Done. On Sun, Oct 30, 2011 at 7:14 PM, Jan Lehnardt <[email protected]> wrote:
> > On Oct 30, 2011, at 19:49 , Noah Slater wrote: > > > Doesn't this allow malicious user agents to craft spoofed log entries for > > CouchDB? You could make it look like something very serious was > happening, > > causing the CouchDB admin to take measures that harm the server or the > data > > it contains. If we're going to do this at all (and I am not sure I see a > > valid use case here) then the message should be prefixed with a big fat > > notice that it's user generated. > > Good thinking, do you want to move the discussion to > https://issues.apache.org/jira/browse/COUCHDB-464 so we don't have two > place to look later? > > I'll reply with my idea about it :) > > Cheers > Jan > -- > > > > > On Sun, Oct 30, 2011 at 4:39 PM, <[email protected]> wrote: > > > >> Updated Branches: > >> refs/heads/master f94530da9 -> 6cffccdfe > >> > >> > >> Allow POST to _log. > >> > >> POST /_log {"level":"info|debug|error", "message":"your message here"} > >> > >> Patch by Robert Newson. > >> > >> Closes COUCHDB-464 > >> > >> > >> Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo > >> Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/6cffccdf > >> Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/6cffccdf > >> Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/6cffccdf > >> > >> Branch: refs/heads/master > >> Commit: 6cffccdfe08e6d859cc7e83be3bcc521bf68fd5a > >> Parents: f94530d > >> Author: Jan Lehnardt <[email protected]> > >> Authored: Sun Oct 30 17:38:18 2011 +0100 > >> Committer: Jan Lehnardt <[email protected]> > >> Committed: Sun Oct 30 17:38:18 2011 +0100 > >> > >> ---------------------------------------------------------------------- > >> src/couchdb/couch_httpd_misc_handlers.erl | 21 ++++++++++++++++++--- > >> 1 files changed, 18 insertions(+), 3 deletions(-) > >> ---------------------------------------------------------------------- > >> > >> > >> > >> > http://git-wip-us.apache.org/repos/asf/couchdb/blob/6cffccdf/src/couchdb/couch_httpd_misc_handlers.erl > >> ---------------------------------------------------------------------- > >> diff --git a/src/couchdb/couch_httpd_misc_handlers.erl > >> b/src/couchdb/couch_httpd_misc_handlers.erl > >> index 8abf0aa..ae6ffe3 100644 > >> --- a/src/couchdb/couch_httpd_misc_handlers.erl > >> +++ b/src/couchdb/couch_httpd_misc_handlers.erl > >> @@ -254,7 +254,22 @@ handle_log_req(#httpd{method='GET'}=Req) -> > >> ]), > >> send_chunk(Resp, Chunk), > >> last_chunk(Resp); > >> +handle_log_req(#httpd{method='POST'}=Req) -> > >> + {PostBody} = couch_httpd:json_body_obj(Req), > >> + Level = couch_util:get_value(<<"level">>, PostBody), > >> + Message = ?b2l(couch_util:get_value(<<"message">>, PostBody)), > >> + case Level of > >> + <<"debug">> -> > >> + ?LOG_DEBUG(Message, []), > >> + send_json(Req, 200, {[{ok, true}]}); > >> + <<"info">> -> > >> + ?LOG_INFO(Message, []), > >> + send_json(Req, 200, {[{ok, true}]}); > >> + <<"error">> -> > >> + ?LOG_ERROR(Message, []), > >> + send_json(Req, 200, {[{ok, true}]}); > >> + _ -> > >> + send_json(Req, 400, {[{error, ?l2b(io_lib:format("Unrecognized > >> log level '~s'", [Level]))}]}) > >> + end; > >> handle_log_req(Req) -> > >> - send_method_not_allowed(Req, "GET"). > >> - > >> - > >> + send_method_not_allowed(Req, "GET,POST"). > >> > >> > >
