svn commit: r965434 - /couchdb/trunk/src/couchdb/couch_doc.erl
Author: fdmanana Date: Mon Jul 19 11:32:46 2010 New Revision: 965434 URL: http://svn.apache.org/viewvc?rev=965434view=rev Log: Fix possible bad match error - WriteFun might not return the atom 'ok'. Modified: couchdb/trunk/src/couchdb/couch_doc.erl Modified: couchdb/trunk/src/couchdb/couch_doc.erl URL: http://svn.apache.org/viewvc/couchdb/trunk/src/couchdb/couch_doc.erl?rev=965434r1=965433r2=965434view=diff == --- couchdb/trunk/src/couchdb/couch_doc.erl (original) +++ couchdb/trunk/src/couchdb/couch_doc.erl Mon Jul 19 11:32:46 2010 @@ -437,7 +437,7 @@ atts_to_mp([Att | RestAtts], Boundary, W true - fun att_foldl/3 end, -AttFun(Att, fun(Data, ok) - WriteFun(Data) end, ok), +AttFun(Att, fun(Data, _) - WriteFun(Data) end, ok), WriteFun(\r\n--, Boundary/binary), atts_to_mp(RestAtts, Boundary, WriteFun, SendEncodedAtts).
svn commit: r965435 - /couchdb/branches/new_replicator/src/couchdb/couch_doc.erl
Author: fdmanana Date: Mon Jul 19 11:34:06 2010 New Revision: 965435 URL: http://svn.apache.org/viewvc?rev=965435view=rev Log: Merge revision 965434 from trunk: Fix possible bad match error - WriteFun might not return the atom 'ok'. Modified: couchdb/branches/new_replicator/src/couchdb/couch_doc.erl Modified: couchdb/branches/new_replicator/src/couchdb/couch_doc.erl URL: http://svn.apache.org/viewvc/couchdb/branches/new_replicator/src/couchdb/couch_doc.erl?rev=965435r1=965434r2=965435view=diff == --- couchdb/branches/new_replicator/src/couchdb/couch_doc.erl (original) +++ couchdb/branches/new_replicator/src/couchdb/couch_doc.erl Mon Jul 19 11:34:06 2010 @@ -436,7 +436,7 @@ atts_to_mp([Att | RestAtts], Boundary, W true - fun att_foldl/3 end, -AttFun(Att, fun(Data, ok) - WriteFun(Data) end, ok), +AttFun(Att, fun(Data, _) - WriteFun(Data) end, ok), WriteFun(\r\n--, Boundary/binary), atts_to_mp(RestAtts, Boundary, WriteFun, SendEncodedAtts).
svn commit: r965667 - in /couchdb/trunk/src/couchdb: couch_db.hrl couch_doc.erl couch_httpd.erl couch_httpd_rewrite.erl couch_httpd_stats_handlers.erl couch_httpd_view.erl couch_os_process.erl couch_r
Author: jchris
Date: Mon Jul 19 22:46:14 2010
New Revision: 965667
URL: http://svn.apache.org/viewvc?rev=965667view=rev
Log:
remove unguarded atom creation to prevent DOS attacks. closes COUCHDB-829
Modified:
couchdb/trunk/src/couchdb/couch_db.hrl
couchdb/trunk/src/couchdb/couch_doc.erl
couchdb/trunk/src/couchdb/couch_httpd.erl
couchdb/trunk/src/couchdb/couch_httpd_rewrite.erl
couchdb/trunk/src/couchdb/couch_httpd_stats_handlers.erl
couchdb/trunk/src/couchdb/couch_httpd_view.erl
couchdb/trunk/src/couchdb/couch_os_process.erl
couchdb/trunk/src/couchdb/couch_rep.erl
couchdb/trunk/src/couchdb/couch_util.erl
Modified: couchdb/trunk/src/couchdb/couch_db.hrl
URL:
http://svn.apache.org/viewvc/couchdb/trunk/src/couchdb/couch_db.hrl?rev=965667r1=965666r2=965667view=diff
==
--- couchdb/trunk/src/couchdb/couch_db.hrl (original)
+++ couchdb/trunk/src/couchdb/couch_db.hrl Mon Jul 19 22:46:14 2010
@@ -20,7 +20,6 @@
-define(JSON_ENCODE(V), couch_util:json_encode(V)).
-define(JSON_DECODE(V), couch_util:json_decode(V)).
--define(b2a(V), list_to_atom(binary_to_list(V))).
-define(b2l(V), binary_to_list(V)).
-define(l2b(V), list_to_binary(V)).
Modified: couchdb/trunk/src/couchdb/couch_doc.erl
URL:
http://svn.apache.org/viewvc/couchdb/trunk/src/couchdb/couch_doc.erl?rev=965667r1=965666r2=965667view=diff
==
--- couchdb/trunk/src/couchdb/couch_doc.erl (original)
+++ couchdb/trunk/src/couchdb/couch_doc.erl Mon Jul 19 22:46:14 2010
@@ -267,7 +267,7 @@ att_encoding_info(BinProps) -
{identity, DiskLen};
Enc -
EncodedLen = couch_util:get_value(encoded_length, BinProps,
DiskLen),
-{list_to_atom(?b2l(Enc)), EncodedLen}
+{list_to_existing_atom(?b2l(Enc)), EncodedLen}
end.
to_doc_info(FullDocInfo) -
Modified: couchdb/trunk/src/couchdb/couch_httpd.erl
URL:
http://svn.apache.org/viewvc/couchdb/trunk/src/couchdb/couch_httpd.erl?rev=965667r1=965666r2=965667view=diff
==
--- couchdb/trunk/src/couchdb/couch_httpd.erl (original)
+++ couchdb/trunk/src/couchdb/couch_httpd.erl Mon Jul 19 22:46:14 2010
@@ -225,7 +225,7 @@ handle_request_int(MochiReq, DefaultFun,
true -
?LOG_INFO(MethodOverride: ~s (real method was ~s), [MethodOverride,
Method1]),
case Method1 of
-'POST' - list_to_atom(MethodOverride);
+'POST' - couch_util:to_existing_atom(MethodOverride);
_ -
% Ignore X-HTTP-Method-Override when the original verb isn't POST.
% I'd like to send a 406 error to the client, but that'd require a
nasty refactor.
Modified: couchdb/trunk/src/couchdb/couch_httpd_rewrite.erl
URL:
http://svn.apache.org/viewvc/couchdb/trunk/src/couchdb/couch_httpd_rewrite.erl?rev=965667r1=965666r2=965667view=diff
==
--- couchdb/trunk/src/couchdb/couch_httpd_rewrite.erl (original)
+++ couchdb/trunk/src/couchdb/couch_httpd_rewrite.erl Mon Jul 19 22:46:14 2010
@@ -20,7 +20,7 @@
-include(couch_db.hrl).
-define(SEPARATOR, $\/).
--define(MATCH_ALL, '*').
+-define(MATCH_ALL, {bind, *}).
%% doc The http rewrite handler. All rewriting is done from
@@ -118,7 +118,7 @@ handle_rewrite_req(#httpd{
DesignId = _design/, DesignName/binary,
Prefix = /, DbName/binary, /, DesignId/binary,
QueryList = couch_httpd:qs(Req),
-QueryList1 = [{to_atom(K), V} || {K, V} - QueryList],
+QueryList1 = [{to_binding(K), V} || {K, V} - QueryList],
#doc{body={Props}} = DDoc,
@@ -132,12 +132,12 @@ handle_rewrite_req(#httpd{
DispatchList = [make_rule(Rule) || {Rule} - Rules],
%% get raw path by matching url to a rule.
-RawPath = case try_bind_path(DispatchList, Method, PathParts,
+RawPath = case try_bind_path(DispatchList,
couch_util:to_binary(Method), PathParts,
QueryList1) of
no_dispatch_path -
throw(not_found);
{NewPathParts, Bindings} -
-Parts = [mochiweb_util:quote_plus(X) || X - NewPathParts],
+Parts = [quote_plus(X) || X - NewPathParts],
% build new path, reencode query args, eventually convert
% them to json
@@ -183,7 +183,10 @@ handle_rewrite_req(#httpd{
UrlHandlers, DbUrlHandlers, DesignUrlHandlers)
end.
-
+quote_plus({bind, X}) -
+mochiweb_util:quote_plus(X);
+quote_plus(X) -
+mochiweb_util:quote_plus(X).
%% @doc Try to find a rule matching current url. If none is found
%% 404 error not_found is raised
@@ -196,15 +199,13 @@ try_bind_path([Dispatch|Rest], Method, P
case bind_path(PathParts1, PathParts, [])
svn commit: r965673 - in /couchdb/branches/1.0.x/src/couchdb: couch_db.hrl couch_doc.erl couch_httpd.erl couch_httpd_rewrite.erl couch_httpd_stats_handlers.erl couch_httpd_view.erl couch_os_process.er
Author: jchris
Date: Mon Jul 19 22:59:53 2010
New Revision: 965673
URL: http://svn.apache.org/viewvc?rev=965673view=rev
Log:
remove unguarded atom creation to prevent DOS attacks. closes COUCHDB-829
Modified:
couchdb/branches/1.0.x/src/couchdb/couch_db.hrl
couchdb/branches/1.0.x/src/couchdb/couch_doc.erl
couchdb/branches/1.0.x/src/couchdb/couch_httpd.erl
couchdb/branches/1.0.x/src/couchdb/couch_httpd_rewrite.erl
couchdb/branches/1.0.x/src/couchdb/couch_httpd_stats_handlers.erl
couchdb/branches/1.0.x/src/couchdb/couch_httpd_view.erl
couchdb/branches/1.0.x/src/couchdb/couch_os_process.erl
couchdb/branches/1.0.x/src/couchdb/couch_rep.erl
couchdb/branches/1.0.x/src/couchdb/couch_util.erl
Modified: couchdb/branches/1.0.x/src/couchdb/couch_db.hrl
URL:
http://svn.apache.org/viewvc/couchdb/branches/1.0.x/src/couchdb/couch_db.hrl?rev=965673r1=965672r2=965673view=diff
==
--- couchdb/branches/1.0.x/src/couchdb/couch_db.hrl (original)
+++ couchdb/branches/1.0.x/src/couchdb/couch_db.hrl Mon Jul 19 22:59:53 2010
@@ -20,7 +20,6 @@
-define(JSON_ENCODE(V), couch_util:json_encode(V)).
-define(JSON_DECODE(V), couch_util:json_decode(V)).
--define(b2a(V), list_to_atom(binary_to_list(V))).
-define(b2l(V), binary_to_list(V)).
-define(l2b(V), list_to_binary(V)).
Modified: couchdb/branches/1.0.x/src/couchdb/couch_doc.erl
URL:
http://svn.apache.org/viewvc/couchdb/branches/1.0.x/src/couchdb/couch_doc.erl?rev=965673r1=965672r2=965673view=diff
==
--- couchdb/branches/1.0.x/src/couchdb/couch_doc.erl (original)
+++ couchdb/branches/1.0.x/src/couchdb/couch_doc.erl Mon Jul 19 22:59:53 2010
@@ -267,7 +267,7 @@ att_encoding_info(BinProps) -
{identity, DiskLen};
Enc -
EncodedLen = couch_util:get_value(encoded_length, BinProps,
DiskLen),
-{list_to_atom(?b2l(Enc)), EncodedLen}
+{list_to_existing_atom(?b2l(Enc)), EncodedLen}
end.
to_doc_info(FullDocInfo) -
Modified: couchdb/branches/1.0.x/src/couchdb/couch_httpd.erl
URL:
http://svn.apache.org/viewvc/couchdb/branches/1.0.x/src/couchdb/couch_httpd.erl?rev=965673r1=965672r2=965673view=diff
==
--- couchdb/branches/1.0.x/src/couchdb/couch_httpd.erl (original)
+++ couchdb/branches/1.0.x/src/couchdb/couch_httpd.erl Mon Jul 19 22:59:53 2010
@@ -225,7 +225,7 @@ handle_request_int(MochiReq, DefaultFun,
true -
?LOG_INFO(MethodOverride: ~s (real method was ~s), [MethodOverride,
Method1]),
case Method1 of
-'POST' - list_to_atom(MethodOverride);
+'POST' - couch_util:to_existing_atom(MethodOverride);
_ -
% Ignore X-HTTP-Method-Override when the original verb isn't POST.
% I'd like to send a 406 error to the client, but that'd require a
nasty refactor.
Modified: couchdb/branches/1.0.x/src/couchdb/couch_httpd_rewrite.erl
URL:
http://svn.apache.org/viewvc/couchdb/branches/1.0.x/src/couchdb/couch_httpd_rewrite.erl?rev=965673r1=965672r2=965673view=diff
==
--- couchdb/branches/1.0.x/src/couchdb/couch_httpd_rewrite.erl (original)
+++ couchdb/branches/1.0.x/src/couchdb/couch_httpd_rewrite.erl Mon Jul 19
22:59:53 2010
@@ -20,7 +20,7 @@
-include(couch_db.hrl).
-define(SEPARATOR, $\/).
--define(MATCH_ALL, '*').
+-define(MATCH_ALL, {bind, *}).
%% doc The http rewrite handler. All rewriting is done from
@@ -118,7 +118,7 @@ handle_rewrite_req(#httpd{
DesignId = _design/, DesignName/binary,
Prefix = /, DbName/binary, /, DesignId/binary,
QueryList = couch_httpd:qs(Req),
-QueryList1 = [{to_atom(K), V} || {K, V} - QueryList],
+QueryList1 = [{to_binding(K), V} || {K, V} - QueryList],
#doc{body={Props}} = DDoc,
@@ -132,12 +132,12 @@ handle_rewrite_req(#httpd{
DispatchList = [make_rule(Rule) || {Rule} - Rules],
%% get raw path by matching url to a rule.
-RawPath = case try_bind_path(DispatchList, Method, PathParts,
+RawPath = case try_bind_path(DispatchList,
couch_util:to_binary(Method), PathParts,
QueryList1) of
no_dispatch_path -
throw(not_found);
{NewPathParts, Bindings} -
-Parts = [mochiweb_util:quote_plus(X) || X - NewPathParts],
+Parts = [quote_plus(X) || X - NewPathParts],
% build new path, reencode query args, eventually convert
% them to json
@@ -183,7 +183,10 @@ handle_rewrite_req(#httpd{
UrlHandlers, DbUrlHandlers, DesignUrlHandlers)
end.
-
+quote_plus({bind, X}) -
+mochiweb_util:quote_plus(X);
+quote_plus(X) -
+
svn commit: r965702 - in /couchdb/branches/1.0.x: share/www/script/test/view_errors.js src/couchdb/couch_httpd_db.erl src/couchdb/couch_httpd_misc_handlers.erl src/couchdb/couch_httpd_view.erl src/cou
Author: jchris
Date: Tue Jul 20 01:04:22 2010
New Revision: 965702
URL: http://svn.apache.org/viewvc?rev=965702view=rev
Log:
require application/json content-type in the remaining places where a POST has
side-effects
Modified:
couchdb/branches/1.0.x/share/www/script/test/view_errors.js
couchdb/branches/1.0.x/src/couchdb/couch_httpd_db.erl
couchdb/branches/1.0.x/src/couchdb/couch_httpd_misc_handlers.erl
couchdb/branches/1.0.x/src/couchdb/couch_httpd_view.erl
couchdb/branches/1.0.x/src/couchdb/couch_rep.erl
Modified: couchdb/branches/1.0.x/share/www/script/test/view_errors.js
URL:
http://svn.apache.org/viewvc/couchdb/branches/1.0.x/share/www/script/test/view_errors.js?rev=965702r1=965701r2=965702view=diff
==
--- couchdb/branches/1.0.x/share/www/script/test/view_errors.js (original)
+++ couchdb/branches/1.0.x/share/www/script/test/view_errors.js Tue Jul 20
01:04:22 2010
@@ -56,14 +56,14 @@ couchTests.view_errors = function(debug)
});
T(JSON.parse(xhr.responseText).error == bad_request);
- // views should ignore Content-Type, like the rest of CouchDB
+ // content type must be json
var xhr = CouchDB.request(POST, /test_suite_db/_temp_view, {
headers: {Content-Type: application/x-www-form-urlencoded},
body: JSON.stringify({language: javascript,
map : function(doc){}
})
});
- T(xhr.status == 200);
+ T(xhr.status == 415);
var map = function (doc) {emit(doc.integer, doc.integer);};
Modified: couchdb/branches/1.0.x/src/couchdb/couch_httpd_db.erl
URL:
http://svn.apache.org/viewvc/couchdb/branches/1.0.x/src/couchdb/couch_httpd_db.erl?rev=965702r1=965701r2=965702view=diff
==
--- couchdb/branches/1.0.x/src/couchdb/couch_httpd_db.erl (original)
+++ couchdb/branches/1.0.x/src/couchdb/couch_httpd_db.erl Tue Jul 20 01:04:22
2010
@@ -242,6 +242,7 @@ db_req(#httpd{path_parts=[_DbName]}=Req,
send_method_not_allowed(Req, DELETE,GET,HEAD,POST);
db_req(#httpd{method='POST',path_parts=[_,_ensure_full_commit]}=Req, Db)
-
+couch_httpd:validate_ctype(Req, application/json),
UpdateSeq = couch_db:get_update_seq(Db),
CommittedSeq = couch_db:get_committed_update_seq(Db),
{ok, StartTime} =
Modified: couchdb/branches/1.0.x/src/couchdb/couch_httpd_misc_handlers.erl
URL:
http://svn.apache.org/viewvc/couchdb/branches/1.0.x/src/couchdb/couch_httpd_misc_handlers.erl?rev=965702r1=965701r2=965702view=diff
==
--- couchdb/branches/1.0.x/src/couchdb/couch_httpd_misc_handlers.erl (original)
+++ couchdb/branches/1.0.x/src/couchdb/couch_httpd_misc_handlers.erl Tue Jul 20
01:04:22 2010
@@ -79,6 +79,7 @@ handle_task_status_req(Req) -
send_method_not_allowed(Req, GET,HEAD).
handle_replicate_req(#httpd{method='POST'}=Req) -
+couch_httpd:validate_ctype(Req, application/json),
PostBody = couch_httpd:json_body_obj(Req),
try couch_rep:replicate(PostBody, Req#httpd.user_ctx) of
{ok, {continuous, RepId}} -
@@ -102,6 +103,7 @@ handle_replicate_req(Req) -
handle_restart_req(#httpd{method='POST'}=Req) -
+couch_httpd:validate_ctype(Req, application/json),
ok = couch_httpd:verify_is_server_admin(Req),
couch_server_sup:restart_core_server(),
send_json(Req, 200, {[{ok, true}]});
@@ -189,6 +191,7 @@ handle_config_req(Req) -
% httpd db handlers
increment_update_seq_req(#httpd{method='POST'}=Req, Db) -
+couch_httpd:validate_ctype(Req, application/json),
{ok, NewSeq} = couch_db:increment_update_seq(Db),
send_json(Req, {[{ok, true},
{update_seq, NewSeq}
Modified: couchdb/branches/1.0.x/src/couchdb/couch_httpd_view.erl
URL:
http://svn.apache.org/viewvc/couchdb/branches/1.0.x/src/couchdb/couch_httpd_view.erl?rev=965702r1=965701r2=965702view=diff
==
--- couchdb/branches/1.0.x/src/couchdb/couch_httpd_view.erl (original)
+++ couchdb/branches/1.0.x/src/couchdb/couch_httpd_view.erl Tue Jul 20 01:04:22
2010
@@ -61,6 +61,7 @@ handle_view_req(#httpd{method='GET',
handle_view_req(#httpd{method='POST',
path_parts=[_, _, DName, _, ViewName]}=Req, Db, _DDoc) -
+couch_httpd:validate_ctype(Req, application/json),
{Fields} = couch_httpd:json_body_obj(Req),
case couch_util:get_value(keys, Fields, nil) of
nil -
@@ -77,6 +78,7 @@ handle_view_req(Req, _Db, _DDoc) -
send_method_not_allowed(Req, GET,POST,HEAD).
handle_temp_view_req(#httpd{method='POST'}=Req, Db) -
+couch_httpd:validate_ctype(Req, application/json),
ok = couch_db:check_is_admin(Db),
couch_stats_collector:increment({httpd, temporary_view_reads}),
{Props} = couch_httpd:json_body_obj(Req),
Modified:
