Tighten 'extract' parameter validation lovell#158

lovell · lovell · commit e5a5e2ca7e06 · 2015-01-29T22:46:04.000Z
diff --git a/index.js b/index.js
@@ -142,7 +142,11 @@ Sharp.prototype.extract = function(topOffset, leftOffset, width, height) {
   var suffix = this.options.width === -1 && this.options.height === -1 ? 'Pre' : 'Post';
   var values = arguments;
   ['topOffset', 'leftOffset', 'width', 'height'].forEach(function(name, index) {
-    this.options[name + suffix] = values[index];
+    if (typeof values[index] === 'number' && !Number.isNaN(values[index]) && (values[index] % 1 === 0) && values[index] >= 0) {
+      this.options[name + suffix] = values[index];
+    } else {
+      throw new Error('Non-integer value for ' + name + ' of ' + values[index]);
+    }
   }.bind(this));
   // Ensure existing rotation occurs before pre-resize extraction
   if (suffix === 'Pre' && this.options.angle !== 0) {
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "sharp",
-  "version": "0.9.0",
+  "version": "0.9.1",
   "author": "Lovell Fuller <npm@lovell.info>",
   "contributors": [
     "Pierre Inglebert <pierre.inglebert@gmail.com>",
@@ -34,7 +34,7 @@
     "vips"
   ],
   "dependencies": {
-    "bluebird": "^2.8.2",
+    "bluebird": "^2.9.3",
     "color": "^0.7.3",
     "nan": "^1.5.1",
     "semver": "^4.2.0"
diff --git a/test/unit/extract.js b/test/unit/extract.js
@@ -116,4 +116,62 @@ describe('Partial image extraction', function() {
       });
   });
 
+  describe('Invalid parameters', function() {
+
+    it('Undefined', function(done) {
+      var isValid = true;
+      try {
+        sharp(fixtures.inputJpg).extract();
+      } catch (err) {
+        isValid = false;
+      }
+      assert.strictEqual(false, isValid);
+      done();
+    });
+
+    it('String top', function(done) {
+      var isValid = true;
+      try {
+        sharp(fixtures.inputJpg).extract('spoons', 10, 10, 10);
+      } catch (err) {
+        isValid = false;
+      }
+      assert.strictEqual(false, isValid);
+      done();
+    });
+
+    it('Non-integral left', function(done) {
+      var isValid = true;
+      try {
+        sharp(fixtures.inputJpg).extract(10, 10.2, 10, 10);
+      } catch (err) {
+        isValid = false;
+      }
+      assert.strictEqual(false, isValid);
+      done();
+    });
+
+    it('Negative width - negative', function(done) {
+      var isValid = true;
+      try {
+        sharp(fixtures.inputJpg).extract(10, 10, -10, 10);
+      } catch (err) {
+        isValid = false;
+      }
+      assert.strictEqual(false, isValid);
+      done();
+    });
+
+    it('Null height', function(done) {
+      var isValid = true;
+      try {
+        sharp(fixtures.inputJpg).extract(10, 10, 10, null);
+      } catch (err) {
+        isValid = false;
+      }
+      assert.strictEqual(false, isValid);
+      done();
+    });
+
+  });
 });
