[ https://issues.apache.org/jira/browse/COUCHDB-708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12988764#comment-12988764 ]
Petr Běhan commented on COUCHDB-708: ------------------------------------ Still a problem in current couchdb version (1.0.1 and svn head r1065575). I can confirm that the attached patch fixes the issue (after trivial rebase). > Newlines in document locations break header parsing > --------------------------------------------------- > > Key: COUCHDB-708 > URL: https://issues.apache.org/jira/browse/COUCHDB-708 > Project: CouchDB > Issue Type: Bug > Components: Database Core > Affects Versions: 0.10.1 > Environment: ubuntu > Reporter: Tim > Priority: Critical > Attachments: couchdb-urlencode-location.patch > > > Newlines in document locations break header parsing. Potential header > injection issues? > $ curl -X DELETE http://localhost:5984/testdb > {"ok":true} > $ curl -X PUT http://localhost:5984/testdb > {"ok":true} > $ curl -i -X PUT -d '{}' 'http://localhost:5984/testdb/docid%0A' > HTTP/1.1 201 Created > Server: CouchDB/0.10.1 (Erlang OTP/R13B) > Location: http://localhost:5984/testdb/docid > Etag: "1-967a00dff5e02add41819138abb3284d" > Date: Wed, 24 Mar 2010 12:33:25 GMT > Content-Type: text/plain;charset=utf-8 > Content-Length: 70 > Cache-Control: must-revalidate > {"ok":true,"id":"docid\n","rev":"1-967a00dff5e02add41819138abb3284d"} -- This message is automatically generated by JIRA. - For more information on JIRA, see: http://www.atlassian.com/software/jira