Return-Path: 
 <commits-return-16344-apmail-couchdb-commits-archive=couchdb.apache.org@couchdb.apache.org>
X-Original-To: apmail-couchdb-commits-archive@www.apache.org
Delivered-To: apmail-couchdb-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 1859B10CAA
	for <apmail-couchdb-commits-archive@www.apache.org>;
 Wed, 19 Feb 2014 14:48:50 +0000 (UTC)
Received: (qmail 57838 invoked by uid 500); 19 Feb 2014 14:48:14 -0000
Delivered-To: apmail-couchdb-commits-archive@couchdb.apache.org
Received: (qmail 57692 invoked by uid 500); 19 Feb 2014 14:48:09 -0000
Mailing-List: contact commits-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@couchdb.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@couchdb.apache.org>
List-Post: <mailto:commits@couchdb.apache.org>
List-Id: <commits.couchdb.apache.org>
Reply-To: dev@couchdb.apache.org
Delivered-To: mailing list commits@couchdb.apache.org
Received: (qmail 57174 invoked by uid 99); 19 Feb 2014 14:47:59 -0000
Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org)
 (140.211.11.114)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 Feb 2014 14:47:59 +0000
Received: by tyr.zones.apache.org (Postfix, from userid 65534)
	id E38188C3652; Wed, 19 Feb 2014 14:47:58 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: garren@apache.org
To: commits@couchdb.apache.org
Date: Wed, 19 Feb 2014 14:48:09 -0000
Message-Id: <ed9973ea704244ec89b0ad0a653a6264@git.apache.org>
In-Reply-To: <6354124b41c84659ba76c4e42d7059cc@git.apache.org>
References: <6354124b41c84659ba76c4e42d7059cc@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: [12/23] couchdb commit: updated refs/heads/paginate-api-options to
 0fca3e9

Allow optional max_uri_length server setting


Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/f7ca266b
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/f7ca266b
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/f7ca266b

Branch: refs/heads/paginate-api-options
Commit: f7ca266b41a6fb8dd8e8167b8c8d44df00a1907f
Parents: 3ce13c5
Author: Robert Newson <rnewson@apache.org>
Authored: Mon Feb 17 13:30:52 2014 +0000
Committer: Robert Newson <rnewson@apache.org>
Committed: Mon Feb 17 21:53:27 2014 +0000

----------------------------------------------------------------------
 etc/couchdb/default.ini.tpl.in |  2 ++
 src/couchdb/couch_httpd.erl    | 18 ++++++++++++++++++
 2 files changed, 20 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb/blob/f7ca266b/etc/couchdb/default.ini.tpl.in
----------------------------------------------------------------------
diff --git a/etc/couchdb/default.ini.tpl.in b/etc/couchdb/default.ini.tpl.in
index 3267001..fd953c2 100644
--- a/etc/couchdb/default.ini.tpl.in
+++ b/etc/couchdb/default.ini.tpl.in
@@ -52,6 +52,8 @@ allow_jsonp = false
 ;socket_options = [{recbuf, 262144}, {sndbuf, 262144}, {nodelay, true}]
 log_max_chunk_size = 1000000
 enable_cors = false
+; CouchDB can optionally enforce a maximum uri length;
+; max_uri_length = 8000
 
 [ssl]
 port = 6984

http://git-wip-us.apache.org/repos/asf/couchdb/blob/f7ca266b/src/couchdb/couch_httpd.erl
----------------------------------------------------------------------
diff --git a/src/couchdb/couch_httpd.erl b/src/couchdb/couch_httpd.erl
index f00fdd0..7ee3e3a 100644
--- a/src/couchdb/couch_httpd.erl
+++ b/src/couchdb/couch_httpd.erl
@@ -310,6 +310,7 @@ handle_request_int(MochiReq, DefaultFun,
 
     {ok, Resp} =
     try
+        check_request_uri_length(RawUri),
         case couch_httpd_cors:is_preflight_request(HttpReq) of
         #httpd{} ->
             case authenticate_request(HttpReq, AuthHandlers) of
@@ -343,6 +344,8 @@ handle_request_int(MochiReq, DefaultFun,
             send_error(HttpReq, {bad_otp_release, ErrorReason});
         exit:{body_too_large, _} ->
             send_error(HttpReq, request_entity_too_large);
+        exit:{uri_too_long, _} ->
+            send_error(HttpReq, request_uri_too_long);
         throw:Error ->
             Stack = erlang:get_stacktrace(),
             ?LOG_DEBUG("Minor error in HTTP request: ~p",[Error]),
@@ -369,6 +372,19 @@ handle_request_int(MochiReq, DefaultFun,
     couch_stats_collector:increment({httpd, requests}),
     {ok, Resp}.
 
+check_request_uri_length(Uri) ->
+    check_request_uri_length(Uri, couch_config:get("httpd", "max_uri_length")).
+
+check_request_uri_length(_Uri, undefined) ->
+    ok;
+check_request_uri_length(Uri, MaxUriLen) when is_list(MaxUriLen) ->
+    case length(Uri) > list_to_integer(MaxUriLen) of
+        true ->
+            throw(request_uri_too_long);
+        false ->
+            ok
+    end.
+
 % Try authentication handlers in order until one sets a user_ctx
 % the auth funs also have the option of returning a response
 % move this to couch_httpd_auth?
@@ -826,6 +842,8 @@ error_info(file_exists) ->
         "created, the file already exists.">>};
 error_info(request_entity_too_large) ->
     {413, <<"too_large">>, <<"the request entity is too large">>};
+error_info(request_uri_too_long) ->
+    {414, <<"too_long">>, <<"the request entity is too long">>};
 error_info({bad_ctype, Reason}) ->
     {415, <<"bad_content_type">>, Reason};
 error_info(requested_range_not_satisfiable) ->