From f5dfaa57f6cc4a980ca137a108a40caf1a98dfda Mon Sep 17 00:00:00 2001 From: Christer Edvartsen Date: Thu, 26 Dec 2013 10:54:06 +0100 Subject: [PATCH 1/2] Imbo now responds with HTTP 400 if the transformation parameter is invalid. Updated docs and tests --- docs/usage/image-transformations.rst | 4 ++- library/Imbo/Http/Request/Request.php | 8 +++++ .../ImboUnitTest/Http/Request/RequestTest.php | 35 ++++++++++++++++++- 3 files changed, 45 insertions(+), 2 deletions(-) diff --git a/docs/usage/image-transformations.rst b/docs/usage/image-transformations.rst index b8005d5dd..255a22993 100644 --- a/docs/usage/image-transformations.rst +++ b/docs/usage/image-transformations.rst @@ -5,7 +5,9 @@ Transforming images on the fly What you as an end-user of an Imbo installation will be doing most of the time, is working with images. This is what Imbo was originally made for, and this chapter includes details about all the different image transformations Imbo supports. -All image transformations can be triggered by specifying the ``t`` query parameter. This parameter must be used as an array so that you can provide several image transformations. The transformations will be applied to the image in the same order as they appear in the URL. +All image transformations can be triggered by specifying the ``t`` query parameter. This parameter must be used as an array so that you can provide several image transformations. The transformations will be applied to the image in the same order as they appear in the URL. Each element in this array represents a single transformation with optional parameters, specified as a string. If the ``t`` query parameter is not an array or if any of its elements are not strings, Imbo will respond with ``HTTP 400``. + +Below you will find all image transformations supported "out of the box", along with their parameters. Some transformations are rarely used with ``HTTP GET``, but are instead used by event listeners that transform images when they are added to Imbo (``HTTP POST``). If this is the case it will be mentioned in the description of the transformation. .. _auto-rotate-transformation: diff --git a/library/Imbo/Http/Request/Request.php b/library/Imbo/Http/Request/Request.php index da05748c7..e9bc382b9 100644 --- a/library/Imbo/Http/Request/Request.php +++ b/library/Imbo/Http/Request/Request.php @@ -115,7 +115,15 @@ public function getTransformations() { $transformations = $this->query->get('t', array()); + if (!is_array($transformations)) { + throw new InvalidArgumentException('Transformations must be specifed as an array', 400); + } + foreach ($transformations as $transformation) { + if (!is_string($transformation)) { + throw new InvalidArgumentException('Invalid transformation', 400); + } + // See if the transformation has any parameters $pos = strpos($transformation, ':'); $urlParams = ''; diff --git a/tests/ImboUnitTest/Http/Request/RequestTest.php b/tests/ImboUnitTest/Http/Request/RequestTest.php index 89cf2eb50..08d3ad9e4 100644 --- a/tests/ImboUnitTest/Http/Request/RequestTest.php +++ b/tests/ImboUnitTest/Http/Request/RequestTest.php @@ -59,7 +59,7 @@ public function testGetTransformationsWithCorrectOrder() { $request = new Request($query); $transformations = $request->getTransformations(); $this->assertEquals('flipHorizontally', $transformations[0]['name']); - $this->assertEquals('flipVertically', $transformations[1]['name']); + $this->assertEquals('flipVertically', $transformations[1]['name']); } /** @@ -172,4 +172,37 @@ public function testCanSetAndGetARoute() { $this->assertSame($this->request, $this->request->setRoute($route)); $this->assertSame($route, $this->request->getRoute()); } + + /** + * @expectedException Imbo\Exception\InvalidArgumentException + * @expectedExceptionMessage Transformations must be specifed as an array + * @expectedExceptionCode 400 + * @covers Imbo\Http\Request\Request::getTransformations + */ + public function testRequiresTransformationsToBeSpecifiedAsAnArray() { + $request = new Request(array( + 't' => 'desaturate', + )); + $request->getTransformations(); + } + + /** + * @expectedException Imbo\Exception\InvalidArgumentException + * @expectedExceptionMessage Invalid transformation + * @expectedExceptionCode 400 + * @covers Imbo\Http\Request\Request::getTransformations + */ + public function testDoesNotGenerateWarningWhenTransformationIsNotAString() { + $query = array( + 't' => array( + array( + 'flipHorizontally', + 'flipVertically', + ), + ), + ); + + $request = new Request($query); + $request->getTransformations(); + } } From f8a05ce6959bf7f4743cc5692b111a9c5e4388b4 Mon Sep 17 00:00:00 2001 From: Christer Edvartsen Date: Thu, 26 Dec 2013 11:02:03 +0100 Subject: [PATCH 2/2] Updated ChangeLog --- ChangeLog.markdown | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog.markdown b/ChangeLog.markdown index 600ad30db..aaf06d321 100644 --- a/ChangeLog.markdown +++ b/ChangeLog.markdown @@ -25,6 +25,7 @@ __N/A__ Bug fixes: +* #237: Fixed possible PHP Warnings when the transformation query parameter is invalid * #222: Some images are not correctly identified * #211: CORS event listener suppresses "405 Method not allowed" responses when enabled