incubator-couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Muharem Hrnjadovic (JIRA)" <j...@apache.org>
Subject [jira] Updated: (COUCHDB-883) Wrong document returned due to incorrect URL decoding
Date Sun, 12 Sep 2010 19:23:48 GMT

     [ https://issues.apache.org/jira/browse/COUCHDB-883?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Muharem Hrnjadovic updated COUCHDB-883:
---------------------------------------

    Attachment: logging.diff

I added some logging statements to find out where the a+b -> a b conversion takes place
and came to realize that it happens in handle_request()  (src/couchdb/couch_httpd.erl, line
237) after the 'requested_path_parts' and 'path_parts' are mangled through couch_httpd:unquote()
which in turn calls mochiweb_util:unquote().

A quick experiment confirms that:


$ erl -pz $HOME/src/couchdb/src/mochiweb
Erlang R14A (erts-5.8) [source] [64-bit] [smp:2:2] [rq:2] [async-threads:0] [kernel-poll:false]

Eshell V5.8  (abort with ^G)
1> mochiweb_util:unquote("a+b")
1> .
"a b"
2> 


> Wrong document returned due to incorrect URL decoding
> -----------------------------------------------------
>
>                 Key: COUCHDB-883
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-883
>             Project: CouchDB
>          Issue Type: Bug
>          Components: HTTP Interface
>    Affects Versions: 1.0.1
>         Environment: Kubuntu 10.4, Firefox 3.6.8
>            Reporter: Taras Puchko
>         Attachments: logging.diff
>
>
> I have two documents in my database: "a b" and "a+b". The first can be retrieved via
"/mydb/a%20b" and the second via "/mydb/a%2Bb".
> When I enter "/mydb/a b" in the browser it automatically encodes it so the correct document
is returned. But when I enter "/mydb/a+b" the URL is sent intact since "+" is a valid character
in a path segment according to [1]. The problem is that "GET /mydb/a+b" makes CouchDB return
the document with id "a b" and not the intended one, which is against the URI spec .
> For an informal description of URL encoding one may refer to [2].
> [1]: http://www.ietf.org/rfc/rfc2396.txt
> [2]: http://www.lunatech-research.com/archives/2009/02/03/what-every-web-developer-must-know-about-url-encoding

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message