Permalink
Browse files

Validate numeric argument to _revs_limit.

Closes COUCHDB-1087

Patch by Lukasz Mielicki.
  • Loading branch information...
1 parent cc48641 commit 3b37d17d1329dbb7515b05a849bfa6131ba1c89b @janl janl committed Oct 29, 2011
Showing with 16 additions and 2 deletions.
  1. +1 −0 THANKS
  2. +8 −0 share/www/script/test/rev_stemming.js
  3. +7 −2 src/couchdb/couch_httpd_db.erl
View
1 THANKS
@@ -89,5 +89,6 @@ suggesting improvements or submitting changes. Some of these people are:
* Alexander Shorin <kxepal@gmail.com>
* Christopher Bonhage <queezey@me.com>
* Christian Carter <cdcarter@gmail.com>
+ * Lukasz Mielicki <mielicki@gmail.com>
For a list of authors see the `AUTHORS` file.
@@ -23,6 +23,14 @@ couchTests.rev_stemming = function(debug) {
T(db.getDbProperty("_revs_limit") == 1000);
+ // Make an invalid request to _revs_limit
+ // Should return 400
+ var xhr = CouchDB.request("PUT", "/test_suite_db/_revs_limit", {body:"\"foo\""});
+ T(xhr.status == 400);
+ var result = JSON.parse(xhr.responseText);
+ T(result.error == "bad_request");
+ T(result.reason == "Rev limit has to be an integer");
+
var doc = {_id:"foo",foo:0}
for( var i=0; i < newLimit + 1; i++) {
doc.foo++;
@@ -422,8 +422,13 @@ db_req(#httpd{path_parts=[_,<<"_security">>]}=Req, _Db) ->
db_req(#httpd{method='PUT',path_parts=[_,<<"_revs_limit">>]}=Req,
Db) ->
Limit = couch_httpd:json_body(Req),
- ok = couch_db:set_revs_limit(Db, Limit),
- send_json(Req, {[{<<"ok">>, true}]});
+ case is_integer(Limit) of
+ true ->
+ ok = couch_db:set_revs_limit(Db, Limit),
+ send_json(Req, {[{<<"ok">>, true}]});
+ false ->
+ throw({bad_request, <<"Rev limit has to be an integer">>})
+ end;
db_req(#httpd{method='GET',path_parts=[_,<<"_revs_limit">>]}=Req, Db) ->
send_json(Req, couch_db:get_revs_limit(Db));

0 comments on commit 3b37d17

Please sign in to comment.