Return-Path: Delivered-To: apmail-couchdb-commits-archive@www.apache.org Received: (qmail 32312 invoked from network); 27 Apr 2009 19:41:47 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 27 Apr 2009 19:41:47 -0000 Received: (qmail 46564 invoked by uid 500); 27 Apr 2009 19:41:47 -0000 Delivered-To: apmail-couchdb-commits-archive@couchdb.apache.org Received: (qmail 46490 invoked by uid 500); 27 Apr 2009 19:41:47 -0000 Mailing-List: contact commits-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list commits@couchdb.apache.org Received: (qmail 46481 invoked by uid 99); 27 Apr 2009 19:41:47 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 27 Apr 2009 19:41:47 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 27 Apr 2009 19:41:45 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 33E4F2388B8B; Mon, 27 Apr 2009 19:41:24 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r769127 - in /couchdb/trunk: share/www/script/test/invalid_docids.js src/couchdb/couch_doc.erl src/couchdb/couch_httpd_db.erl Date: Mon, 27 Apr 2009 19:41:23 -0000 To: commits@couchdb.apache.org From: davisp@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20090427194124.33E4F2388B8B@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: davisp Date: Mon Apr 27 19:41:23 2009 New Revision: 769127 URL: http://svn.apache.org/viewvc?rev=769127&view=rev Log: Resolves COUCHDB-332 Proper errors for invalid docids. Modified: couchdb/trunk/share/www/script/test/invalid_docids.js couchdb/trunk/src/couchdb/couch_doc.erl couchdb/trunk/src/couchdb/couch_httpd_db.erl Modified: couchdb/trunk/share/www/script/test/invalid_docids.js URL: http://svn.apache.org/viewvc/couchdb/trunk/share/www/script/test/invalid_docids.js?rev=769127&r1=769126&r2=769127&view=diff ============================================================================== --- couchdb/trunk/share/www/script/test/invalid_docids.js (original) +++ couchdb/trunk/share/www/script/test/invalid_docids.js Mon Apr 27 19:41:23 2009 @@ -29,6 +29,16 @@ T(e.error == "bad_request"); } + // Via PUT with _id not in body. + var res = res = db.request("PUT", "/test_suite_db/_other", {"body": "{}"}); + T(res.status == 400); + T(JSON.parse(res.responseText).error == "bad_request"); + + // Accidental POST to form handling code. + res = db.request("POST", "/test_suite_db/_tmp_view", {"body": "{}"}); + T(res.status == 400); + T(JSON.parse(res.responseText).error == "bad_request"); + // Test invalid _prefix try { db.save({"_id": "_invalid"}); Modified: couchdb/trunk/src/couchdb/couch_doc.erl URL: http://svn.apache.org/viewvc/couchdb/trunk/src/couchdb/couch_doc.erl?rev=769127&r1=769126&r2=769127&view=diff ============================================================================== --- couchdb/trunk/src/couchdb/couch_doc.erl (original) +++ couchdb/trunk/src/couchdb/couch_doc.erl Mon Apr 27 19:41:23 2009 @@ -15,6 +15,7 @@ -export([to_doc_info/1,to_doc_info_path/1,parse_rev/1,parse_revs/1,rev_to_str/1,rev_to_strs/1]). -export([bin_foldl/3,bin_size/1,bin_to_binary/1,get_validate_doc_fun/1]). -export([from_json_obj/1,to_json_obj/2,has_stubs/1, merge_stubs/2]). +-export([validate_docid/1]). -include("couch_db.hrl"). @@ -143,23 +144,26 @@ [parse_rev(Rev) | parse_revs(Rest)]. -transfer_fields([], #doc{body=Fields}=Doc) -> - % convert fields back to json object - Doc#doc{body={lists:reverse(Fields)}}; - -transfer_fields([{<<"_id">>, Id} | Rest], Doc) when is_binary(Id) -> +validate_docid(Id) when is_binary(Id) -> case Id of <<"_design/", _/binary>> -> ok; <<"_local/", _/binary>> -> ok; <<"_", _/binary>> -> throw({bad_request, <<"Only reserved document ids may start with underscore.">>}); _Else -> ok - end, - transfer_fields(Rest, Doc#doc{id=Id}); - -transfer_fields([{<<"_id">>, Id} | _Rest], _Doc) -> + end; +validate_docid(Id) -> ?LOG_DEBUG("Document id is not a string: ~p", [Id]), - throw({bad_request, <<"Document id must be a string">>}); + throw({bad_request, <<"Document id must be a string">>}). + +transfer_fields([], #doc{body=Fields}=Doc) -> + % convert fields back to json object + Doc#doc{body={lists:reverse(Fields)}}; + +transfer_fields([{<<"_id">>, Id} | Rest], Doc) -> + io:format("Transfering docid! ~p~n", [Id]), + validate_docid(Id), + transfer_fields(Rest, Doc#doc{id=Id}); transfer_fields([{<<"_rev">>, Rev} | Rest], #doc{revs={0, []}}=Doc) -> {Pos, RevId} = parse_rev(Rev), Modified: couchdb/trunk/src/couchdb/couch_httpd_db.erl URL: http://svn.apache.org/viewvc/couchdb/trunk/src/couchdb/couch_httpd_db.erl?rev=769127&r1=769126&r2=769127&view=diff ============================================================================== --- couchdb/trunk/src/couchdb/couch_httpd_db.erl (original) +++ couchdb/trunk/src/couchdb/couch_httpd_db.erl Mon Apr 27 19:41:23 2009 @@ -497,6 +497,7 @@ end; db_doc_req(#httpd{method='POST'}=Req, Db, DocId) -> + couch_doc:validate_docid(DocId), case couch_httpd:header_value(Req, "content-type") of "multipart/form-data" ++ _Rest -> ok; @@ -525,6 +526,7 @@ ]}); db_doc_req(#httpd{method='PUT'}=Req, Db, DocId) -> + couch_doc:validate_docid(DocId), Location = absolute_uri(Req, "/" ++ ?b2l(Db#db.name) ++ "/" ++ ?b2l(DocId)), update_doc(Req, Db, DocId, couch_httpd:json_body(Req), [{"Location", Location}]);