diff options
| author | Jan Lehnardt <jan@apache.org> | 2013-06-18 16:28:30 +0200 |
|---|---|---|
| committer | Jan Lehnardt <jan@apache.org> | 2013-06-18 16:33:49 +0200 |
| commit | 6b8fc0831810442ddb23808ab54340fe18f37e8b (patch) | |
| tree | b1331a467c0d6eca6268a9e64bac1534bad1db32 | |
| parent | 0bb6787cec9c986feb1f6c16a280f2c0506dec0d (diff) | |
| download | couchdb-1832-fix-empty-attachment-name.tar.gz | |
Prevent creation of empty attachment names via inline API.1832-fix-empty-attachment-name
It is possible to create an attachment using the inline
attachment API that has the empty string "" as the name:
{
"_id":"11612aba0238dc0dd8c2d37e7909b4e6",
"_attachments": {
"": {...}
}
}
Attachments created this way can’t be retrieved via the
standalone attachment API.
This patch adds testing for the empty string in the
`validate_attachment_name` function.
Closes COUCHDB-1832
| -rw-r--r-- | share/www/script/test/attachment_names.js | 19 | ||||
| -rw-r--r-- | src/couchdb/couch_httpd_db.erl | 2 |
2 files changed, 21 insertions, 0 deletions
diff --git a/share/www/script/test/attachment_names.js b/share/www/script/test/attachment_names.js index c9a5fcce3..b140f0b32 100644 --- a/share/www/script/test/attachment_names.js +++ b/share/www/script/test/attachment_names.js @@ -48,6 +48,25 @@ couchTests.attachment_names = function(debug) { resp = db.save(binAttDoc); TEquals(true, resp.ok, "attachment_name: inline attachment"); + // COUCHDB-1832 Inline Attachment API allows empty names + var binAttDoc4 = { + _id: "bin_doc4", + _attachments:{ + "": { + content_type:"text/plain", + data: "VGhpcyBpcyBhIGJhc2U2NCBlbmNvZGVkIHRleHQ=" + } + } + }; + + try { + resp = db.save(binAttDoc4); + TEquals(1,2, "should throw on empty attachment names"); + } catch (e) { + TEquals(e.error, "bad_request", "should return bad_request"); + TEquals(e.reason, "Attachment name can't be empty", + "should state that attachment name can't be empty"); + } // standalone docs var bin_data = "JHAPDO*AU£PN ){(3u[d 93DQ9¡€])} ææøo'∂ƒæ≤çæππ•¥∫¶®#†π¶®¥π€ª®˙π8np"; diff --git a/src/couchdb/couch_httpd_db.erl b/src/couchdb/couch_httpd_db.erl index f270fef1b..9a5af0f83 100644 --- a/src/couchdb/couch_httpd_db.erl +++ b/src/couchdb/couch_httpd_db.erl @@ -1198,6 +1198,8 @@ validate_attachment_name(Name) when is_list(Name) -> validate_attachment_name(list_to_binary(Name)); validate_attachment_name(<<"_",_/binary>>) -> throw({bad_request, <<"Attachment name can't start with '_'">>}); +validate_attachment_name(<<"">>) -> + throw({bad_request, <<"Attachment name can't be empty">>}); validate_attachment_name(Name) -> case couch_util:validate_utf8(Name) of true -> Name; |