diff options
author | Juanjo Rodriguez <juanjo@apache.org> | 2019-03-24 23:32:54 +0100 |
---|---|---|
committer | Robert Newson <rnewson@apache.org> | 2020-10-20 14:13:30 +0100 |
commit | 79f71ec4810e13ae958f33e40c7c1d58d0a6cb99 (patch) | |
tree | 5cb4e196f3616cfb3b7d5029d0a24938b10e5933 | |
parent | 2afc67c38eb7a87dc808dfd6e9dbb51cbfe5234e (diff) | |
download | couchdb-79f71ec4810e13ae958f33e40c7c1d58d0a6cb99.tar.gz |
Fix apache/couchdb#1988 - Validate attachment names
-rw-r--r-- | src/chttpd/src/chttpd_db.erl | 1 | ||||
-rw-r--r-- | test/elixir/test/all_docs_test.exs | 18 | ||||
-rw-r--r-- | test/elixir/test/attachment_names_test.exs | 15 |
3 files changed, 16 insertions, 18 deletions
diff --git a/src/chttpd/src/chttpd_db.erl b/src/chttpd/src/chttpd_db.erl index bfd8f9fc2..3ca082435 100644 --- a/src/chttpd/src/chttpd_db.erl +++ b/src/chttpd/src/chttpd_db.erl @@ -412,6 +412,7 @@ db_req(#httpd{method='POST', path_parts=[DbName]}=Req, Db) -> Doc0 = chttpd:json_body(Req), Doc1 = couch_doc:from_json_obj_validate(Doc0, fabric2_db:name(Db)), + validate_attachment_names(Doc1), Doc2 = case Doc1#doc.id of <<"">> -> Doc1#doc{id=couch_uuids:new(), revs={0, []}}; diff --git a/test/elixir/test/all_docs_test.exs b/test/elixir/test/all_docs_test.exs index 7862f7825..5523565a4 100644 --- a/test/elixir/test/all_docs_test.exs +++ b/test/elixir/test/all_docs_test.exs @@ -445,22 +445,4 @@ defmodule AllDocsTest do assert resp.status_code == 200 end - - @tag :with_db - test "POST boolean", context do - db_name = context[:db_name] - - resp = Couch.post("/#{db_name}/_bulk_docs", body: %{docs: create_docs(0..3)}) - assert resp.status_code in [201, 202] - - resp = Couch.post( - "/#{db_name}/_all_docs", - body: %{ - :stable => true, - :update => true - } - ) - - assert resp.status_code == 200 - end end diff --git a/test/elixir/test/attachment_names_test.exs b/test/elixir/test/attachment_names_test.exs index 66596c865..6a824a0a5 100644 --- a/test/elixir/test/attachment_names_test.exs +++ b/test/elixir/test/attachment_names_test.exs @@ -94,5 +94,20 @@ defmodule AttachmentNamesTest do assert resp.body["reason"] == "Attachment name '_foo.txt' starts with prohibited character '_'" + + resp = + Couch.post( + "/#{db_name}", + body: @leading_underscores_att + ) + + assert resp.status_code == 400 + + assert resp.body["reason"] == + "Attachment name '_foo.txt' starts with prohibited character '_'" + + resp = Couch.get("/#{db_name}/bin_doc2/_foo.txt") + + assert resp.status_code == 404 end end |