Changeset 22660 for branches/2.5/include/functions_metadata.inc.php
- Timestamp:
- May 14, 2013, 10:04:33 AM (11 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/2.5/include/functions_metadata.inc.php
r19703 r22660 31 31 function get_iptc_data($filename, $map) 32 32 { 33 global $conf; 34 33 35 $result = array(); 34 36 … … 61 63 foreach (array_keys($map, $iptc_key) as $pwg_key) 62 64 { 63 // in case the origin of the photo is unsecure (user upload), we 64 // remove HTML tags to avoid XSS (malicious execution of 65 // javascript) 66 $result[$pwg_key] = strip_tags($value); 65 $result[$pwg_key] = $value; 66 67 if (!$conf['allow_html_in_metadata']) 68 { 69 // in case the origin of the photo is unsecure (user upload), we 70 // remove HTML tags to avoid XSS (malicious execution of 71 // javascript) 72 $result[$pwg_key] = strip_tags($result[$pwg_key]); 73 } 67 74 } 68 75 } … … 113 120 function get_exif_data($filename, $map) 114 121 { 122 global $conf; 123 115 124 $result = array(); 116 125 … … 144 153 } 145 154 146 foreach ($result as $key => $value)155 if (!$conf['allow_html_in_metadata']) 147 156 { 148 // in case the origin of the photo is unsecure (user upload), we remove 149 // HTML tags to avoid XSS (malicious execution of javascript) 150 $result[$key] = strip_tags($value); 157 foreach ($result as $key => $value) 158 { 159 // in case the origin of the photo is unsecure (user upload), we remove 160 // HTML tags to avoid XSS (malicious execution of javascript) 161 $result[$key] = strip_tags($value); 162 } 151 163 } 152 164
Note: See TracChangeset
for help on using the changeset viewer.