You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by rn...@apache.org on 2020/10/20 13:15:48 UTC

[couchdb] 02/02: Fix apache/couchdb#1988 - Validate attachment names

This is an automated email from the ASF dual-hosted git repository.

rnewson pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/couchdb.git

commit 79f71ec4810e13ae958f33e40c7c1d58d0a6cb99
Author: Juanjo Rodriguez <ju...@apache.org>
AuthorDate: Sun Mar 24 23:32:54 2019 +0100

    Fix apache/couchdb#1988 -  Validate attachment names
---
 src/chttpd/src/chttpd_db.erl               |  1 +
 test/elixir/test/all_docs_test.exs         | 18 ------------------
 test/elixir/test/attachment_names_test.exs | 15 +++++++++++++++
 3 files changed, 16 insertions(+), 18 deletions(-)

diff --git a/src/chttpd/src/chttpd_db.erl b/src/chttpd/src/chttpd_db.erl
index bfd8f9f..3ca0824 100644
--- a/src/chttpd/src/chttpd_db.erl
+++ b/src/chttpd/src/chttpd_db.erl
@@ -412,6 +412,7 @@ db_req(#httpd{method='POST', path_parts=[DbName]}=Req, Db) ->
 
     Doc0 = chttpd:json_body(Req),
     Doc1 = couch_doc:from_json_obj_validate(Doc0, fabric2_db:name(Db)),
+    validate_attachment_names(Doc1),
     Doc2 = case Doc1#doc.id of
         <<"">> ->
             Doc1#doc{id=couch_uuids:new(), revs={0, []}};
diff --git a/test/elixir/test/all_docs_test.exs b/test/elixir/test/all_docs_test.exs
index 7862f78..5523565 100644
--- a/test/elixir/test/all_docs_test.exs
+++ b/test/elixir/test/all_docs_test.exs
@@ -445,22 +445,4 @@ defmodule AllDocsTest do
 
     assert resp.status_code == 200
   end
-
-  @tag :with_db
-  test "POST boolean", context do
-    db_name = context[:db_name]
-
-    resp = Couch.post("/#{db_name}/_bulk_docs", body: %{docs: create_docs(0..3)})
-    assert resp.status_code in [201, 202]
-
-    resp = Couch.post(
-      "/#{db_name}/_all_docs",
-      body: %{
-        :stable => true,
-        :update => true
-      }
-    )
-
-    assert resp.status_code == 200
-  end
 end
diff --git a/test/elixir/test/attachment_names_test.exs b/test/elixir/test/attachment_names_test.exs
index 66596c8..6a824a0 100644
--- a/test/elixir/test/attachment_names_test.exs
+++ b/test/elixir/test/attachment_names_test.exs
@@ -94,5 +94,20 @@ defmodule AttachmentNamesTest do
 
     assert resp.body["reason"] ==
              "Attachment name '_foo.txt' starts with prohibited character '_'"
+
+    resp =
+      Couch.post(
+        "/#{db_name}",
+        body: @leading_underscores_att
+      )
+
+    assert resp.status_code == 400
+
+    assert resp.body["reason"] ==
+             "Attachment name '_foo.txt' starts with prohibited character '_'"
+
+    resp = Couch.get("/#{db_name}/bin_doc2/_foo.txt")
+
+    assert resp.status_code == 404
   end
 end