You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by rn...@apache.org on 2022/02/28 19:05:19 UTC
[couchdb] 01/01: Prevent users from modifying the special _replicator fields unless they're deleting them
This is an automated email from the ASF dual-hosted git repository.
rnewson pushed a commit to branch replicator_vdu_special_fields
in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit 3eca450290776afdc81c7595e994e7fb4ceaa38c
Author: Robert Newson <rn...@apache.org>
AuthorDate: Mon Feb 28 19:04:28 2022 +0000
Prevent users from modifying the special _replicator fields unless they're deleting them
---
.../src/couch_replicator_js_functions.hrl | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/src/couch_replicator/src/couch_replicator_js_functions.hrl b/src/couch_replicator/src/couch_replicator_js_functions.hrl
index d410433..92839d8 100644
--- a/src/couch_replicator/src/couch_replicator_js_functions.hrl
+++ b/src/couch_replicator/src/couch_replicator_js_functions.hrl
@@ -58,6 +58,26 @@
return;
}
+ // Only the replicator may change these fields, though any authorised
+ // user may delete them.
+ if (oldDoc) {
+ var protectedFields = [
+ '_replication_state',
+ '_replication_state_time',
+ '_replication_state_reason',
+ '_replication_id',
+ '_replication_stats'
+ ]
+ for (var i = 0; i < protectedFields.length; i++) {
+ var protectedField = protectedFields[i];
+ if (typeof(oldDoc[protectedField]) === 'string' &&
+ typeof(newDoc[protectedField]) === 'string' &&
+ oldDoc[protectedField] != newDoc[protectedField]) {
+ reportError('Only the replicator may modify the ' + protectedField + ' field.');
+ }
+ }
+ }
+
if (newDoc._replication_state === 'failed') {
// Skip validation in case when we update the document with the
// failed state. In this case it might be malformed. However,