[
https://issues.apache.org/jira/browse/COUCHDB-708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14190114#comment-14190114
]
ASF subversion and git services commented on COUCHDB-708:
---------------------------------------------------------
Commit b44515f1c137994f5278f42106ecf720e2c35011 in couchdb-chttpd's branch
refs/heads/master from [~robertkowalski]
[ https://git-wip-us.apache.org/repos/asf?p=couchdb-chttpd.git;h=b44515f ]
Fix location-header for documents with newlines in the name
Properly urlencode the Document-Id in the Location-field of the
header
Based on a patch from Sean Bartell <[email protected]>
COUCHDB-708
> Newlines in document locations break header parsing
> ---------------------------------------------------
>
> Key: COUCHDB-708
> URL: https://issues.apache.org/jira/browse/COUCHDB-708
> Project: CouchDB
> Issue Type: Bug
> Components: Database Core
> Affects Versions: 0.10.1
> Environment: ubuntu
> Reporter: Tim
> Assignee: Robert Kowalski
> Priority: Critical
> Attachments: couchdb-urlencode-location.patch
>
>
> Newlines in document locations break header parsing. Potential header
> injection issues?
> $ curl -X DELETE http://localhost:5984/testdb
> {"ok":true}
> $ curl -X PUT http://localhost:5984/testdb
> {"ok":true}
> $ curl -i -X PUT -d '{}' 'http://localhost:5984/testdb/docid%0A'
> HTTP/1.1 201 Created
> Server: CouchDB/0.10.1 (Erlang OTP/R13B)
> Location: http://localhost:5984/testdb/docid
> Etag: "1-967a00dff5e02add41819138abb3284d"
> Date: Wed, 24 Mar 2010 12:33:25 GMT
> Content-Type: text/plain;charset=utf-8
> Content-Length: 70
> Cache-Control: must-revalidate
> {"ok":true,"id":"docid\n","rev":"1-967a00dff5e02add41819138abb3284d"}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
