You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by rn...@apache.org on 2020/10/20 13:15:48 UTC
[couchdb] 02/02: Fix apache/couchdb#1988 - Validate attachment names
This is an automated email from the ASF dual-hosted git repository.
rnewson pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit 79f71ec4810e13ae958f33e40c7c1d58d0a6cb99
Author: Juanjo Rodriguez <ju...@apache.org>
AuthorDate: Sun Mar 24 23:32:54 2019 +0100
Fix apache/couchdb#1988 - Validate attachment names
---
src/chttpd/src/chttpd_db.erl | 1 +
test/elixir/test/all_docs_test.exs | 18 ------------------
test/elixir/test/attachment_names_test.exs | 15 +++++++++++++++
3 files changed, 16 insertions(+), 18 deletions(-)
diff --git a/src/chttpd/src/chttpd_db.erl b/src/chttpd/src/chttpd_db.erl
index bfd8f9f..3ca0824 100644
--- a/src/chttpd/src/chttpd_db.erl
+++ b/src/chttpd/src/chttpd_db.erl
@@ -412,6 +412,7 @@ db_req(#httpd{method='POST', path_parts=[DbName]}=Req, Db) ->
Doc0 = chttpd:json_body(Req),
Doc1 = couch_doc:from_json_obj_validate(Doc0, fabric2_db:name(Db)),
+ validate_attachment_names(Doc1),
Doc2 = case Doc1#doc.id of
<<"">> ->
Doc1#doc{id=couch_uuids:new(), revs={0, []}};
diff --git a/test/elixir/test/all_docs_test.exs b/test/elixir/test/all_docs_test.exs
index 7862f78..5523565 100644
--- a/test/elixir/test/all_docs_test.exs
+++ b/test/elixir/test/all_docs_test.exs
@@ -445,22 +445,4 @@ defmodule AllDocsTest do
assert resp.status_code == 200
end
-
- @tag :with_db
- test "POST boolean", context do
- db_name = context[:db_name]
-
- resp = Couch.post("/#{db_name}/_bulk_docs", body: %{docs: create_docs(0..3)})
- assert resp.status_code in [201, 202]
-
- resp = Couch.post(
- "/#{db_name}/_all_docs",
- body: %{
- :stable => true,
- :update => true
- }
- )
-
- assert resp.status_code == 200
- end
end
diff --git a/test/elixir/test/attachment_names_test.exs b/test/elixir/test/attachment_names_test.exs
index 66596c8..6a824a0 100644
--- a/test/elixir/test/attachment_names_test.exs
+++ b/test/elixir/test/attachment_names_test.exs
@@ -94,5 +94,20 @@ defmodule AttachmentNamesTest do
assert resp.body["reason"] ==
"Attachment name '_foo.txt' starts with prohibited character '_'"
+
+ resp =
+ Couch.post(
+ "/#{db_name}",
+ body: @leading_underscores_att
+ )
+
+ assert resp.status_code == 400
+
+ assert resp.body["reason"] ==
+ "Attachment name '_foo.txt' starts with prohibited character '_'"
+
+ resp = Couch.get("/#{db_name}/bin_doc2/_foo.txt")
+
+ assert resp.status_code == 404
end
end