Permalink
Browse files

COUCHDB-1242 - validate that query_params are strings.

git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@1157195 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information...
1 parent c856916 commit 11ba679773b9d549f8cdc86057d6cb0cea255085 @rnewson rnewson committed Aug 12, 2011
Showing with 35 additions and 3 deletions.
  1. +6 −0 CHANGES
  2. +15 −2 share/www/script/test/replication.js
  3. +14 −1 src/couchdb/couch_httpd_replicator.erl
View
@@ -6,6 +6,12 @@ Version 1.2.0
This version has not been released yet.
+Replicator:
+
+ * Passing non-string values to query_params is now a 400 bad
+ request. This is to reduce the surprise that all parameters
+ are converted to strings internally.
+
Build System:
* cURL is no longer required to build CouchDB as it is only
@@ -666,7 +666,7 @@ couchTests.replication = function(debug) {
body: {
filter: "mydesign/myfilter",
query_params: {
- modulus: 2,
+ modulus: "2",
special: "7"
}
}
@@ -714,7 +714,7 @@ couchTests.replication = function(debug) {
body: {
filter: "mydesign/myfilter",
query_params: {
- modulus: 2,
+ modulus: "2",
special: "7"
}
}
@@ -1649,6 +1649,19 @@ couchTests.replication = function(debug) {
TEquals("undefined", typeof copy._attachments["foo.dat"]["encoding"]);
// end of test for COUCHDB-885
+ // Test for COUCHDB-1242 (reject non-string query_params)
+ try {
+ CouchDB.replicate(sourceDb, targetDb, {
+ body: {
+ filter : "mydesign/myfilter",
+ query_params : {
+ "maxvalue": 4
+ }
+ }
+ });
+ } catch (e) {
+ TEquals("bad_request", e.error);
+ }
// cleanup
usersDb.deleteDb();
@@ -29,7 +29,8 @@
handle_req(#httpd{method = 'POST', user_ctx = UserCtx} = Req) ->
couch_httpd:validate_ctype(Req, "application/json"),
- RepDoc = couch_httpd:json_body_obj(Req),
+ RepDoc = {Props} = couch_httpd:json_body_obj(Req),
+ validate_rep_props(Props),
{ok, Rep} = couch_replicator_utils:parse_rep_doc(RepDoc, UserCtx),
case couch_replicator:replicate(Rep) of
{error, {Error, Reason}} ->
@@ -51,3 +52,15 @@ handle_req(#httpd{method = 'POST', user_ctx = UserCtx} = Req) ->
handle_req(Req) ->
send_method_not_allowed(Req, "POST").
+
+validate_rep_props([]) ->
+ ok;
+validate_rep_props([{<<"query_params">>, {Params}}|Rest]) ->
+ lists:foreach(fun
+ ({_,V}) when is_binary(V) -> ok;
+ ({K,_}) -> throw({bad_request,
+ <<K/binary," value must be a string.">>})
+ end, Params),
+ validate_rep_props(Rest);
+validate_rep_props([_|Rest]) ->
+ validate_rep_props(Rest).

0 comments on commit 11ba679

Please sign in to comment.