Fixes disclosing of image geo-location and privacy data

vtlib/Vtiger/Functions.php

@@ -662,10 +662,18 @@ class Vtiger_Functions {
 		//metadata check
 		$shortTagSupported = ini_get('short_open_tag') ? true : false;
 		if ($saveimage == 'true') {
-			$exifdata = exif_read_data($file_details['tmp_name']);
-			if ($exifdata && !self::validateImageMetadata($exifdata, $shortTagSupported)) {
-				$saveimage = 'false';
-			}
+			$tmpFileName = $file_details['tmp_name'];
+			if($file_details['type'] == 'image/jpeg' || $file_details['type'] == 'image/tiff') {
+				$exifdata = @exif_read_data($file_details['tmp_name']);
+				if($exifdata && !self::validateImageMetadata($exifdata, $shortTagSupported)) {
+					$saveimage = 'false';
+                                }
+                                //131225968::remove sensitive information(like,GPS or camera information) from the image
+                                if(($saveimage == 'true' ) && ($file_details['type'] == 'image/jpeg' ) && extension_loaded('gd') && function_exists('gd_info')) {
+                                        $img = imagecreatefromjpeg($tmpFileName);
+                                        imagejpeg ($img, $tmpFileName);
+                                }
+				}
 		}
 
 		// Check for php code injection