add checking and limits for the worksheet

xuri · xuri · commit 324f87bcaed9 · 2020-09-18T22:20:58.000+08:00
diff --git a/col.go b/col.go
@@ -444,6 +444,9 @@ func (f *File) SetColWidth(sheet, startcol, endcol string, width float64) error
 	if err != nil {
 		return err
 	}
+	if width > MaxColumnWidth {
+		return errors.New("the width of the column must be smaller than or equal to 255 characters")
+	}
 	if min > max {
 		min, max = max, min
 	}
diff --git a/col_test.go b/col_test.go
@@ -236,6 +236,8 @@ func TestOutlineLevel(t *testing.T) {
 	assert.EqualError(t, err, "sheet Shee2 is not exist")
 
 	assert.NoError(t, f.SetColWidth("Sheet2", "A", "D", 13))
+	assert.EqualError(t, f.SetColWidth("Sheet2", "A", "D", MaxColumnWidth+1), "the width of the column must be smaller than or equal to 255 characters")
+
 	assert.NoError(t, f.SetColOutlineLevel("Sheet2", "B", 2))
 	assert.NoError(t, f.SetRowOutlineLevel("Sheet1", 2, 7))
 	assert.EqualError(t, f.SetColOutlineLevel("Sheet1", "D", 8), "invalid outline level")
diff --git a/file.go b/file.go
@@ -65,7 +65,7 @@ func (f *File) Save() error {
 // SaveAs provides a function to create or update to an xlsx file at the
 // provided path.
 func (f *File) SaveAs(name string, opt ...Options) error {
-	if len(name) > FileNameLength {
+	if len(name) > MaxFileNameLength {
 		return errors.New("file name length exceeds maximum limit")
 	}
 	file, err := os.OpenFile(name, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0666)
diff --git a/rows.go b/rows.go
@@ -225,7 +225,9 @@ func (f *File) SetRowHeight(sheet string, row int, height float64) error {
 	if row < 1 {
 		return newInvalidRowNumberError(row)
 	}
-
+	if height > MaxRowHeight {
+		return errors.New("the height of the row must be smaller than or equal to 409 points")
+	}
 	xlsx, err := f.workSheetReader(sheet)
 	if err != nil {
 		return err
diff --git a/rows_test.go b/rows_test.go
@@ -91,40 +91,38 @@ func TestRowsError(t *testing.T) {
 }
 
 func TestRowHeight(t *testing.T) {
-	xlsx := NewFile()
-	sheet1 := xlsx.GetSheetName(0)
+	f := NewFile()
+	sheet1 := f.GetSheetName(0)
 
-	assert.EqualError(t, xlsx.SetRowHeight(sheet1, 0, defaultRowHeightPixels+1.0), "invalid row number 0")
+	assert.EqualError(t, f.SetRowHeight(sheet1, 0, defaultRowHeightPixels+1.0), "invalid row number 0")
 
-	_, err := xlsx.GetRowHeight("Sheet1", 0)
+	_, err := f.GetRowHeight("Sheet1", 0)
 	assert.EqualError(t, err, "invalid row number 0")
 
-	assert.NoError(t, xlsx.SetRowHeight(sheet1, 1, 111.0))
-	height, err := xlsx.GetRowHeight(sheet1, 1)
+	assert.NoError(t, f.SetRowHeight(sheet1, 1, 111.0))
+	height, err := f.GetRowHeight(sheet1, 1)
 	assert.NoError(t, err)
 	assert.Equal(t, 111.0, height)
 
-	assert.NoError(t, xlsx.SetRowHeight(sheet1, 4, 444.0))
-	height, err = xlsx.GetRowHeight(sheet1, 4)
-	assert.NoError(t, err)
-	assert.Equal(t, 444.0, height)
+	// Test set row height overflow max row height limit.
+	assert.EqualError(t, f.SetRowHeight(sheet1, 4, MaxRowHeight+1), "the height of the row must be smaller than or equal to 409 points")
 
 	// Test get row height that rows index over exists rows.
-	height, err = xlsx.GetRowHeight(sheet1, 5)
+	height, err = f.GetRowHeight(sheet1, 5)
 	assert.NoError(t, err)
 	assert.Equal(t, defaultRowHeight, height)
 
 	// Test get row height that rows heights haven't changed.
-	height, err = xlsx.GetRowHeight(sheet1, 3)
+	height, err = f.GetRowHeight(sheet1, 3)
 	assert.NoError(t, err)
 	assert.Equal(t, defaultRowHeight, height)
 
 	// Test set and get row height on not exists worksheet.
-	assert.EqualError(t, xlsx.SetRowHeight("SheetN", 1, 111.0), "sheet SheetN is not exist")
-	_, err = xlsx.GetRowHeight("SheetN", 3)
+	assert.EqualError(t, f.SetRowHeight("SheetN", 1, 111.0), "sheet SheetN is not exist")
+	_, err = f.GetRowHeight("SheetN", 3)
 	assert.EqualError(t, err, "sheet SheetN is not exist")
 
-	err = xlsx.SaveAs(filepath.Join("test", "TestRowHeight.xlsx"))
+	err = f.SaveAs(filepath.Join("test", "TestRowHeight.xlsx"))
 	if !assert.NoError(t, err) {
 		t.FailNow()
 	}
diff --git a/styles.go b/styles.go
@@ -1037,10 +1037,26 @@ func (f *File) sharedStringsWriter() {
 
 // parseFormatStyleSet provides a function to parse the format settings of the
 // cells and conditional formats.
-func parseFormatStyleSet(style string) (*Style, error) {
-	format := Style{}
-	err := json.Unmarshal([]byte(style), &format)
-	return &format, err
+func parseFormatStyleSet(style interface{}) (*Style, error) {
+	fs := Style{}
+	var err error
+	switch v := style.(type) {
+	case string:
+		err = json.Unmarshal([]byte(v), &fs)
+	case *Style:
+		fs = *v
+	default:
+		err = errors.New("invalid parameter type")
+	}
+	if fs.Font != nil {
+		if len(fs.Font.Family) > MaxFontFamilyLength {
+			return &fs, errors.New("the length of the font family name must be smaller than or equal to 31")
+		}
+		if fs.Font.Size > MaxFontSize {
+			return &fs, errors.New("font size must be between 1 and 409 points")
+		}
+	}
+	return &fs, err
 }
 
 // NewStyle provides a function to create the style for cells by given JSON or
@@ -1909,16 +1925,9 @@ func (f *File) NewStyle(style interface{}) (int, error) {
 	var fs *Style
 	var err error
 	var cellXfsID, fontID, borderID, fillID int
-	switch v := style.(type) {
-	case string:
-		fs, err = parseFormatStyleSet(v)
-		if err != nil {
-			return cellXfsID, err
-		}
-	case *Style:
-		fs = v
-	default:
-		return cellXfsID, errors.New("invalid parameter type")
+	fs, err = parseFormatStyleSet(style)
+	if err != nil {
+		return cellXfsID, err
 	}
 	if fs.DecimalPlaces == 0 {
 		fs.DecimalPlaces = 2
diff --git a/styles_test.go b/styles_test.go
@@ -3,6 +3,7 @@ package excelize
 import (
 	"fmt"
 	"path/filepath"
+	"strings"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -200,6 +201,10 @@ func TestNewStyle(t *testing.T) {
 	assert.NoError(t, err)
 	_, err = f.NewStyle(Style{})
 	assert.EqualError(t, err, "invalid parameter type")
+	_, err = f.NewStyle(&Style{Font: &Font{Family: strings.Repeat("s", MaxFontFamilyLength+1)}})
+	assert.EqualError(t, err, "the length of the font family name must be smaller than or equal to 31")
+	_, err = f.NewStyle(&Style{Font: &Font{Size: MaxFontSize + 1}})
+	assert.EqualError(t, err, "font size must be between 1 and 409 points")
 }
 
 func TestGetDefaultFont(t *testing.T) {
diff --git a/xmlDrawing.go b/xmlDrawing.go
@@ -89,7 +89,11 @@ const (
 
 // Excel specifications and limits
 const (
-	FileNameLength       = 207
+	MaxFontFamilyLength  = 31
+	MaxFontSize          = 409
+	MaxFileNameLength    = 207
+	MaxColumnWidth       = 255
+	MaxRowHeight         = 409
 	TotalRows            = 1048576
 	TotalColumns         = 16384
 	TotalSheetHyperlinks = 65529

Original file line number	Diff line number	Diff line change
`@@ -444,6 +444,9 @@ func (f *File) SetColWidth(sheet, startcol, endcol string, width float64) error`
`444`	`444`	`if err != nil {`
`445`	`445`	`return err`
`446`	`446`	`}`
	`447`	`+ if width > MaxColumnWidth {`
	`448`	`+ return errors.New("the width of the column must be smaller than or equal to 255 characters")`
	`449`	`+ }`
`447`	`450`	`if min > max {`
`448`	`451`	`min, max = max, min`
`449`	`452`	`}`
Original file line number	Diff line number	Diff line change
`@@ -65,7 +65,7 @@ func (f *File) Save() error {`
`65`	`65`	`// SaveAs provides a function to create or update to an xlsx file at the`
`66`	`66`	`// provided path.`
`67`	`67`	`func (f *File) SaveAs(name string, opt ...Options) error {`
`68`		`- if len(name) > FileNameLength {`
	`68`	`+ if len(name) > MaxFileNameLength {`
`69`	`69`	`return errors.New("file name length exceeds maximum limit")`
`70`	`70`	`}`
`71`	`71`	`file, err := os.OpenFile(name, os.O_WRONLY\|os.O_TRUNC\|os.O_CREATE, 0666)`