diff options
author | Juanjo Rodriguez <juanjo@apache.org> | 2019-03-24 23:32:54 +0100 |
---|---|---|
committer | Juanjo Rodriguez <jjrodrig@gmail.com> | 2020-10-22 12:45:38 +0200 |
commit | ffbf695ff557b06413162e90cac568584adfdadd (patch) | |
tree | d29d150b4ff12ce7d092a8798b5078a1f91335d9 | |
parent | 70b5b3113dc29291ffc0c87b01bbc3c1e32800a9 (diff) | |
download | couchdb-ffbf695ff557b06413162e90cac568584adfdadd.tar.gz |
Fix apache/couchdb#1988 - Validate attachment names
-rw-r--r-- | src/chttpd/src/chttpd_db.erl | 1 | ||||
-rw-r--r-- | test/elixir/test/attachment_names_test.exs | 15 |
2 files changed, 16 insertions, 0 deletions
diff --git a/src/chttpd/src/chttpd_db.erl b/src/chttpd/src/chttpd_db.erl index b9954603a..0e3701aba 100644 --- a/src/chttpd/src/chttpd_db.erl +++ b/src/chttpd/src/chttpd_db.erl @@ -437,6 +437,7 @@ db_req(#httpd{method='POST', path_parts=[DbName], user_ctx=Ctx}=Req, Db) -> Options = [{user_ctx,Ctx}, {w,W}], Doc = couch_db:doc_from_json_obj_validate(Db, chttpd:json_body(Req)), + validate_attachment_names(Doc), Doc2 = case Doc#doc.id of <<"">> -> Doc#doc{id=couch_uuids:new(), revs={0, []}}; diff --git a/test/elixir/test/attachment_names_test.exs b/test/elixir/test/attachment_names_test.exs index 4593a8504..a89b26548 100644 --- a/test/elixir/test/attachment_names_test.exs +++ b/test/elixir/test/attachment_names_test.exs @@ -93,5 +93,20 @@ defmodule AttachmentNamesTest do assert resp.body["reason"] == "Attachment name '_foo.txt' starts with prohibited character '_'" + + resp = + Couch.post( + "/#{db_name}", + body: @leading_underscores_att + ) + + assert resp.status_code == 400 + + assert resp.body["reason"] == + "Attachment name '_foo.txt' starts with prohibited character '_'" + + resp = Couch.get("/#{db_name}/bin_doc2/_foo.txt") + + assert resp.status_code == 404 end end |