NV Exif Data

All new MODs released in our MOD Database will be announced in here. All support for released MODs needs to take place in the Customisations Database.
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

NOTICE: This forum is only for the announcement of new releases and/or updates of MODs. Any MOD support should be obtained through the Customisations Database in the support area designated for each MOD.

A direct link to support for each MOD is in the first post of the respective topic.
Wookie1664
Registered User
Posts: 65
Joined: Mon Jul 07, 2008 12:19 pm

Re: NV Exif Data

Post by Wookie1664 »

GoBieN,

Where do we put that code? And many thanks for spotting it !

Wookie
User avatar
GoBieN
Registered User
Posts: 546
Joined: Fri Mar 05, 2004 5:22 pm
Location: Belgium
Contact:

Re: NV Exif Data

Post by GoBieN »

The code block is inside includes/functions_content.php
It is 2 times present, so change it 2 times !
In the original mod it shows like this:

Code: Select all

                  $block_array += array(
                     'EXIF_DATE'         => $exif_date,
                     'EXIF_FOCAL'      => $exif_focal,
                     'EXIF_EXPOSURE'      => $exif_exposure,
                     'EXIF_APERTURE'      => $exif_aperture,
                     'EXIF_ISO'         => $exif_iso,
                     'EXIF_FLASH'      => $exif_flash,

                     'WHITEB'      => $exif_whitebalance,
                     'CAM_MODEL'      => $exif_model,
                     'S_EXIF_DATA'   => true,
change it to:

Code: Select all

                  $block_array += array(
                     'EXIF_DATE'         => htmlspecialchars($exif_date),
                     'EXIF_FOCAL'      => htmlspecialchars($exif_focal),
                     'EXIF_EXPOSURE'      => htmlspecialchars($exif_exposure),
                     'EXIF_APERTURE'      => htmlspecialchars($exif_aperture),
                     'EXIF_ISO'         => htmlspecialchars($exif_iso),
                     'EXIF_FLASH'      => htmlspecialchars($exif_flash),

                     'WHITEB'      => htmlspecialchars($exif_whitebalance),
                     'CAM_MODEL'      => htmlspecialchars($exif_model),
                     'S_EXIF_DATA'   => true,
   
I spotted this because on one of my pictures the model would'nt show, i looked inside the HTML source and saw the reason. The model was formatted like this: <Digimax V700>. I wouldn't show because the browser tought it was HTML code. If the model would have been <script>alert('NOT SAFE');</script> this would have been executed and a box stating NOT SAFE would have shown itself. Simple proof of concept, but this could be easily abused.
User avatar
GoBieN
Registered User
Posts: 546
Joined: Fri Mar 05, 2004 5:22 pm
Location: Belgium
Contact:

Re: NV Exif Data

Post by GoBieN »

I just made a proof of concept and discovered someting.
If in ACP of phpBB3 "Check attachment files" is set to YES then the upload will be denied.
The upload was rejected because the uploaded file was identified as a possible attack vector.
If set to NO then the upload is ok and my proof of concept works.
Screenshot:
http://www.camino-tuning.be/phpBB3/docs ... oncept.jpg
Mailicious image file (to test for yourself):
**** REMOVED *** until resolved by mod author/phpbb security team

EDIT: I removed the link to the image that had test code inside it, until this is resolved. I submitted an issue in the security tracker of nickvergessen and phpBB.
User avatar
nickvergessen
Former Team Member
Posts: 4397
Joined: Mon Apr 30, 2007 5:33 pm
Location: Stuttgart, Germany
Name: Joas Schilling
Contact:

Re: NV Exif Data

Post by nickvergessen »

i can't submit the update right now.
There is current already a version of your Modification in the queue, submitted at Sun 03.08.2008 08:50, and the Modification team has already looked at your Modification. To prevent you submit updates while we already did the validation you cant submit an update.
:roll:

so here is the update.xml:
http://code.bantux.de/svn/nv-exif-data/ ... update.xml

if there are more points mentioned from the MOD-DB-Team, I'll make a new version 1.0.2 which contains updates from 1.0.0 and 1.0.1.
No Support via PM
updown
Registered User
Posts: 542
Joined: Sat Jan 05, 2008 6:53 am

Re: NV Exif Data

Post by updown »

nickvergessen wrote:
updown wrote:I made an '@'-"solution" again before $timestamp :roll:
I'll change it.
but, what's your limit about mktime? It works fine for me!
I updated the newest version, but the problem still exists on one specific picture (untill now) - the rest works fine.

I think it has nothing to do with the mktime-function itself, there seems to be a wrong string given from the EXIF-time from this one picture itself. For example when no date is given, instead a string like "no date", so the mktime-function cannot work - is this theory possible? Is this fixable?

If not, I'll leave my ' @ ' - does a good job :lol:
User avatar
nickvergessen
Former Team Member
Posts: 4397
Joined: Mon Apr 30, 2007 5:33 pm
Location: Stuttgart, Germany
Name: Joas Schilling
Contact:

Re: NV Exif Data

Post by nickvergessen »

updown wrote:is this theory possible?
hm, now when you told it, this may be.
could you provide me the file?
No Support via PM
319
Registered User
Posts: 144
Joined: Fri Dec 21, 2007 12:47 am
Contact:

Re: NV Exif Data

Post by 319 »

any demo-screenshots?
User avatar
GoBieN
Registered User
Posts: 546
Joined: Fri Mar 05, 2004 5:22 pm
Location: Belgium
Contact:

Re: NV Exif Data

Post by GoBieN »

If you go a page back you can find a link to a live board with an example topic.
User avatar
nickvergessen
Former Team Member
Posts: 4397
Joined: Mon Apr 30, 2007 5:33 pm
Location: Stuttgart, Germany
Name: Joas Schilling
Contact:

Re: NV Exif Data

Post by nickvergessen »

No Support via PM
319
Registered User
Posts: 144
Joined: Fri Dec 21, 2007 12:47 am
Contact:

Re: NV Exif Data

Post by 319 »

thanx
User avatar
nickvergessen
Former Team Member
Posts: 4397
Joined: Mon Apr 30, 2007 5:33 pm
Location: Stuttgart, Germany
Name: Joas Schilling
Contact:

Re: NV Exif Data

Post by nickvergessen »

Update 1.0.2 is submitted to the db. :ugeek:
If you can't wait for the MOD-Validators:
http://www.flying-bits.org/viewtopic.php?f=66&t=555
No Support via PM
Wookie1664
Registered User
Posts: 65
Joined: Mon Jul 07, 2008 12:19 pm

Re: NV Exif Data

Post by Wookie1664 »

Whats changed in this version Nick?

Regards

Wookie
User avatar
nickvergessen
Former Team Member
Posts: 4397
Joined: Mon Apr 30, 2007 5:33 pm
Location: Stuttgart, Germany
Name: Joas Schilling
Contact:

Re: NV Exif Data

Post by nickvergessen »

[Fix] WhiteBalance
[Add] Exposure bias, Exposure program & Metering mode
[Fix] Some language-errors
No Support via PM
User avatar
*Capmaster*
Registered User
Posts: 159
Joined: Tue Mar 20, 2007 5:00 pm
Location: Albuquerque, NM
Contact:

Re: NV Exif Data

Post by *Capmaster* »

Nice mod. I did have to change "Focus Length" to "Focal Length" in the language php file. Focus and focal are two different animals ;)

Right now I'm looking at a way to add a radio button for the UCP display options to turn it off, for users who don't give a whit about EXIF data. Otherwise it just makes the posts too lengthy.

I'm also looking at a way to modify it to appear only in certain forums. We have a still photography forum where it would be appropriate, but not necessarily in the busy general discussion forums.
User avatar
GoBieN
Registered User
Posts: 546
Joined: Fri Mar 05, 2004 5:22 pm
Location: Belgium
Contact:

Re: NV Exif Data

Post by GoBieN »

*Capmaster* wrote:Nice mod. I did have to change "Focus Length" to "Focal Length" in the language php file. Focus and focal are two different animals ;)

Right now I'm looking at a way to add a radio button for the UCP display options to turn it off, for users who don't give a whit about EXIF data. Otherwise it just makes the posts too lengthy.

I'm also looking at a way to modify it to appear only in certain forums. We have a still photography forum where it would be appropriate, but not necessarily in the busy general discussion forums.
The focal length has indead been mentioned in this topic.
Also i changed the template edits to a javascript hideable DiV.

Live Example: http://www.camino-tuning.be/opmerkingen ... 23687.html
Below the picture is the sentence, EXIF-Data, if you click show/hide the DIV pops up.
I like that solution, if you like it to, here you can read how i did it:
http://www.phpbb.com/community/viewtopi ... 5#p6589515
Locked

Return to “[3.0.x] MOD Database Releases”