You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@couchdb.apache.org by Gabriel Farrell <gs...@gmail.com> on 2010/11/05 18:30:10 UTC
Bad array check in _users/_design/_auth
In trying to figure out how to test for an array value in
validate_doc_update I ran across the following in
_users/_design/_auth:
if (!(newDoc.roles && (typeof newDoc.roles.length !== 'undefined'))) {
throw({forbidden: 'doc.roles must be an array'});
}
Strings also have a length method, so this is a bad test for an array.
Setting "roles" to a string for any user got no complaint from
validate_doc_update, but thereafter I could no longer perform any
administrative tasks in Futon, nor log in or out, and I got "An error
occurred getting session info: function_clause" popping up on every
page. Deleting the cookie allowed me to log back in and fix the doc.
Now that I look at it, there's also an erroneous exclamation point at
the start of that condition.
After a lot of trial and error I got it working with the following:
if (newDoc.roles && !(eval(uneval(newDoc.roles)) instanceof Array)) {
throw({forbidden: 'doc.roles must be an array'});
}
If there's a less-convoluted way to test for an array, I'd be happy to see it.
Should I put this in JIRA? If so, would the component be Futon?
Re: Bad array check in _users/_design/_auth
Posted by Gabriel Farrell <gs...@gmail.com>.
On Mon, Nov 8, 2010 at 11:10 AM, Zachary Zolton
<za...@gmail.com> wrote:
> If your version of SpiderMonkey (used for the JavaScript view server)
> supports JavaScript version 1.8.5, you can simply use the
> Array.isArray() function.
Debian testing is still on 1.7, so maybe too soon to start using
Array.isArray(), as much as I'd like to.
> Otherwise, here's an article describing the difficulties of detecting
> whether an object is an array:
> http://is.gd/gQ2i4
Thanks for the article. I'm guessing the "multiple globals" issue is
the reason I need to eval(uneval(theArray)). I had at first attempted
to test with (theArray.constructor === Array), but even though this
works in the command-line js interpreter, I couldn't access the
constructor in the validate_doc_update script.
> On Fri, Nov 5, 2010 at 12:32 PM, Gabriel Farrell <g...@grrawr.com> wrote:
>> In trying to figure out how to test for an array value in
>> validate_doc_update I ran across the following in
>> _users/_design/_auth:
>>
>> if (!(newDoc.roles && (typeof newDoc.roles.length !== 'undefined'))) {
>> throw({forbidden: 'doc.roles must be an array'});
>> }
>>
>> Strings also have a length method, so this is a bad test for an array.
>> Setting "roles" to a string for any user got no complaint from
>> validate_doc_update, but thereafter I could no longer perform any
>> administrative tasks in Futon, nor log in or out, and I got "An error
>> occurred getting session info: function_clause" popping up on every
>> page. Deleting the cookie allowed me to log back in and fix the doc.
>>
>> Now that I look at it, there's also an erroneous exclamation point at
>> the start of that condition.
>>
>> After a lot of trial and error I got it working with the following:
>>
>> if (newDoc.roles && !(eval(uneval(newDoc.roles)) instanceof Array)) {
>> throw({forbidden: 'doc.roles must be an array'});
>> }
>>
>> If there's a less-convoluted way to test for an array, I'd be happy to see it.
>>
>> Should I put this in JIRA? If so, would the component be Futon?
>>
>>
>> Gabriel
>>
>
Re: Bad array check in _users/_design/_auth
Posted by Zachary Zolton <za...@gmail.com>.
If your version of SpiderMonkey (used for the JavaScript view server)
supports JavaScript version 1.8.5, you can simply use the
Array.isArray() function.
Otherwise, here's an article describing the difficulties of detecting
whether an object is an array:
http://is.gd/gQ2i4
Cheers,
Zach
On Fri, Nov 5, 2010 at 12:32 PM, Gabriel Farrell <g...@grrawr.com> wrote:
> In trying to figure out how to test for an array value in
> validate_doc_update I ran across the following in
> _users/_design/_auth:
>
> if (!(newDoc.roles && (typeof newDoc.roles.length !== 'undefined'))) {
> throw({forbidden: 'doc.roles must be an array'});
> }
>
> Strings also have a length method, so this is a bad test for an array.
> Setting "roles" to a string for any user got no complaint from
> validate_doc_update, but thereafter I could no longer perform any
> administrative tasks in Futon, nor log in or out, and I got "An error
> occurred getting session info: function_clause" popping up on every
> page. Deleting the cookie allowed me to log back in and fix the doc.
>
> Now that I look at it, there's also an erroneous exclamation point at
> the start of that condition.
>
> After a lot of trial and error I got it working with the following:
>
> if (newDoc.roles && !(eval(uneval(newDoc.roles)) instanceof Array)) {
> throw({forbidden: 'doc.roles must be an array'});
> }
>
> If there's a less-convoluted way to test for an array, I'd be happy to see it.
>
> Should I put this in JIRA? If so, would the component be Futon?
>
>
> Gabriel
>
Bad array check in _users/_design/_auth
Posted by Gabriel Farrell <g...@grrawr.com>.
In trying to figure out how to test for an array value in
validate_doc_update I ran across the following in
_users/_design/_auth:
if (!(newDoc.roles && (typeof newDoc.roles.length !== 'undefined'))) {
throw({forbidden: 'doc.roles must be an array'});
}
Strings also have a length method, so this is a bad test for an array.
Setting "roles" to a string for any user got no complaint from
validate_doc_update, but thereafter I could no longer perform any
administrative tasks in Futon, nor log in or out, and I got "An error
occurred getting session info: function_clause" popping up on every
page. Deleting the cookie allowed me to log back in and fix the doc.
Now that I look at it, there's also an erroneous exclamation point at
the start of that condition.
After a lot of trial and error I got it working with the following:
if (newDoc.roles && !(eval(uneval(newDoc.roles)) instanceof Array)) {
throw({forbidden: 'doc.roles must be an array'});
}
If there's a less-convoluted way to test for an array, I'd be happy to see it.
Should I put this in JIRA? If so, would the component be Futon?
Gabriel