couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dav...@apache.org
Subject svn commit: r804269 - in /couchdb/trunk: share/www/script/test/invalid_docids.js src/couchdb/couch_httpd_db.erl
Date Fri, 14 Aug 2009 15:47:27 GMT
Author: davisp
Date: Fri Aug 14 15:47:27 2009
New Revision: 804269

URL: http://svn.apache.org/viewvc?rev=804269&view=rev
Log:
Fixes COUCHDB-422 - Reject invalid _local doc ids.



Modified:
    couchdb/trunk/share/www/script/test/invalid_docids.js
    couchdb/trunk/src/couchdb/couch_httpd_db.erl

Modified: couchdb/trunk/share/www/script/test/invalid_docids.js
URL: http://svn.apache.org/viewvc/couchdb/trunk/share/www/script/test/invalid_docids.js?rev=804269&r1=804268&r2=804269&view=diff
==============================================================================
--- couchdb/trunk/share/www/script/test/invalid_docids.js (original)
+++ couchdb/trunk/share/www/script/test/invalid_docids.js Fri Aug 14 15:47:27 2009
@@ -20,6 +20,19 @@
   T(db.save({"_id": "_local/foo"}).ok);
   T(db.open("_local/foo")._id == "_local/foo");
 
+  var urls = [
+      "/test_suite_db/_local",
+      "/test_suite_db/_local/",
+      "/test_suite_db/_local%2F",
+      "/test_suite_db/_local/foo/bar",
+  ];
+
+  urls.forEach(function(u) {
+    var res = db.request("PUT", u, {"body": "{}"});
+    T(res.status == 400);
+    T(JSON.parse(res.responseText).error == "bad_request");
+  });
+
   //Test non-string
   try {
     db.save({"_id": 1});

Modified: couchdb/trunk/src/couchdb/couch_httpd_db.erl
URL: http://svn.apache.org/viewvc/couchdb/trunk/src/couchdb/couch_httpd_db.erl?rev=804269&r1=804268&r2=804269&view=diff
==============================================================================
--- couchdb/trunk/src/couchdb/couch_httpd_db.erl (original)
+++ couchdb/trunk/src/couchdb/couch_httpd_db.erl Fri Aug 14 15:47:27 2009
@@ -506,6 +506,21 @@
     db_attachment_req(Req, Db, <<"_design/",Name/binary>>, FileNameParts);
 
 
+% Special case to allow for accessing local documents without %2F
+% encoding the docid. Throws out requests that don't have the second
+% path part or that specify an attachment name.
+db_req(#httpd{path_parts=[_DbName, <<"_local">>]}, _Db) ->
+    throw({bad_request, <<"Invalid _local document id.">>});
+
+db_req(#httpd{path_parts=[_DbName, <<"_local/">>]}, _Db) ->
+    throw({bad_request, <<"Invalid _local document id.">>});
+
+db_req(#httpd{path_parts=[_DbName, <<"_local">>, Name]}=Req, Db) ->
+    db_doc_req(Req, Db, <<"_local/", Name/binary>>);
+
+db_req(#httpd{path_parts=[_DbName, <<"_local">> | _Rest]}, _Db) ->
+    throw({bad_request, <<"_local documents do not accept attachments.">>});
+
 db_req(#httpd{path_parts=[_, DocId]}=Req, Db) ->
     db_doc_req(Req, Db, DocId);
 



Mime
View raw message