Changeset 22660 for branches/2.5/include/functions_metadata.inc.php

Timestamp:

May 14, 2013, 10:04:33 AM (11 years ago)

Author:

plg

Message:

feature 2899: ability to allow HTML in EXIF/IPTC (disabled by default)

File:

• branches/2.5/include/functions_metadata.inc.php (modified) (4 diffs)

branches/2.5/include/functions_metadata.inc.php

@@ -31 +31 @@
 function get_iptc_data($filename, $map)
 {
+  global $conf;
+  
   $result = array();
 
@@ -61 +63 @@
           foreach (array_keys($map, $iptc_key) as $pwg_key)
           {
-            // in case the origin of the photo is unsecure (user upload), we
-            // remove HTML tags to avoid XSS (malicious execution of
-            // javascript)
-            $result[$pwg_key] = strip_tags($value);
+            $result[$pwg_key] = $value;
+
+            if (!$conf['allow_html_in_metadata'])
+            {
+              // in case the origin of the photo is unsecure (user upload), we
+              // remove HTML tags to avoid XSS (malicious execution of
+              // javascript)
+              $result[$pwg_key] = strip_tags($result[$pwg_key]);
+            }
           }
         }
@@ -113 +120 @@
 function get_exif_data($filename, $map)
 {
+  global $conf;
+  
   $result = array();
 
@@ -144 +153 @@
   }
 
-  foreach ($result as $key => $value)
+  if (!$conf['allow_html_in_metadata'])
   {
-    // in case the origin of the photo is unsecure (user upload), we remove
-    // HTML tags to avoid XSS (malicious execution of javascript)
-    $result[$key] = strip_tags($value);
+    foreach ($result as $key => $value)
+    {
+      // in case the origin of the photo is unsecure (user upload), we remove
+      // HTML tags to avoid XSS (malicious execution of javascript)
+      $result[$key] = strip_tags($value);
+    }
   }