Fix apache/couchdb#1988 - Validate attachment names

2 files changed, 16 insertions, 0 deletions

diff --git a/src/chttpd/src/chttpd_db.erl b/src/chttpd/src/chttpd_db.erl
index b9954603a..0e3701aba 100644
--- a/src/chttpd/src/chttpd_db.erl
+++ b/src/chttpd/src/chttpd_db.erl
@@ -437,6 +437,7 @@ db_req(#httpd{method='POST', path_parts=[DbName], user_ctx=Ctx}=Req, Db) ->
     Options = [{user_ctx,Ctx}, {w,W}],
 
     Doc = couch_db:doc_from_json_obj_validate(Db, chttpd:json_body(Req)),
+    validate_attachment_names(Doc),
     Doc2 = case Doc#doc.id of
         <<"">> ->
             Doc#doc{id=couch_uuids:new(), revs={0, []}};
diff --git a/test/elixir/test/attachment_names_test.exs b/test/elixir/test/attachment_names_test.exs
index 4593a8504..a89b26548 100644
--- a/test/elixir/test/attachment_names_test.exs
+++ b/test/elixir/test/attachment_names_test.exs
@@ -93,5 +93,20 @@ defmodule AttachmentNamesTest do
 
     assert resp.body["reason"] ==
              "Attachment name '_foo.txt' starts with prohibited character '_'"
+
+    resp =
+      Couch.post(
+        "/#{db_name}",
+        body: @leading_underscores_att
+      )
+
+    assert resp.status_code == 400
+
+    assert resp.body["reason"] ==
+             "Attachment name '_foo.txt' starts with prohibited character '_'"
+
+    resp = Couch.get("/#{db_name}/bin_doc2/_foo.txt")
+
+    assert resp.status_code == 404
   end
 end