You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@couchdb.apache.org by samueltardieu <gi...@git.apache.org> on 2015/04/26 00:46:31 UTC
[GitHub] couchdb pull request: Properly escape Location: HTTP header
GitHub user samueltardieu opened a pull request:
https://github.com/apache/couchdb/pull/314
Properly escape Location: HTTP header
Non-ASCII characters in the "Location:" header must be URL-encoded. This
can happen if a document is inserted with a user-defined "_id"
containing non-ASCII characters or if a filename contains non-ASCII
characters.
Fixes COUCHDB-2673
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/samueltardieu/couchdb urlencode-location-header
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/couchdb/pull/314.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #314
----
commit a3fee552ddc6014767f1ed393f0960ca1ada3fe5
Author: Samuel Tardieu <sa...@rfc1149.net>
Date: 2015-04-25T22:10:04Z
Properly escape Location: HTTP header
Non-ASCII characters in the "Location:" header must be URL-encoded. This
can happen if a document is inserted with a user-defined "_id"
containing non-ASCII characters or if a filename contains non-ASCII
characters.
Fixes COUCHDB-2673
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] couchdb pull request: Properly escape Location: HTTP header
Posted by samueltardieu <gi...@git.apache.org>.
Github user samueltardieu commented on a diff in the pull request:
https://github.com/apache/couchdb/pull/314#discussion_r29234230
--- Diff: src/couchdb/couch_httpd_db.erl ---
@@ -1015,8 +1015,8 @@ db_attachment_req(#httpd{method=Method,mochi_req=MochiReq}=Req, Db, DocId, FileN
_ ->
[{"Location", absolute_uri(Req, "/" ++
?b2l(Db#db.name) ++ "/" ++
--- End diff --
Indeed. Will update.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] couchdb pull request: Properly escape Location: HTTP header
Posted by kxepal <gi...@git.apache.org>.
Github user kxepal commented on a diff in the pull request:
https://github.com/apache/couchdb/pull/314#discussion_r29234135
--- Diff: src/couchdb/couch_httpd_db.erl ---
@@ -1015,8 +1015,8 @@ db_attachment_req(#httpd{method=Method,mochi_req=MochiReq}=Req, Db, DocId, FileN
_ ->
[{"Location", absolute_uri(Req, "/" ++
?b2l(Db#db.name) ++ "/" ++
--- End diff --
Yes, but there is an `/` character this need to be escaped. See my comment in PR discussion.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] couchdb pull request: Properly escape Location: HTTP header
Posted by samueltardieu <gi...@git.apache.org>.
Github user samueltardieu commented on a diff in the pull request:
https://github.com/apache/couchdb/pull/314#discussion_r29233598
--- Diff: src/couchdb/couch_httpd_db.erl ---
@@ -1015,8 +1015,8 @@ db_attachment_req(#httpd{method=Method,mochi_req=MochiReq}=Req, Db, DocId, FileN
_ ->
[{"Location", absolute_uri(Req, "/" ++
?b2l(Db#db.name) ++ "/" ++
--- End diff --
Isn't the database name supposed to be composed only of a subset of ASCII characters?
```
% curl -X PUT http://localhost:5984/dbé
{"error":"illegal_database_name","reason":"Name: 'dbé'. Only lowercase characters (a-z), digits (0-9), and any of the characters _, $, (, ), +, -, and / are allowed. Must begin with a letter."}
```
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] couchdb pull request: Properly escape Location: HTTP header
Posted by kxepal <gi...@git.apache.org>.
Github user kxepal commented on the pull request:
https://github.com/apache/couchdb/pull/314#issuecomment-97028553
```
$ curl -XPUT -v http://localhost:5984/a%2fb%2fc%2fd/test%2fpassed%2freally -d '{}'
* Hostname was NOT found in DNS cache
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 5984 (#0)
> PUT /a%2fb%2fc%2fd/test%2fpassed%2freally HTTP/1.1
> User-Agent: curl/7.39.0
> Host: localhost:5984
> Accept: */*
> Content-Length: 2
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 2 out of 2 bytes
< HTTP/1.1 201 Created
< Server: CouchDB/1.6.1 (Erlang OTP/17)
< Location: http://localhost:5984/a/b/c/d/test%2fpassed%2freally
< ETag: "1-967a00dff5e02add41819138abb3284d"
< Date: Tue, 28 Apr 2015 11:25:34 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 81
< Cache-Control: must-revalidate
<
{"ok":true,"id":"test/passed/really","rev":"1-967a00dff5e02add41819138abb3284d"}
```
Patch is good, but there is a database name that also causes invalid Location value.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] couchdb pull request: Properly escape Location: HTTP header
Posted by samueltardieu <gi...@git.apache.org>.
Github user samueltardieu commented on the pull request:
https://github.com/apache/couchdb/pull/314#issuecomment-97034338
Updated, and verified:
```
% curl -XPUT -v http://localhost:5984/a%2fb%2fc%2fd/test%2fpassed%2freal
ly -d '{}'
* Trying ::1...
* Connected to localhost (::1) port 5984 (#0)
> PUT /a%2fb%2fc%2fd/test%2fpassed%2freally HTTP/1.1
> Host: localhost:5984
> User-Agent: curl/7.42.0
> Accept: */*
> Content-Length: 2
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 2 out of 2 bytes
< HTTP/1.1 201 Created
< Server: CouchDB/1.6.1 (Erlang OTP/17)
< Location: http://localhost:5984/a%2Fb%2Fc%2Fd/test%2Fpassed%2Freally
< ETag: "1-967a00dff5e02add41819138abb3284d"
< Date: Tue, 28 Apr 2015 11:54:03 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 81
< Cache-Control: must-revalidate
<
{"ok":true,"id":"test/passed/really","rev":"1-967a00dff5e02add41819138abb3284d"}
```
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] couchdb pull request: Properly escape Location: HTTP header
Posted by asfgit <gi...@git.apache.org>.
Github user asfgit closed the pull request at:
https://github.com/apache/couchdb/pull/314
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] couchdb pull request: Properly escape Location: HTTP header
Posted by rnewson <gi...@git.apache.org>.
Github user rnewson commented on the pull request:
https://github.com/apache/couchdb/pull/314#issuecomment-144727976
so this went to 1.x.x but not 2.0, but the jira ticket claims it's fixed in both (it's not)
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] couchdb pull request: Properly escape Location: HTTP header
Posted by kxepal <gi...@git.apache.org>.
Github user kxepal commented on a diff in the pull request:
https://github.com/apache/couchdb/pull/314#discussion_r29233529
--- Diff: src/couchdb/couch_httpd_db.erl ---
@@ -1015,8 +1015,8 @@ db_attachment_req(#httpd{method=Method,mochi_req=MochiReq}=Req, Db, DocId, FileN
_ ->
[{"Location", absolute_uri(Req, "/" ++
?b2l(Db#db.name) ++ "/" ++
--- End diff --
Database name should be escaped as well.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] couchdb pull request: Properly escape Location: HTTP header
Posted by samueltardieu <gi...@git.apache.org>.
Github user samueltardieu commented on the pull request:
https://github.com/apache/couchdb/pull/314#issuecomment-97052518
Sure! Done.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] couchdb pull request: Properly escape Location: HTTP header
Posted by kxepal <gi...@git.apache.org>.
Github user kxepal commented on the pull request:
https://github.com/apache/couchdb/pull/314#issuecomment-97053189
Thank you! (:
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] couchdb pull request: Properly escape Location: HTTP header
Posted by kxepal <gi...@git.apache.org>.
Github user kxepal commented on the pull request:
https://github.com/apache/couchdb/pull/314#issuecomment-97051154
Great! Thank you! Could you please rebase your PR so I can merge it fast-forward?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---