Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Validate numeric argument to _revs_limit.

Closes COUCHDB-1087

Patch by Lukasz Mielicki.
  • Loading branch information...
commit 3b37d17d1329dbb7515b05a849bfa6131ba1c89b 1 parent cc48641
@janl janl authored
View
1  THANKS
@@ -89,5 +89,6 @@ suggesting improvements or submitting changes. Some of these people are:
* Alexander Shorin <kxepal@gmail.com>
* Christopher Bonhage <queezey@me.com>
* Christian Carter <cdcarter@gmail.com>
+ * Lukasz Mielicki <mielicki@gmail.com>
For a list of authors see the `AUTHORS` file.
View
8 share/www/script/test/rev_stemming.js
@@ -23,6 +23,14 @@ couchTests.rev_stemming = function(debug) {
T(db.getDbProperty("_revs_limit") == 1000);
+ // Make an invalid request to _revs_limit
+ // Should return 400
+ var xhr = CouchDB.request("PUT", "/test_suite_db/_revs_limit", {body:"\"foo\""});
+ T(xhr.status == 400);
+ var result = JSON.parse(xhr.responseText);
+ T(result.error == "bad_request");
+ T(result.reason == "Rev limit has to be an integer");
+
var doc = {_id:"foo",foo:0}
for( var i=0; i < newLimit + 1; i++) {
doc.foo++;
View
9 src/couchdb/couch_httpd_db.erl
@@ -422,8 +422,13 @@ db_req(#httpd{path_parts=[_,<<"_security">>]}=Req, _Db) ->
db_req(#httpd{method='PUT',path_parts=[_,<<"_revs_limit">>]}=Req,
Db) ->
Limit = couch_httpd:json_body(Req),
- ok = couch_db:set_revs_limit(Db, Limit),
- send_json(Req, {[{<<"ok">>, true}]});
+ case is_integer(Limit) of
+ true ->
+ ok = couch_db:set_revs_limit(Db, Limit),
+ send_json(Req, {[{<<"ok">>, true}]});
+ false ->
+ throw({bad_request, <<"Rev limit has to be an integer">>})
+ end;
db_req(#httpd{method='GET',path_parts=[_,<<"_revs_limit">>]}=Req, Db) ->
send_json(Req, couch_db:get_revs_limit(Db));
Please sign in to comment.
Something went wrong with that request. Please try again.