couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Filipe Manana (JIRA)" <>
Subject [jira] Updated: (COUCHDB-1072) Having a : in the "name" property in a _users document makes the GET /_session won't work
Date Wed, 23 Feb 2011 12:24:38 GMT


Filipe Manana updated COUCHDB-1072:

    Attachment: COUCHDB-1072.patch

Jan, can't see immediately any other character that shouldn't be allowed.

The following patch is flexible enough to add other characters that we might find that should
be blacklisted.

> Having a : in the "name" property in a _users document makes the GET /_session won't
> -----------------------------------------------------------------------------------------
>                 Key: COUCHDB-1072
>                 URL:
>             Project: CouchDB
>          Issue Type: Bug
>            Reporter: Johnny Weng Luu
>            Assignee: Filipe Manana
>            Priority: Critical
>         Attachments: COUCHDB-1072.patch
> I have created multiple user documents in the _users database with the following in the
"name" property:
> ""
> "mammamia"
> "mamma/mia"
> "mamma:mia"
> I logged in each one of them (the password is the same for all of them) and then I tried
to get the current user session with GET /_session with cookie auth.
> It worked for the first 3 documents but not for the 4th one.
> Conclusion: If I have a : in the "name" it won't work.
> Would be good to either fix that so every character works or emitting an error message
if you save a document with invalid characters like the ":".
> Hope this will be taken care of! Took me quite some time to figure out!

This message is automatically generated by JIRA.
For more information on JIRA, see:


View raw message