couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Zachary Zolton <zachary.zol...@gmail.com>
Subject Re: Bad array check in _users/_design/_auth
Date Mon, 08 Nov 2010 16:10:58 GMT
If your version of SpiderMonkey (used for the JavaScript view server)
supports JavaScript version 1.8.5, you can simply use the
Array.isArray() function.

Otherwise, here's an article describing the difficulties of detecting
whether an object is an array:
http://is.gd/gQ2i4

Cheers,
Zach

On Fri, Nov 5, 2010 at 12:32 PM, Gabriel Farrell <g@grrawr.com> wrote:
> In trying to figure out how to test for an array value in
> validate_doc_update I ran across the following in
> _users/_design/_auth:
>
>    if (!(newDoc.roles && (typeof newDoc.roles.length !== 'undefined'))) {
>      throw({forbidden: 'doc.roles must be an array'});
>    }
>
> Strings also have a length method, so this is a bad test for an array.
> Setting "roles" to a string for any user got no complaint from
> validate_doc_update, but thereafter I could no longer perform any
> administrative tasks in Futon, nor log in or out, and I got "An error
> occurred getting session info: function_clause" popping up on every
> page. Deleting the cookie allowed me to log back in and fix the doc.
>
> Now that I look at it, there's also an erroneous exclamation point at
> the start of that condition.
>
> After a lot of trial and error I got it working with the following:
>
>    if (newDoc.roles && !(eval(uneval(newDoc.roles)) instanceof Array)) {
>        throw({forbidden: 'doc.roles must be an array'});
>    }
>
> If there's a less-convoluted way to test for an array, I'd be happy to see it.
>
> Should I put this in JIRA? If so, would the component be Futon?
>
>
> Gabriel
>

Mime
View raw message