Moodle 4.5 introduces many new features which we’ll be covering in the forthcoming report out of the 2025 Winter Hack/Doc Fest. Here, I’m going to highlight one in particular: image redaction. This is a new security feature that will automatically strip out geolocation data from uploaded images. It’s important that you configure it correctly, because at the moment there’s a bug that could cause many images that have a portrait orientation to display in landscape.
Exif and GPS data
Exif is a metadata standard implemented by images. You can specify a dizzying array of information, but we’re concerned here with just a few fields: geographic coordinates, image width and height, and orientation. When smartphones take images they include latitude and longitude unless you disable that behavior on your phone. For example, here’s a photo I took from the rear of the California Zephyr in 2018:
My notes say that I took it in Utah. The encoded GPS information says that I took in near Mt. Elliott, about twenty miles northwest of Green River. Here’s what that data looks like:
GPS Altitude : 1419 m Above Sea Level GPS Date/Time : 2018:10:21 00:14:56Z GPS Latitude : 39 deg 9' 39.62" N GPS Longitude : 110 deg 20' 33.62" W GPS Position : 39 deg 9' 39.62" N, 110 deg 20' 33.62" W
This is pretty useful for knowing where I when I took this! This might be less useful if I’d taken this picture somewhere private–say from a dorm room when I’m uploading an assignment to Moodle. Location data can be a major privacy risk if disclosed inadvertently.
Exif and Orientation
Another use of Exif data is to store the width and height of the image and its orientation (portrait or landscape). Some smartphones, particularly the iPhones we tested at Hack/Doc, store all images in the landscape format but then set the orientation to indicate that they should be displayed in portrait mode:
Orientation : Rotate 90 CW Image Width : 5712 Image Height : 4284 Image Size : 5712x4284
An image with the width greater than the height would imply landscape except that Orientation is set to “Rotate 90 CW”: rotate ninety degrees clockwise. When you view that image, you’ll see it in portrait mode so long as the browser or image software respects that Exif data.
Redaction
Moodle 4.5 adds a new feature called EXIF remover to strip out GPS information. It’s located in Site administration > Server > File redaction > EXIF remover. If you’re installing a new 4.5 instance it’s enabled by default; if you’re upgrading an existing instance to Moodle 4.5 it’s off by default and you have to choose to turn it on. By default, it uses the GD library to reprocess the image. GD doesn’t have special features for managing Exif metadata; GD will removeĀ all fields, including Orientation! That’s undesirable at best, and probably a bug (see MDL-84128).
Moodle HQ doesn’t recommend running this way and CLAMP doesn’t either. The recommended approach is to install exiftool on your server and configure your Moodle instance to use it. Exiftool is a common command-line application; it’s available for Windows and Mac and most Linux distributions. I used it to extract the Exif examples in this post. Once you’ve installed it (or your hosting provider has), you need to configure the path in Site administration. Below is an example of a working configuration:
Exiftool will output a new image with the given Exif tags removed but won’t change anything else. I assume that the GD option was provided as a fallback since it doesn’t require new external tools or new PHP libraries, but I don’t think it should be enabled by default because of the real possibility that it breaks image uploads from smartphones.