[jira] [Commented] (COUCHDB-708) Newlines in document locations break header parsing

Sat, 25 Oct 2014 06:36:03 -0700 

    [ 
https://issues.apache.org/jira/browse/COUCHDB-708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14184095#comment-14184095
 ] 

ASF GitHub Bot commented on COUCHDB-708:
----------------------------------------

GitHub user robertkowalski opened a pull request:

    https://github.com/apache/couchdb-couch/pull/10

    Fix header for documents with newlines in the name

    Properly urlencode the Document-Id in the Location field of the
    header
    
    Based on a patch from Sean Bartell <[email protected]>
    
    Added some eunit-tests
    
    COUCHDB-708

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/robertkowalski/couchdb-couch 
708-newline-header

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/couchdb-couch/pull/10.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #10
    
----
commit f58cbaa2e205342e619e34c59270d114943ec3d6
Author: Robert Kowalski <[email protected]>
Date:   2014-10-25T01:16:38Z

    Fix header for documents with newlines in the name
    
    Properly urlencode the Document-Id in the Location field of the
    header
    
    Based on a patch from Sean Bartell <[email protected]>
    
    Added some eunit-tests
    
    COUCHDB-708

----


> Newlines in document locations break header parsing
> ---------------------------------------------------
>
>                 Key: COUCHDB-708
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-708
>             Project: CouchDB
>          Issue Type: Bug
>          Components: Database Core
>    Affects Versions: 0.10.1
>         Environment: ubuntu
>            Reporter: Tim
>            Assignee: Robert Kowalski
>            Priority: Critical
>         Attachments: couchdb-urlencode-location.patch
>
>
> Newlines in document locations break header parsing. Potential header 
> injection issues?
> $ curl -X DELETE http://localhost:5984/testdb
> {"ok":true}
> $ curl -X PUT http://localhost:5984/testdb
> {"ok":true}
> $ curl -i -X PUT -d '{}' 'http://localhost:5984/testdb/docid%0A'
> HTTP/1.1 201 Created
> Server: CouchDB/0.10.1 (Erlang OTP/R13B)
> Location: http://localhost:5984/testdb/docid
> Etag: "1-967a00dff5e02add41819138abb3284d"
> Date: Wed, 24 Mar 2010 12:33:25 GMT
> Content-Type: text/plain;charset=utf-8
> Content-Length: 70
> Cache-Control: must-revalidate
> {"ok":true,"id":"docid\n","rev":"1-967a00dff5e02add41819138abb3284d"}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to