[couchdb] 01/06: config: improve handling of admin-supplied changes

Sat, 14 Jul 2018 03:38:15 -0700 

This is an automated email from the ASF dual-hosted git repository.

jan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/couchdb.git

commit 4ea7210631fb1515fe5a306988af046fe4aff2af
Author: Dave Cottlehuber <[email protected]>
AuthorDate: Mon Apr 30 10:10:26 2018 +0000

    config: improve handling of admin-supplied changes
    
    - send a readable error response from failed config set
    - trust but verify admin-supplied content in separate function
    - return specific error conditions for logging
---
 src/chttpd/src/chttpd_misc.erl              | 10 +++++++---
 src/couch/src/couch_httpd_misc_handlers.erl |  2 +-
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/chttpd/src/chttpd_misc.erl b/src/chttpd/src/chttpd_misc.erl
index 253da23..7be8a49 100644
--- a/src/chttpd/src/chttpd_misc.erl
+++ b/src/chttpd/src/chttpd_misc.erl
@@ -293,11 +293,15 @@ handle_node_req(#httpd{path_parts=[_, _Node, 
<<"_config">>, _Section]}=Req) ->
 % "value"
 handle_node_req(#httpd{method='PUT', path_parts=[_, Node, <<"_config">>, 
Section, Key]}=Req) ->
     couch_util:check_config_blacklist(Section),
-    Value = chttpd:json_body(Req),
+    Value = string:trim(chttpd:json_body(Req)),
     Persist = chttpd:header_value(Req, "X-Couch-Persist") /= "false",
     OldValue = call_node(Node, config, get, [Section, Key, ""]),
-    ok = call_node(Node, config, set, [Section, Key, ?b2l(Value), Persist]),
-    send_json(Req, 200, list_to_binary(OldValue));
+    case call_node(Node, config, set, [Section, Key, ?b2l(Value), Persist]) of
+        ok ->
+            send_json(Req, 200, list_to_binary(OldValue));
+        {error, Reason} ->
+            chttpd:send_error(Req, {bad_request, Reason})
+    end;
 % GET /_node/$node/_config/Section/Key
 handle_node_req(#httpd{method='GET', path_parts=[_, Node, <<"_config">>, 
Section, Key]}=Req) ->
     case call_node(Node, config, get, [Section, Key, undefined]) of
diff --git a/src/couch/src/couch_httpd_misc_handlers.erl 
b/src/couch/src/couch_httpd_misc_handlers.erl
index e2fc9f2..258f1b2 100644
--- a/src/couch/src/couch_httpd_misc_handlers.erl
+++ b/src/couch/src/couch_httpd_misc_handlers.erl
@@ -262,7 +262,7 @@ handle_approved_config_req(#httpd{method='PUT', 
path_parts=[_, Section, Key]}=Re
         <<"admins">> ->
             couch_passwords:hash_admin_password(RawValue);
         _ ->
-            RawValue
+            string:trim(RawValue)
         end
     end,
     OldValue = config:get(Section, Key, ""),

Reply via email to