couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gabriel Farrell <>
Subject Bad array check in _users/_design/_auth
Date Fri, 05 Nov 2010 17:30:10 GMT
In trying to figure out how to test for an array value in
validate_doc_update I ran across the following in

    if (!(newDoc.roles && (typeof newDoc.roles.length !== 'undefined'))) {
      throw({forbidden: 'doc.roles must be an array'});

Strings also have a length method, so this is a bad test for an array.
Setting "roles" to a string for any user got no complaint from
validate_doc_update, but thereafter I could no longer perform any
administrative tasks in Futon, nor log in or out, and I got "An error
occurred getting session info: function_clause" popping up on every
page. Deleting the cookie allowed me to log back in and fix the doc.

Now that I look at it, there's also an erroneous exclamation point at
the start of that condition.

After a lot of trial and error I got it working with the following:

    if (newDoc.roles && !(eval(uneval(newDoc.roles)) instanceof Array)) {
        throw({forbidden: 'doc.roles must be an array'});

If there's a less-convoluted way to test for an array, I'd be happy to see it.

Should I put this in JIRA? If so, would the component be Futon?

View raw message