606cadd34fda6 /include/functions_metadata.inc.php | |
parent | 509117aeb98927fafeba1632bfa1e0d6249bdad2 (diff) |
feature 2899: ability to allow HTML in EXIF/IPTC (disabled by default)
git-svn-id: http://piwigo.org/svn/branches/2.5@22660 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include/functions_metadata.inc.php')
-rw-r--r-- | include/functions_metadata.inc.php | 28 |
1 files changed, 20 insertions, 8 deletions
diff --git a/include/functions_metadata.inc.php b/include/functions_metadata.inc.php index 4549ca7c6..97724abc1 100644 --- a/include/functions_metadata.inc.php +++ b/include/functions_metadata.inc.php @@ -30,6 +30,8 @@ */ function get_iptc_data($filename, $map) { + global $conf; + $result = array(); $imginfo = array(); @@ -60,10 +62,15 @@ function get_iptc_data($filename, $map) foreach (array_keys($map, $iptc_key) as $pwg_key) { - // in case the origin of the photo is unsecure (user upload), we - // remove HTML tags to avoid XSS (malicious execution of - // javascript) - $result[$pwg_key] = strip_tags($value); + $result[$pwg_key] = $value; + + if (!$conf['allow_html_in_metadata']) + { + // in case the origin of the photo is unsecure (user upload), we + // remove HTML tags to avoid XSS (malicious execution of + // javascript) + $result[$pwg_key] = strip_tags($result[$pwg_key]); + } } } } @@ -112,6 +119,8 @@ function clean_iptc_value($value) */ function get_exif_data($filename, $map) { + global $conf; + $result = array(); if (!function_exists('read_exif_data')) @@ -143,11 +152,14 @@ function get_exif_data($filename, $map) } } - foreach ($result as $key => $value) + if (!$conf['allow_html_in_metadata']) { - // in case the origin of the photo is unsecure (user upload), we remove - // HTML tags to avoid XSS (malicious execution of javascript) - $result[$key] = strip_tags($value); + foreach ($result as $key => $value) + { + // in case the origin of the photo is unsecure (user upload), we remove + // HTML tags to avoid XSS (malicious execution of javascript) + $result[$key] = strip_tags($value); + } } return $result; |