This is an automated email from the ASF dual-hosted git repository.
juanjo pushed a commit to branch 3.x
in repository https://gitbox.apache.org/repos/asf/couchdb.git
The following commit(s) were added to refs/heads/3.x by this push:
new ffbf695 Fix apache/couchdb#1988 - Validate attachment names
ffbf695 is described below
commit ffbf695ff557b06413162e90cac568584adfdadd
Author: Juanjo Rodriguez <[email protected]>
AuthorDate: Sun Mar 24 23:32:54 2019 +0100
Fix apache/couchdb#1988 - Validate attachment names
---
src/chttpd/src/chttpd_db.erl | 1 +
test/elixir/test/attachment_names_test.exs | 15 +++++++++++++++
2 files changed, 16 insertions(+)
diff --git a/src/chttpd/src/chttpd_db.erl b/src/chttpd/src/chttpd_db.erl
index b995460..0e3701a 100644
--- a/src/chttpd/src/chttpd_db.erl
+++ b/src/chttpd/src/chttpd_db.erl
@@ -437,6 +437,7 @@ db_req(#httpd{method='POST', path_parts=[DbName],
user_ctx=Ctx}=Req, Db) ->
Options = [{user_ctx,Ctx}, {w,W}],
Doc = couch_db:doc_from_json_obj_validate(Db, chttpd:json_body(Req)),
+ validate_attachment_names(Doc),
Doc2 = case Doc#doc.id of
<<"">> ->
Doc#doc{id=couch_uuids:new(), revs={0, []}};
diff --git a/test/elixir/test/attachment_names_test.exs
b/test/elixir/test/attachment_names_test.exs
index 4593a85..a89b265 100644
--- a/test/elixir/test/attachment_names_test.exs
+++ b/test/elixir/test/attachment_names_test.exs
@@ -93,5 +93,20 @@ defmodule AttachmentNamesTest do
assert resp.body["reason"] ==
"Attachment name '_foo.txt' starts with prohibited character '_'"
+
+ resp =
+ Couch.post(
+ "/#{db_name}",
+ body: @leading_underscores_att
+ )
+
+ assert resp.status_code == 400
+
+ assert resp.body["reason"] ==
+ "Attachment name '_foo.txt' starts with prohibited character '_'"
+
+ resp = Couch.get("/#{db_name}/bin_doc2/_foo.txt")
+
+ assert resp.status_code == 404
end
end
