Implement selective EXIF removal using FileEye/pel library

jekkos · jekkos · commit 7951d9d09c5e · 2026-03-06T10:19:35.000Z
- Add fileeye/pel dependency to composer.json for selective EXIF field removal
- Rewrite Image_lib::stripExifJpeg() to use FileEye/pel for precise field manipulation
- Add exif_to_pel_tags mapping for supported EXIF fields
- Implement removeExifFields() to selectively remove EXIF data based on config
- Keep fallback method if library is unavailable or parsing fails
- Add language strings for new configuration options
- Update migration to include Software in default fields to keep

This addresses reviewer concern about preserving copyright and other beneficial
metadata while removing privacy-sensitive fields like GPS location.
diff --git a/app/Database/Migrations/20260306120000_MigrationEXIFStrippingOptions.php b/app/Database/Migrations/20260306120000_MigrationEXIFStrippingOptions.php
@@ -24,7 +24,7 @@ public function up(): void
             ],
             [
                 'key' => 'exif_fields_to_keep',
-                'value' => 'Copyright,Orientation'
+                'value' => 'Copyright,Orientation,Software'
             ]
         ];
 
diff --git a/app/Language/en/Config.php b/app/Language/en/Config.php
@@ -328,4 +328,8 @@
     "wholesale_markup"                          => "",
     "work_order_enable"                         => "Work Order Support",
     "work_order_format"                         => "Work Order Format",
+    "exif_stripping_enabled"                    => "Enable EXIF Stripping",
+    "exif_stripping_enabled_tooltip"            => "Remove EXIF metadata from uploaded images to protect privacy. Uses FileEye/pel library for selective field removal.",
+    "exif_fields_to_keep"                       => "EXIF Fields to Keep",
+    "exif_fields_to_keep_tooltip"               => "Comma-separated list of EXIF fields to preserve (e.g., Copyright, Orientation, Software). Keeps beneficial metadata while removing privacy-sensitive data like GPS location.",
 ];
diff --git a/app/Libraries/Image_lib.php b/app/Libraries/Image_lib.php
@@ -2,9 +2,23 @@
 
 namespace App\Libraries;
 
+use lsolesen\pel\PelIfd;
+use lsolesen\pel\PelJpeg;
+use lsolesen\pel\PelTag;
+
 class Image_lib
 {
-    public function stripEXIF(string $filepath, array $fields_to_remove = []): bool
+    private array $exif_to_pel_tags = [
+        'Make' => PelTag::MAKE,
+        'Model' => PelTag::MODEL,
+        'Orientation' => PelTag::ORIENTATION,
+        'Copyright' => PelTag::COPYRIGHT,
+        'Software' => PelTag::SOFTWARE,
+        'DateTime' => PelTag::DATE_TIME,
+        'GPS' => PelTag::GPS_OFFSET,
+    ];
+
+    public function stripEXIF(string $filepath, array $fields_to_keep = []): bool
     {
         if (!file_exists($filepath)) {
             return false;
@@ -18,7 +32,7 @@ public function stripEXIF(string $filepath, array $fields_to_remove = []): bool
         }
 
         if ($mimetype === 'image/jpeg' || $mimetype === 'image/jpg') {
-            return $this->stripExifJpeg($filepath, $fields_to_remove);
+            return $this->stripExifJpeg($filepath, $fields_to_keep);
         }
 
         if ($mimetype === 'image/png') {
@@ -36,26 +50,60 @@ public function stripEXIF(string $filepath, array $fields_to_remove = []): bool
         return true;
     }
 
-    private function stripExifJpeg(string $filepath, array $fields_to_remove = []): bool
+    private function stripExifJpeg(string $filepath, array $fields_to_keep = []): bool
     {
-        if (!function_exists('exif_read_data')) {
-            return $this->stripExifFallback($filepath);
-        }
+        try {
+            $data = file_get_contents($filepath);
+            if ($data === false) {
+                return false;
+            }
 
-        $image_info = @getimagesize($filepath);
-        if ($image_info === false) {
-            return false;
-        }
+            $jpeg = new PelJpeg($data);
 
-        $image = @imagecreatefromjpeg($filepath);
-        if ($image === false) {
-            return false;
+            $exif = $jpeg->getExif();
+            if ($exif === null) {
+                return true;
+            }
+
+            $tiff = $exif->getTiff();
+            if ($tiff === null) {
+                return true;
+            }
+
+            $ifd0 = $tiff->getIfd();
+            if ($ifd0 !== null) {
+                $this->removeExifFields($ifd0, $fields_to_keep);
+
+                $subIfd = $ifd0->getSubIfd(PelTag::EXIF_IFD_POINTER);
+                if ($subIfd !== null) {
+                    $this->removeExifFields($subIfd, $fields_to_keep);
+                }
+            }
+
+            $gpsIfd = $tiff->getIfd(PelTag::GPS_IFD_POINTER);
+            if ($gpsIfd !== null && !in_array('GPS', $fields_to_keep)) {
+                $tiff->setIfd(null, PelTag::GPS_IFD_POINTER);
+            }
+
+            $jpeg->saveFile($filepath);
+            return true;
+        } catch (\Exception $e) {
+            return $this->stripExifFallback($filepath);
         }
+    }
 
-        $result = imagejpeg($image, $filepath, 100);
-        imagedestroy($image);
+    private function removeExifFields(PelIfd $ifd, array $fields_to_keep): void
+    {
+        $tags_to_remove = array_diff(array_keys($this->exif_to_pel_tags), $fields_to_keep);
 
-        return $result;
+        foreach ($tags_to_remove as $field_name) {
+            $pel_tag = $this->exif_to_pel_tags[$field_name];
+            $entry = $ifd->getEntry($pel_tag);
+
+            if ($entry !== null) {
+                $ifd->removeEntry($pel_tag);
+            }
+        }
     }
 
     private function stripExifPng(string $filepath): bool
@@ -113,18 +161,18 @@ private function stripExifFallback(string $filepath): bool
 
         $markers = [];
         $offset = 0;
-        
+
         while ($offset < strlen($content)) {
             if ($offset + 4 > strlen($content)) {
                 break;
             }
-            
+
             $marker = ord($content[$offset + 1]);
-            
+
             if (ord($content[$offset]) !== 0xFF) {
                 break;
             }
-            
+
             if ($marker >= 0xE0 && $marker <= 0xEF) {
                 $marker_len = ord($content[$offset + 2]) * 256 + ord($content[$offset + 3]);
                 $markers[] = [$offset, $marker_len + 2];
diff --git a/composer.json b/composer.json
@@ -36,6 +36,7 @@
         "codeigniter4/framework": "^4.6.3",
         "dompdf/dompdf": "^2.0.3",
         "ezyang/htmlpurifier": "^4.17",
+        "fileeye/pel": "^0.9",
         "laminas/laminas-escaper": "2.17.0",
         "paragonie/random_compat": "^2.0.21",
         "picqer/php-barcode-generator": "^2.4.0",

Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,7 @@ public function up(): void`
`24`	`24`	`],`
`25`	`25`	`[`
`26`	`26`	`'key' => 'exif_fields_to_keep',`
`27`		`- 'value' => 'Copyright,Orientation'`
	`27`	`+ 'value' => 'Copyright,Orientation,Software'`
`28`	`28`	`]`
`29`	`29`	`];`
`30`	`30`