You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ja...@apache.org on 2013/06/18 16:33:00 UTC
[41/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Prevent creation of empty attachment names via inline API.
It is possible to create an attachment using the inline
attachment API that has the empty string "" as the name:
{
"_id":"11612aba0238dc0dd8c2d37e7909b4e6",
"_attachments": {
"": {...}
}
}
Attachments created this way can’t be retrieved via the
standalone attachment API.
This patch adds testing for the empty string in the
`validate_attachment_name` function.
Closes COUCHDB-1832
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/ad774b6e
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/ad774b6e
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/ad774b6e
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: ad774b6e096d5011a16837e600db70204e9ae28c
Parents: 7cdedb0
Author: Jan Lehnardt <ja...@apache.org>
Authored: Tue Jun 18 16:28:30 2013 +0200
Committer: Jan Lehnardt <ja...@apache.org>
Committed: Tue Jun 18 16:31:49 2013 +0200
----------------------------------------------------------------------
share/www/script/test/attachment_names.js | 19 +++++++++++++++++++
src/couchdb/couch_httpd_db.erl | 2 ++
2 files changed, 21 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/ad774b6e/share/www/script/test/attachment_names.js
----------------------------------------------------------------------
diff --git a/share/www/script/test/attachment_names.js b/share/www/script/test/attachment_names.js
index 334350c..7adc13c 100644
--- a/share/www/script/test/attachment_names.js
+++ b/share/www/script/test/attachment_names.js
@@ -48,6 +48,25 @@ couchTests.attachment_names = function(debug) {
resp = db.save(binAttDoc);
TEquals(true, resp.ok, "attachment_name: inline attachment");
+ // COUCHDB-1832 Inline Attachment API allows empty names
+ var binAttDoc4 = {
+ _id: "bin_doc4",
+ _attachments:{
+ "": {
+ content_type:"text/plain",
+ data: "VGhpcyBpcyBhIGJhc2U2NCBlbmNvZGVkIHRleHQ="
+ }
+ }
+ };
+
+ try {
+ resp = db.save(binAttDoc4);
+ TEquals(1,2, "should throw on empty attachment names");
+ } catch (e) {
+ TEquals(e.error, "bad_request", "should return bad_request");
+ TEquals(e.reason, "Attachment name can't be empty",
+ "should state that attachment name can't be empty");
+ }
// standalone docs
var bin_data = "JHAPDO*AU£PN ){(3u[d 93DQ9¡€])} ææøo'∂ƒæ≤çæππ•¥∫¶®#†π¶®¥π€ª®˙π8np";
http://git-wip-us.apache.org/repos/asf/couchdb/blob/ad774b6e/src/couchdb/couch_httpd_db.erl
----------------------------------------------------------------------
diff --git a/src/couchdb/couch_httpd_db.erl b/src/couchdb/couch_httpd_db.erl
index 9f68002..c0969cf 100644
--- a/src/couchdb/couch_httpd_db.erl
+++ b/src/couchdb/couch_httpd_db.erl
@@ -1374,6 +1374,8 @@ validate_attachment_name(Name) when is_list(Name) ->
validate_attachment_name(list_to_binary(Name));
validate_attachment_name(<<"_",_/binary>>) ->
throw({bad_request, <<"Attachment name can't start with '_'">>});
+validate_attachment_name(<<"">>) ->
+ throw({bad_request, <<"Attachment name can't be empty">>});
validate_attachment_name(Name) ->
case couch_util:validate_utf8(Name) of
true -> Name;