Fix #1988 - Validate attachment names on POST /db/doc #1997
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jjrodrig
changed the title
Member
|
Hi @jjrodrig , any desire to get this updated and merged into the |
Contributor
Author
|
Sure @wohali As soon this PR is accepted, I'll open PRs to merge into the 3.x and 3.0.x branches |
jjrodrig
force-pushed
the
1988-fix-attachment-name-validation
branch
from
81ab659 to
b5c4daa
Compare
jjrodrig
force-pushed
the
1988-fix-attachment-name-validation
branch
from
b5c4daa to
a69c401
Compare
rnewson
reviewed
Apr 3, 2020
src/chttpd/src/chttpd_db.erl
Outdated
| db_attachment_req(#httpd{method='GET',mochi_req=MochiReq}=Req, Db, DocId, FileNameParts) -> | ||
| FileName = list_to_binary(mochiweb_util:join(lists:map(fun binary_to_list/1, | ||
| FileNameParts),"/")), | ||
| validate_attachment_name(FileName), |
Contributor
Author
There was a problem hiding this comment.
Just to be consistent in the API response and return 400 when the attachment name is not valid.
We can remove the validation and just return 404
Contributor
Author
There was a problem hiding this comment.
@rnewson Do you think that we should return 404 and not 400 when a not allowed attachment name is requested?
Contributor
Author
There was a problem hiding this comment.
finally I've removed the attachment name validation on GET
rnewson
reviewed
Apr 3, 2020
src/chttpd/src/chttpd_db.erl
Outdated
| validate_partitioned_db_enabled(Req) -> | ||
| case couch_flags:is_enabled(partitioned, Req) of | ||
| true -> | ||
| true -> |
jjrodrig
force-pushed
the
1988-fix-attachment-name-validation
branch
2 times, most recently
from
83847fb to
515368b
Compare
Member
Contributor
Author
|
@wohali I'll update this and move it to main |
jjrodrig
force-pushed
the
1988-fix-attachment-name-validation
branch
from
ceea9bf to
2711564
Compare
jjrodrig
changed the title
jjrodrig
changed the title
jjrodrig
force-pushed
the
1988-fix-attachment-name-validation
branch
from
2711564 to
2bf4f41
Compare
4 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
This PR solves the problem described at the issue #1988
PUT & POST operations for creating documents in a database enforce different validation rules over the attachment names of the new document.
When a document is created with a PUT operation "_foo.txt" is not accepted as a valid attachment name. If the document is created by a POST operation the "_foo.txt" attachment name is accepted.
This is an inconsistent behavoiur in the API as not accepted attachment names can be created.
Testing recommendations
Related Issues or Pull Requests
This PR fixes #1988
Checklist