Skip to content

Commit ec9a984

Browse files
petersirkapetersirka
committed
Fix problem with Image.stream() and Image.pipe().
1 parent f94a889 commit ec9a984

1 file changed

Lines changed: 11 additions & 24 deletions

File tree

image.js

Lines changed: 11 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@
2121

2222
/**
2323
* @module FrameworkImage
24-
* @version 2.3.0
24+
* @version 2.4.0
2525
*/
2626

2727
'use strict';
@@ -34,6 +34,7 @@ const Fs = require('fs');
3434
const REGEXP_SVG = /(width=\"\d+\")+|(height=\"\d+\")+/g;
3535
const REGEXP_PATH = /\//g;
3636
const REGEXP_ARG = /\'/g;
37+
const REGEXP_ESCAPE = /\$\(.*?\)|\'/g;
3738

3839
var CACHE = {};
3940
var middlewares = {};
@@ -303,9 +304,8 @@ Image.prototype.stream = function(type, writer) {
303304
if (!type)
304305
type = self.outputType;
305306

306-
// Possible vulnerability with self.filename.
307-
// WTF?? I don't know why, but wrap(self.filename) doesn't work with spawn() - but it works with exec() and with another spawn in image.pipe()
308-
var cmd = spawn(self.isIM ? 'convert' : 'gm', self.arg(self.filename ? self.filename : '-', (type ? type + ':' : '') + '-'));
307+
var cmd = spawn(self.isIM ? 'convert' : 'gm', self.arg(self.filename ? wrap(self.filename) : '-', (type ? type + ':' : '') + '-'));
308+
309309
if (self.currentStream) {
310310
if (self.currentStream instanceof Buffer)
311311
cmd.stdin.end(self.currentStream);
@@ -314,12 +314,8 @@ Image.prototype.stream = function(type, writer) {
314314
}
315315

316316
writer && writer(cmd.stdin);
317-
318317
var middleware = middlewares[type];
319-
if (!middleware)
320-
return cmd.stdout;
321-
322-
return cmd.stdout.pipe(middleware());
318+
return middleware ? cmd.stdout.pipe(middleware()) : cmd.stdout;
323319
};
324320

325321
Image.prototype.cmd = function(filenameFrom, filenameTo) {
@@ -394,9 +390,9 @@ Image.prototype.push = function(key, value, priority, encode) {
394390

395391
if (value != null) {
396392
if (encode && typeof(value) === 'string')
397-
cmd += wrap(value, true);
393+
cmd += ' "' + value.replace(REGEXP_ESCAPE, '') + '"';
398394
else
399-
cmd += framework.isWindows ? ' "' + value + '"' : ' \'' + value + '\'';
395+
cmd += ' ' + value;
400396
}
401397

402398
var obj = CACHE[cmd];
@@ -630,11 +626,11 @@ Image.prototype.flop = function() {
630626
};
631627

632628
Image.prototype.minify = function() {
633-
return this.push('+profile', '*');
629+
return this.push('+profile', '*', null, 10, true);
634630
};
635631

636632
Image.prototype.grayscale = function() {
637-
return this.push('-colorspace', 'Gray', 10);
633+
return this.push('-colorspace', 'Gray', 10, true);
638634
};
639635

640636
Image.prototype.bitdepth = function(value) {
@@ -658,7 +654,7 @@ Image.prototype.sepia = function() {
658654
};
659655

660656
Image.prototype.watermark = function(filename, x, y, w, h) {
661-
return this.push('-draw', 'image over {1},{2} {3},{4} \'{0}\''.format(filename, x || 0, y || 0, w || 0, h || 0), 6);
657+
return this.push('-draw', 'image over {1},{2} {3},{4} \'{0}\''.format(filename, x || 0, y || 0, w || 0, h || 0), 6, true);
662658
};
663659

664660
Image.prototype.make = function(fn) {
@@ -671,16 +667,7 @@ Image.prototype.command = function(key, value, priority, esc) {
671667
};
672668

673669
function wrap(command, empty) {
674-
var cmd = '';
675-
if (framework.isWindows) {
676-
for (var i = 0, length = command.length; i < length; i++)
677-
cmd += command[i] === '\"' ? '\'' : command[i];
678-
return (empty ? ' ' : '') + '"' + cmd + '"';
679-
} else {
680-
for (var i = 0, length = command.length; i < length; i++)
681-
cmd += command[i] === '\'' ? '"' : command[i];
682-
return (empty ? ' ' : '') + '\'' + cmd + '\'';
683-
}
670+
return (empty ? ' ' : '') + command.replace(REGEXP_ESCAPE, '');
684671
}
685672

686673
exports.Image = Image;

0 commit comments

Comments
 (0)