UK Online Safety Regulations and impact on Forums

[Suzanne O]

/^\[url.*\[\/url\]$/si
/^http\S+$/si
/\]+)("|')?\].*\[url\]\2\[/si
/\[url=("|')?([^"'\]]+)("|')?\].*\[url=("|')?\2("|')?\]/si
/^https?:\/\/\S+\n/si
I can't seem to get this to work. Tried a new user with less than five posts, making a post with just a link in it. And it just stays as a post and doesn't go for manual moderation. Any idea why I can't get it to work?

You need to make a user group stating new users.
Then set it up in usergroup promotions

 

[Alvin63]

Ok it's done Went back to the server bot. It did say yesterday that if .png wasn't included it might create errors. So asked for new code to include .png using GD libraries. Made a new file in public_html and ran that in the brower and it worked and said exif data removed. Then deleted the file (after downloading it and saving it). Wouldn't have trusted Chat GPT code but surely the server's own bot knows what's what?

Now I just need to check it's removed everything. I've saved the code and happy to share. But this was for Hostinger, which doesn't use cpanel, so whether it would differ with other servers I don't know but presumably public_html would be the same for all servers?

Actually it's something that needs doing regardless of Ofcom.

Not sure if it's a security risk to public_html to post the code on here, but happy to share it by message if anyone wants it.

Had a quick look through the site and photos all still seem fine. Downloaded the directories again to check the exif is all removed.

Edit - nope. It had only done one directory. Code was changed to do each directory one at a time. It did remove all the exif data - but it also corrupted all the images on the forum. So restored those from a backup. So forget what I said above!

Will have to try and do it the slow way with exif tool (if I can get that working).

 

[Jeremy P]

I'm not a lawyer and this is not legal advice, but at the time of writing enabling the built-in image optimization and running the optimize tools will remove EXIF data from the images as a side-effect, though I'd caution that's not exactly its designed use-case.

 

[Alvin63]

I'm not a lawyer and this is not legal advice, but at the time of writing enabling the built-in image optimization and running the optimize tools will remove EXIF data from the images as a side-effect, though I'd caution that's not exactly its designed use-case.

Thank you. I have already managed to just remove gps location data with exiftool now (in a long, roundabout way) on the downloaded directories. I think I'll just leave it as removing GPS location for now.

I'll just add that the exiftool webpage (and even their forum) does not make it easy and couldn't get a lot of things to work, so resorted to help from AI again. Only this time it hasn't corrupted any files and the GPS data has gone.

The method I went for was to move exiftool.exe, plus it's files, inside the folder of images (on computer) and shift right click to open a command window inside the folder (so not affecting anywhere else on the computer). And used commands given by AI. Which were different syntax to those given by the exiftool web page as those didn't seem to work for me. Have checked everything and GPS location is gone and files are in tact.

Now I need to re-upload them to the server and check they're in tact on the site.

 

[eva2000]

I'm not a lawyer and this is not legal advice, but at the time of writing enabling the built-in image optimization and running the optimize tools will remove EXIF data from the images as a side-effect, though I'd caution that's not exactly its designed use-case.

add a toggle on/off for it

 

[Alvin63]

Well using exiftool has been doing my head in all week-end, so it sounds an option. I expect something will go wrong when I upload all the directories again now. Running the optimize tools converts the images to webp doesn't it? Assume they would be visible to all on all devices, as my home page images were all webp anyway?

 

[Alvin63]

My own tool uses exiftool to do the removing, I'm a bit more specific in that I only remove the location metadata with -location:all= rather than everything. You'll find however if you just go ahead and strip the data you break the attachments very quickly. They are named for the MD5 hash of the file - which would be different after the file has been edited by exiftool so really you need to update the xf_attachments_data table and rename the data file and thumbnail appropriately as I think (and it's been a while since I checked) that XF does check the hash before displaying the file - so if there is a miss-match you wont get an image shown.

You could safely use exiftool however to see if you have anything with location metadata encoded in it by running exiftool, for example lets assume you had your XF install at /var/www/forum.example.com and the directory structure is standard. You might for instance run exiftool -location:all -G -a -j /var/www/forum.example.com/internal_data/attachments/6/*.data In that example I'm just scanning one directory (6) - you'll find numbered directories in the internal_data/attachments directory - they are named for data_id of each upload. I expect if I tried to scan all the directories the argument list would be too long (best use find to process the whole lot) so it seemed silly to suggest that as an example. Anyhow that would kick out results in JSON format, which would look something like:

{
  "SourceFile": "internal_data/attachments/6/6269-4c3e3cc924b72acc7bf11357fb1546a4.data"
},
{
  "SourceFile": "internal_data/attachments/6/6270-d732e4806c17c4d635d53c30189dc383.data",
  "MakerNotes:Location": "",
  "MakerNotes:Country": "",
  "MakerNotes:State": "",
  "MakerNotes:City": "",
  "MakerNotes:Landmark": "",
  "MakerNotes:City2": ""
}

So the first file there has no location data, the second one has location data, although it's all blank in that example.

So that's a long winded way of saying, yes you can use exiftool, but you need to be careful and know what you're doing with the XF data structure.

Just re-read this! So you think my files, that I've just stripped with exiftool - might end up broken? Just thinking I had solved it This is what I did here and thought I'd got it sussed! https://xenforo.com/community/threa...ng-exiftool-for-existing-forum-images.230922/

I can't see any issues on the site (yet)... I had issues with bits leftover removing GPS so just stripped the exif instead (apart from orientation).

Also, is this correct about 2.3? (Or maybe referring to webp optimisation?)

"If exif geo location data is embedded in the image it will be removed when uploading to your server.

XenForo 2.3 does remove geo location data by default when handling uploaded images, so no add-on is necessary for that."

The addon is only for XF1

Post in thread '[WMTech] Exif Location Data Remover [Paid]'

Monday at 11:02 PM

Does this work for Xenforo 2.3? And does it strip .png as well as .jpeg? Thank you.

If exif geo location data is embedded in the image it will be removed when uploading to your server.

XenForo 2.3 does remove geo location data by default when handling uploaded images, so no add-on is necessary for that.

• wmtech

• 

.

 

[Alvin63]

You need to make a user group stating new users.
Then set it up in usergroup promotions

Is that it? Needing to set up a new usergroup for it to work with? I assumed it would just take them from newly registered members?

 

[Suzanne O]

Is that it? Needing to set up a new usergroup for it to work with? I assumed it would just take them from newly registered members?

Yep

 

[Alvin63]

Am a bit confused then. I have a secondary user group - which gets promoted from the registered members usergroup. So I thought the spam settings would apply to the registered members group - for the first five posts a member makes.

I've set it back to https* http* [url* - that works with the registered member group for the first five posts. But I realise it doesn't find sophisticated links like the code above.

 

[Mr Lucky]

So I thought the spam settings would apply to the registered members group - for the first five posts a member makes.

AFAIK user groups aren’t relevant to the spam settings.

 

[Alvin63]

Thanks. That's what I thought. It must be something else I have installed that's stopping it working. What does the code actually do? Send first 5 messages for manual moderation if they contain any link at all? But detects sophisticated link types as well?

 

[Alvin63]

I have former members signing up again now .............Not quite ready to go "live" yet but they're signing up so I can reconnect their accounts with their previous posts (via an addon of Andy B's).

Still have the odd bit of work to do. Also I still can't work out how to sort direct messages being off. I have it set "send" set to off for all users except admin. And receive set to "on" for all users.

So I could message them, and they could reply. But that's not quite enough. They need to be able to message admin or a moderator,

So other than sending everyone a welcome message on registration (which means everyone can reply to admin) I can't think how to do it. And don't really want to do that as then people keep chatting by message instead of on the forum!

Also the "envelope" being there seems to suggest to people that they can send a message.

Any ideas for the best way round this? I know there are a couple of addons but just wondering if it could be sorted with permissions and settings?

If it wasn't for needing members to be able to contact admin, I'd just want to remove direct messages, and the icon, altogether.

 

[Mr Lucky]

They need to be able to message admin or a moderator,

Set up a forum with permissions so that the registers user group can view their own thread only. Give mods permissions to view all threads in that forum. This also works well for reports;

Resource icon

Better report & admin contact

May 1, 2018

Allow members to contact admin privately, also allows report discussion with admin.

• Mr Lucky
• contact reports
• XenForo tips & guides [2.x]

 

[Alvin63]

So you mean they post in a mod thread rather than send a direct message?

 

[Mr Lucky]

So you mean they post in a mod thread rather than send a direct message?

Yes, if you want to disallow sending DMs seems like a good solution to contact mods and/or admin.

 

[Alvin63]

To be honest I'm not sure why a member would need to message admin or moderator anyway. The easiest way would be to just send a report, as that is set up to "ping" admin and moderators when a report is sent - either online or offline. However, you can't have a conversation in the report, with the member who reported if they had an issue! So maybe not.

I like the sound of the method you suggested but I'm not quite sure I understand how it works? Set up a new node? Call it "contact moderator" or something. And they just post in there? How would a moderator see it please?

 

[Mr Lucky]

However, you can't have a conversation in the report, with the member who reported if they had an issue!

Yes you can if the report goes to a forum where they have permissions, see the link to the resource guide I mentioned above.

 

[zappaDPJ]

To be honest I'm not sure why a member would need to message admin or moderator anyway.

Using a forum in the way @Mr Lucky has described is quite common in my experience. It's certainly something I've utilised on my forums. I think it provides a better way of handling a member's concerns. It allows a detailed discussion between staff and the member. It also aids transparency and consistency among staff members.

 

[zappaDPJ]

Set up a forum with permissions so that the registers user group can view their own thread only. Give mods permissions to view all threads in that forum. This also works well for reports;

Resource icon

Better report & admin contact

May 1, 2018

Allow members to contact admin privately, also allows report discussion with admin.

• Mr Lucky
• contact reports
• XenForo tips & guides [2.x]

I've just seen that. If and when I migrate my forums back to Xenforo that would prove really useful.