From 01bb0b12298137a18f3f87679ee4c026a6185b9c Mon Sep 17 00:00:00 2001
From: = <mcdeweykp@gmail.com>
Date: Thu, 3 Oct 2024 12:45:03 -0400
Subject: [PATCH 1/2] Strip EXIF data to secure photo location

---
 .../web/routes/api/crafty/upload/index.py        | 16 ++++++++++++++++
 requirements.txt                                 |  1 +
 2 files changed, 17 insertions(+)

diff --git a/app/classes/web/routes/api/crafty/upload/index.py b/app/classes/web/routes/api/crafty/upload/index.py
index b37ef796..e1500792 100644
--- a/app/classes/web/routes/api/crafty/upload/index.py
+++ b/app/classes/web/routes/api/crafty/upload/index.py
@@ -1,6 +1,7 @@
 import os
 import logging
 import shutil
+from PIL import Image
 from app.classes.models.server_permissions import EnumPermissionsServer
 from app.classes.shared.helpers import Helpers
 from app.classes.web.base_api_handler import BaseApiHandler
@@ -281,6 +282,21 @@ class ApiFilesUploadHandler(BaseApiHandler):
                     with open(chunk_file, "rb") as infile:
                         outfile.write(infile.read())
                     os.remove(chunk_file)
+            if upload_type == "background":
+                # Strip EXIF data
+                image_path = os.path.join(file_path)
+                logger.debug("Stripping exif data from image")
+                image = Image.open(image_path)
+
+                # Get current raw pixel data from image
+                image_data = list(image.getdata())
+                # Create new image
+                image_no_exif = Image.new(image.mode, image.size)
+                # Restore pixel data
+                image_no_exif.putdata(image_data)
+
+                image_no_exif.save(image_path)
+
             logger.info(
                 f"File upload completed. Filename: {self.filename}"
                 f" Path: {file_path} Type: {u_type}"
diff --git a/requirements.txt b/requirements.txt
index 2ca0ff8b..743da0a8 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -20,3 +20,4 @@ tzlocal==5.1
 jsonschema==4.19.1
 orjson==3.9.15
 prometheus-client==0.17.1
+pillow==10.4.0
\ No newline at end of file

From 0b20c4f9db325bcdd9157064914a0fa3b2030b56 Mon Sep 17 00:00:00 2001
From: Zedifus <zedifus@zediverse.gg>
Date: Sun, 19 Jan 2025 17:42:14 +0000
Subject: [PATCH 2/2] Update changelog !805

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 549abca5..25a5b3e1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@ TBD
 - Bump requests to resolve yank for CVE-2024-35195 ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/808))
 - Better handle malformed mcping data ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/799))
 ### Tweaks
+- Remove EXIF image data on app Background Photos ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/805))
 - Bump Docker base image `22.04` -> `24.04` ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/812))
 - Bump python pip `2.0.3` -> `24.3.1` ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/812))
 - Bump python setuptools `50.3.2` -> `75.6.0` ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/812))