From 419e58ec159807c29f3a036dd5abd5225c7361c5 Mon Sep 17 00:00:00 2001
From: lza_menace <lza_menace@protonmail.com>
Date: Wed, 4 Jan 2023 06:56:54 -0800
Subject: [PATCH] sanitize exif data

---
 nerochan/models.py         | 2 +-
 nerochan/routes/artwork.py | 7 ++++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/nerochan/models.py b/nerochan/models.py
index 02efafc..3590385 100644
--- a/nerochan/models.py
+++ b/nerochan/models.py
@@ -3,7 +3,7 @@ from datetime import datetime
 from secrets import token_urlsafe
 
 from flask_login import login_user
-from PIL import Image, ImageSequence, ImageFilter, ImageFont
+from PIL import Image, ImageSequence, ImageFilter
 from cv2 import VideoCapture
 
 import peewee as pw
diff --git a/nerochan/routes/artwork.py b/nerochan/routes/artwork.py
index 3034e72..8505d16 100644
--- a/nerochan/routes/artwork.py
+++ b/nerochan/routes/artwork.py
@@ -5,6 +5,7 @@ from secrets import token_urlsafe
 from flask import Blueprint, render_template, flash, redirect, url_for, request
 from flask_login import login_required, current_user
 from werkzeug.utils import secure_filename
+from PIL import Image
 
 from nerochan.forms import ConfirmTip, CreateArtwork
 from nerochan.decorators import admin_required
@@ -156,7 +157,11 @@ def create():
         f = form.content.data
         filename = secure_filename(f'{rand}-{f.filename}')
         try:
-            f.save(Path(config.DATA_PATH, 'uploads', filename))
+            image = Image.open(f)
+            data = image.getdata()
+            image_without_exif = Image.new(image.mode, image.size)
+            image_without_exif.putdata(data)
+            image_without_exif.save(Path(config.DATA_PATH, 'uploads', filename))
         except Exception as e:
             flash(f'There was an issue saving the file: {e}')
             return redirect(request.referrer)