diff options
author | Russell Branca <chewbranca@apache.org> | 2017-11-09 19:35:59 +0000 |
---|---|---|
committer | Russell Branca <chewbranca@apache.org> | 2017-11-09 19:35:59 +0000 |
commit | 438c3ab0dd8e2d1e7c2b82f6c2e068466e67f821 (patch) | |
tree | f3c0aff0073837bcb525634cc9c94deb849624ea | |
parent | 5f88da2a5ee8ba78917fafd572c7b9fa37e76460 (diff) | |
download | couchdb-974-fix-couch-mrview-http-security-check.tar.gz |
Look for forbidden and unauthorized in is_admin974-fix-couch-mrview-http-security-check
In https://github.com/apache/couchdb-couch/pull/29/files the possible
security errors went from only "unauthorized" to "unauthorized" and
"forbidden", but the corresponding check for both was not done in
couch_mrview_http. This addresses that problem and fixes #974.
-rw-r--r-- | src/couch_mrview/src/couch_mrview_http.erl | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/couch_mrview/src/couch_mrview_http.erl b/src/couch_mrview/src/couch_mrview_http.erl index 7b92034a9..9e23cbd9b 100644 --- a/src/couch_mrview/src/couch_mrview_http.erl +++ b/src/couch_mrview/src/couch_mrview_http.erl @@ -158,6 +158,8 @@ is_admin(Db) -> case catch couch_db:check_is_admin(Db) of {unauthorized, _} -> false; + {forbidden, _} -> + false; ok -> true end. |