You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by rn...@apache.org on 2014/08/28 13:59:39 UTC
[16/50] chttpd commit: updated refs/heads/master to 58020ab
Validate _bulk_docs POST bodies
This patch supplies some necessary input validation that
couch_doc:from_json_obj/1 can't provide. It eliminates spurious HTTP
500s and stacktraces from _bulk_docs POST bodies of the following
invalid formats:
{"docs": {"_id": "foo"}}
{"_id": "foo"}
BugzID: 21746
Project: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/commit/b71d3112
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/tree/b71d3112
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/diff/b71d3112
Branch: refs/heads/master
Commit: b71d3112286ef00d458c1d858c437ee6a3432358
Parents: 440f5a0
Author: Benjamin Anderson <b...@banjiewen.net>
Authored: Fri Aug 16 15:09:59 2013 -0700
Committer: Robert Newson <rn...@apache.org>
Committed: Tue Jul 29 18:06:28 2014 +0100
----------------------------------------------------------------------
src/chttpd_db.erl | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/blob/b71d3112/src/chttpd_db.erl
----------------------------------------------------------------------
diff --git a/src/chttpd_db.erl b/src/chttpd_db.erl
index 57b0c4f..7d27bd9 100644
--- a/src/chttpd_db.erl
+++ b/src/chttpd_db.erl
@@ -302,7 +302,14 @@ db_req(#httpd{method='POST',path_parts=[_,<<"_bulk_docs">>], user_ctx=Ctx}=Req,
couch_stats_collector:increment({httpd, bulk_requests}),
couch_httpd:validate_ctype(Req, "application/json"),
{JsonProps} = chttpd:json_body_obj(Req),
- DocsArray = couch_util:get_value(<<"docs">>, JsonProps),
+ DocsArray = case couch_util:get_value(<<"docs">>, JsonProps) of
+ undefined ->
+ throw({bad_request, <<"POST body must include `docs` parameter.">>});
+ DocsArray0 when not is_list(DocsArray0) ->
+ throw({bad_request, <<"`docs` parameter must be an array.">>});
+ DocsArray0 ->
+ DocsArray0
+ end,
W = case couch_util:get_value(<<"w">>, JsonProps) of
Value when is_integer(Value) ->
integer_to_list(Value);