From bb3877af433c535f060c034e51a9d5250dbb668e Mon Sep 17 00:00:00 2001
From: "gregorius.aprisunnea" <gregorius.aprisunnea@ui.ac.id>
Date: Wed, 7 Oct 2020 23:09:42 +0700
Subject: [PATCH] add implementation of removing ExifMetadata in app/views.py
 on suntingProfile for both admin and kontributor

---
 app/views.py | 35 +++++++++++++++++++++++++++++++++--
 1 file changed, 33 insertions(+), 2 deletions(-)

diff --git a/app/views.py b/app/views.py
index 167f7c1..532239f 100644
--- a/app/views.py
+++ b/app/views.py
@@ -19,6 +19,7 @@ from django.core.paginator import Paginator, EmptyPage, PageNotAnInteger
 from administration.models import VerificationReport
 from app.forms import SuntingProfilForm, UploadMateriForm
 from app.models import Category, Comment, Materi, Like, ViewStatistics, DownloadStatistics, ReqMaterial
+from app.utils.fileManagementUtil import get_random_filename, remove_image_exifdata
 from authentication.models import User
 import django
 
@@ -340,11 +341,26 @@ class SuntingProfilView(TemplateView):
             raise PermissionDenied(request)
 
         current_user = self.request.user
+
         form = SuntingProfilForm(
             request.POST, request.FILES, instance=current_user)
         if form.is_valid():
             current_user.default_profile_picture = True
-            form.save()
+
+            # Removing exifdata from profile picture on upload
+            if request.FILES:
+                f_name = request.FILES['profile_picture'].name
+                f_name = get_random_filename(f_name)
+                f_path = settings.MEDIA_ROOT + "/" + f_name
+                request.FILES['profile_picture'].name = f_name
+
+                form = SuntingProfilForm(
+            request.POST, request.FILES, instance=current_user)
+                form.save()
+
+                remove_image_exifdata(f_path)
+            else: 
+                form.save()
             return HttpResponseRedirect("/profil/")
         else:
             context = self.get_context_data(**kwargs)
@@ -379,11 +395,26 @@ class SuntingProfilAdminView(TemplateView):
             raise PermissionDenied(request)
 
         current_user = self.request.user
+
         form = SuntingProfilForm(
             request.POST, request.FILES, instance=current_user)
         if form.is_valid():
             current_user.default_profile_picture = True
-            form.save()
+
+            # Removing exifdata from profile picture on upload
+            if request.FILES:
+                f_name = request.FILES['profile_picture'].name
+                f_name = get_random_filename(f_name)
+                f_path = settings.MEDIA_ROOT + "/" + f_name
+                request.FILES['profile_picture'].name = f_name
+
+                form = SuntingProfilForm(
+            request.POST, request.FILES, instance=current_user)
+                form.save()
+
+                remove_image_exifdata(f_path)
+            else: 
+                form.save()
             return HttpResponseRedirect("/profil-admin/")
         else:
             context = self.get_context_data(**kwargs)
-- 
GitLab