fixes #2145 deal with array value in exif

2025-04-25 19:00:03 +03:00 · 2024-04-10 12:24:24 +02:00 · 2024-04-10 12:24:24 +02:00 · 813d53b21f
commit 813d53b21f
parent acf63a700d
2 changed files with 17 additions and 3 deletions
--- a/include/functions_metadata.inc.php
+++ b/include/functions_metadata.inc.php
@ -183,11 +183,23 @@ function get_exif_data($filename, $map)

  if (!$conf['allow_html_in_metadata'])
  {
+    function strip_html_in_metadata(&$v, $k)
+    {
+      $v = strip_tags($v);
+    }
+
    foreach ($result as $key => $value)
    {
      // in case the origin of the photo is unsecure (user upload), we remove
      // HTML tags to avoid XSS (malicious execution of javascript)
-      $result[$key] = strip_tags($value);
+      if (is_array($value))
+      {
+        array_walk_recursive($value, 'strip_html_in_metadata');
+      }
+      else
+      {
+        $result[$key] = strip_tags($value);
+      }
    }
  }

--- a/include/picture_metadata.inc.php
+++ b/include/picture_metadata.inc.php
@ -34,7 +34,8 @@ if (($conf['show_exif']) and (function_exists('exif_read_data')))
    {
      if (strpos($field, ';') === false)
      {
-        if (isset($exif[$field]))
+        // template cannot deal with an array as value, we skip it
+        if (isset($exif[$field]) and !is_array($exif[$field]))
        {
          $key = $field;
          if (isset($lang['exif_field_'.$field]))
@ -47,7 +48,8 @@ if (($conf['show_exif']) and (function_exists('exif_read_data')))
      else
      {
        $tokens = explode(';', $field);
-        if (isset($exif[$field]))
+        // template cannot deal with an array as value, we skip it
+        if (isset($exif[$field]) and !is_array($exif[$field]))
        {
          $key = $tokens[1];
          if (isset($lang['exif_field_'.$key]))