diff --git a/website/sites/all/modules/contrib/epsacrop/epsacrop.module b/website/sites/all/modules/contrib/epsacrop/epsacrop.module
index 758a9d1..1649f8e 100755
--- a/website/sites/all/modules/contrib/epsacrop/epsacrop.module
+++ b/website/sites/all/modules/contrib/epsacrop/epsacrop.module
@@ -954,7 +954,24 @@ function _epsacrop_add_file($fid, $coords) {
  * @param array $coords
  * @return void
  */
-function _epsacrop_save_coords($fid, $coords) {
+function _epsacrop_save_coords($fid, $coords) {// Check fid is for a valid file.
+  if ($file = file_load($fid)) {
+
+    $coords_data = drupal_json_decode($coords);
+
+    // We don't know the field so assume there is only one item in the array.
+    $field_coords = array_shift($coords_data[$fid]);
+
+    // Check we have coordinates passed and that they are not larger than the image.
+    if (!empty($field_coords) && (
+        $field_coords['x'] <= 0
+        || $field_coords['y'] <= 0
+        || $field_coords['x2'] >= $file->width
+        || $field_coords['y2'] >= $file->height
+      )) {
+      return FALSE;
+    }
+
   $affected = db_update('epsacrop_files')
     ->fields(array(
       'coords' => serialize($coords)
@@ -967,6 +984,7 @@ function _epsacrop_save_coords($fid, $coords) {
   }
 
   image_path_flush(_epsacrop_get_uri_from_fid($fid));
+  }
 }