diff options
| author | Dave Cottlehuber <dch@apache.org> | 2018-04-30 10:10:26 +0000 |
|---|---|---|
| committer | Jan Lehnardt <jan@apache.org> | 2018-07-13 17:42:37 +0200 |
| commit | 5f34f6a6f0909196c484abaa858bfb745b52f5a0 (patch) | |
| tree | bb0e32677cc674784224334e6fa55bd14a007712 | |
| parent | 572234fb5026ae64ec7f6ed84728f2b1ef63d955 (diff) | |
| download | couchdb-5f34f6a6f0909196c484abaa858bfb745b52f5a0.tar.gz | |
config: improve handling of admin-supplied changes
- send a readable error response from failed config set
- trust but verify admin-supplied content in separate function
- return specific error conditions for logging
| -rw-r--r-- | src/chttpd/src/chttpd_misc.erl | 10 | ||||
| -rw-r--r-- | src/couch/src/couch_httpd_misc_handlers.erl | 2 |
2 files changed, 8 insertions, 4 deletions
diff --git a/src/chttpd/src/chttpd_misc.erl b/src/chttpd/src/chttpd_misc.erl index 253da233e..7be8a49ff 100644 --- a/src/chttpd/src/chttpd_misc.erl +++ b/src/chttpd/src/chttpd_misc.erl @@ -293,11 +293,15 @@ handle_node_req(#httpd{path_parts=[_, _Node, <<"_config">>, _Section]}=Req) -> % "value" handle_node_req(#httpd{method='PUT', path_parts=[_, Node, <<"_config">>, Section, Key]}=Req) -> couch_util:check_config_blacklist(Section), - Value = chttpd:json_body(Req), + Value = string:trim(chttpd:json_body(Req)), Persist = chttpd:header_value(Req, "X-Couch-Persist") /= "false", OldValue = call_node(Node, config, get, [Section, Key, ""]), - ok = call_node(Node, config, set, [Section, Key, ?b2l(Value), Persist]), - send_json(Req, 200, list_to_binary(OldValue)); + case call_node(Node, config, set, [Section, Key, ?b2l(Value), Persist]) of + ok -> + send_json(Req, 200, list_to_binary(OldValue)); + {error, Reason} -> + chttpd:send_error(Req, {bad_request, Reason}) + end; % GET /_node/$node/_config/Section/Key handle_node_req(#httpd{method='GET', path_parts=[_, Node, <<"_config">>, Section, Key]}=Req) -> case call_node(Node, config, get, [Section, Key, undefined]) of diff --git a/src/couch/src/couch_httpd_misc_handlers.erl b/src/couch/src/couch_httpd_misc_handlers.erl index e2fc9f2fc..258f1b2fe 100644 --- a/src/couch/src/couch_httpd_misc_handlers.erl +++ b/src/couch/src/couch_httpd_misc_handlers.erl @@ -262,7 +262,7 @@ handle_approved_config_req(#httpd{method='PUT', path_parts=[_, Section, Key]}=Re <<"admins">> -> couch_passwords:hash_admin_password(RawValue); _ -> - RawValue + string:trim(RawValue) end end, OldValue = config:get(Section, Key, ""), |