Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
+11 votes
565 views
in Plugins by
edited by

I got a request from a security team about uploaded images.

They asked whether it is possible to clean out uploaded images from personal information.

When a user uploads an image, the uploaded image’s EXIF Geo location Data does not get stripped. As a result, anyone can get sensitive information of users like their Geo-location, their Device information like Device Name, Version, Software & Software version used, etc.

Is there any way to process uploaded images and exclude such information from it?

p.s. you can use https://exifdata.com/ to read meta data of image.

Q2A version: 1.8.6
by
Does the security team have PHP compiled with the GD library?

1 Answer

+2 votes
by
selected by
 
Best answer

Q2A seems to be using imagecreatefromstring() for converting uploaded image data back to actual images. To my knowledge that function does not preserve EXIF data, and Q2A also doesn't seem to restore EXIF information from the uploaded data.

by
+1
thanks, you are right, they uploaded image as a link (not as a image). That is I believe different case so all is good.
Thank you very much!
by
Useful information , thank you all .✋
...