svn commit: r965434 - /couchdb/trunk/src/couchdb/couch_doc.erl
Author: fdmanana Date: Mon Jul 19 11:32:46 2010 New Revision: 965434 URL: http://svn.apache.org/viewvc?rev=965434view=rev Log: Fix possible bad match error - WriteFun might not return the atom 'ok'. Modified: couchdb/trunk/src/couchdb/couch_doc.erl Modified: couchdb/trunk/src/couchdb/couch_doc.erl URL: http://svn.apache.org/viewvc/couchdb/trunk/src/couchdb/couch_doc.erl?rev=965434r1=965433r2=965434view=diff == --- couchdb/trunk/src/couchdb/couch_doc.erl (original) +++ couchdb/trunk/src/couchdb/couch_doc.erl Mon Jul 19 11:32:46 2010 @@ -437,7 +437,7 @@ atts_to_mp([Att | RestAtts], Boundary, W true - fun att_foldl/3 end, -AttFun(Att, fun(Data, ok) - WriteFun(Data) end, ok), +AttFun(Att, fun(Data, _) - WriteFun(Data) end, ok), WriteFun(\r\n--, Boundary/binary), atts_to_mp(RestAtts, Boundary, WriteFun, SendEncodedAtts).
svn commit: r965435 - /couchdb/branches/new_replicator/src/couchdb/couch_doc.erl
Author: fdmanana Date: Mon Jul 19 11:34:06 2010 New Revision: 965435 URL: http://svn.apache.org/viewvc?rev=965435view=rev Log: Merge revision 965434 from trunk: Fix possible bad match error - WriteFun might not return the atom 'ok'. Modified: couchdb/branches/new_replicator/src/couchdb/couch_doc.erl Modified: couchdb/branches/new_replicator/src/couchdb/couch_doc.erl URL: http://svn.apache.org/viewvc/couchdb/branches/new_replicator/src/couchdb/couch_doc.erl?rev=965435r1=965434r2=965435view=diff == --- couchdb/branches/new_replicator/src/couchdb/couch_doc.erl (original) +++ couchdb/branches/new_replicator/src/couchdb/couch_doc.erl Mon Jul 19 11:34:06 2010 @@ -436,7 +436,7 @@ atts_to_mp([Att | RestAtts], Boundary, W true - fun att_foldl/3 end, -AttFun(Att, fun(Data, ok) - WriteFun(Data) end, ok), +AttFun(Att, fun(Data, _) - WriteFun(Data) end, ok), WriteFun(\r\n--, Boundary/binary), atts_to_mp(RestAtts, Boundary, WriteFun, SendEncodedAtts).
svn commit: r965667 - in /couchdb/trunk/src/couchdb: couch_db.hrl couch_doc.erl couch_httpd.erl couch_httpd_rewrite.erl couch_httpd_stats_handlers.erl couch_httpd_view.erl couch_os_process.erl couch_r
Author: jchris Date: Mon Jul 19 22:46:14 2010 New Revision: 965667 URL: http://svn.apache.org/viewvc?rev=965667view=rev Log: remove unguarded atom creation to prevent DOS attacks. closes COUCHDB-829 Modified: couchdb/trunk/src/couchdb/couch_db.hrl couchdb/trunk/src/couchdb/couch_doc.erl couchdb/trunk/src/couchdb/couch_httpd.erl couchdb/trunk/src/couchdb/couch_httpd_rewrite.erl couchdb/trunk/src/couchdb/couch_httpd_stats_handlers.erl couchdb/trunk/src/couchdb/couch_httpd_view.erl couchdb/trunk/src/couchdb/couch_os_process.erl couchdb/trunk/src/couchdb/couch_rep.erl couchdb/trunk/src/couchdb/couch_util.erl Modified: couchdb/trunk/src/couchdb/couch_db.hrl URL: http://svn.apache.org/viewvc/couchdb/trunk/src/couchdb/couch_db.hrl?rev=965667r1=965666r2=965667view=diff == --- couchdb/trunk/src/couchdb/couch_db.hrl (original) +++ couchdb/trunk/src/couchdb/couch_db.hrl Mon Jul 19 22:46:14 2010 @@ -20,7 +20,6 @@ -define(JSON_ENCODE(V), couch_util:json_encode(V)). -define(JSON_DECODE(V), couch_util:json_decode(V)). --define(b2a(V), list_to_atom(binary_to_list(V))). -define(b2l(V), binary_to_list(V)). -define(l2b(V), list_to_binary(V)). Modified: couchdb/trunk/src/couchdb/couch_doc.erl URL: http://svn.apache.org/viewvc/couchdb/trunk/src/couchdb/couch_doc.erl?rev=965667r1=965666r2=965667view=diff == --- couchdb/trunk/src/couchdb/couch_doc.erl (original) +++ couchdb/trunk/src/couchdb/couch_doc.erl Mon Jul 19 22:46:14 2010 @@ -267,7 +267,7 @@ att_encoding_info(BinProps) - {identity, DiskLen}; Enc - EncodedLen = couch_util:get_value(encoded_length, BinProps, DiskLen), -{list_to_atom(?b2l(Enc)), EncodedLen} +{list_to_existing_atom(?b2l(Enc)), EncodedLen} end. to_doc_info(FullDocInfo) - Modified: couchdb/trunk/src/couchdb/couch_httpd.erl URL: http://svn.apache.org/viewvc/couchdb/trunk/src/couchdb/couch_httpd.erl?rev=965667r1=965666r2=965667view=diff == --- couchdb/trunk/src/couchdb/couch_httpd.erl (original) +++ couchdb/trunk/src/couchdb/couch_httpd.erl Mon Jul 19 22:46:14 2010 @@ -225,7 +225,7 @@ handle_request_int(MochiReq, DefaultFun, true - ?LOG_INFO(MethodOverride: ~s (real method was ~s), [MethodOverride, Method1]), case Method1 of -'POST' - list_to_atom(MethodOverride); +'POST' - couch_util:to_existing_atom(MethodOverride); _ - % Ignore X-HTTP-Method-Override when the original verb isn't POST. % I'd like to send a 406 error to the client, but that'd require a nasty refactor. Modified: couchdb/trunk/src/couchdb/couch_httpd_rewrite.erl URL: http://svn.apache.org/viewvc/couchdb/trunk/src/couchdb/couch_httpd_rewrite.erl?rev=965667r1=965666r2=965667view=diff == --- couchdb/trunk/src/couchdb/couch_httpd_rewrite.erl (original) +++ couchdb/trunk/src/couchdb/couch_httpd_rewrite.erl Mon Jul 19 22:46:14 2010 @@ -20,7 +20,7 @@ -include(couch_db.hrl). -define(SEPARATOR, $\/). --define(MATCH_ALL, '*'). +-define(MATCH_ALL, {bind, *}). %% doc The http rewrite handler. All rewriting is done from @@ -118,7 +118,7 @@ handle_rewrite_req(#httpd{ DesignId = _design/, DesignName/binary, Prefix = /, DbName/binary, /, DesignId/binary, QueryList = couch_httpd:qs(Req), -QueryList1 = [{to_atom(K), V} || {K, V} - QueryList], +QueryList1 = [{to_binding(K), V} || {K, V} - QueryList], #doc{body={Props}} = DDoc, @@ -132,12 +132,12 @@ handle_rewrite_req(#httpd{ DispatchList = [make_rule(Rule) || {Rule} - Rules], %% get raw path by matching url to a rule. -RawPath = case try_bind_path(DispatchList, Method, PathParts, +RawPath = case try_bind_path(DispatchList, couch_util:to_binary(Method), PathParts, QueryList1) of no_dispatch_path - throw(not_found); {NewPathParts, Bindings} - -Parts = [mochiweb_util:quote_plus(X) || X - NewPathParts], +Parts = [quote_plus(X) || X - NewPathParts], % build new path, reencode query args, eventually convert % them to json @@ -183,7 +183,10 @@ handle_rewrite_req(#httpd{ UrlHandlers, DbUrlHandlers, DesignUrlHandlers) end. - +quote_plus({bind, X}) - +mochiweb_util:quote_plus(X); +quote_plus(X) - +mochiweb_util:quote_plus(X). %% @doc Try to find a rule matching current url. If none is found %% 404 error not_found is raised @@ -196,15 +199,13 @@ try_bind_path([Dispatch|Rest], Method, P case bind_path(PathParts1, PathParts, [])
svn commit: r965673 - in /couchdb/branches/1.0.x/src/couchdb: couch_db.hrl couch_doc.erl couch_httpd.erl couch_httpd_rewrite.erl couch_httpd_stats_handlers.erl couch_httpd_view.erl couch_os_process.er
Author: jchris Date: Mon Jul 19 22:59:53 2010 New Revision: 965673 URL: http://svn.apache.org/viewvc?rev=965673view=rev Log: remove unguarded atom creation to prevent DOS attacks. closes COUCHDB-829 Modified: couchdb/branches/1.0.x/src/couchdb/couch_db.hrl couchdb/branches/1.0.x/src/couchdb/couch_doc.erl couchdb/branches/1.0.x/src/couchdb/couch_httpd.erl couchdb/branches/1.0.x/src/couchdb/couch_httpd_rewrite.erl couchdb/branches/1.0.x/src/couchdb/couch_httpd_stats_handlers.erl couchdb/branches/1.0.x/src/couchdb/couch_httpd_view.erl couchdb/branches/1.0.x/src/couchdb/couch_os_process.erl couchdb/branches/1.0.x/src/couchdb/couch_rep.erl couchdb/branches/1.0.x/src/couchdb/couch_util.erl Modified: couchdb/branches/1.0.x/src/couchdb/couch_db.hrl URL: http://svn.apache.org/viewvc/couchdb/branches/1.0.x/src/couchdb/couch_db.hrl?rev=965673r1=965672r2=965673view=diff == --- couchdb/branches/1.0.x/src/couchdb/couch_db.hrl (original) +++ couchdb/branches/1.0.x/src/couchdb/couch_db.hrl Mon Jul 19 22:59:53 2010 @@ -20,7 +20,6 @@ -define(JSON_ENCODE(V), couch_util:json_encode(V)). -define(JSON_DECODE(V), couch_util:json_decode(V)). --define(b2a(V), list_to_atom(binary_to_list(V))). -define(b2l(V), binary_to_list(V)). -define(l2b(V), list_to_binary(V)). Modified: couchdb/branches/1.0.x/src/couchdb/couch_doc.erl URL: http://svn.apache.org/viewvc/couchdb/branches/1.0.x/src/couchdb/couch_doc.erl?rev=965673r1=965672r2=965673view=diff == --- couchdb/branches/1.0.x/src/couchdb/couch_doc.erl (original) +++ couchdb/branches/1.0.x/src/couchdb/couch_doc.erl Mon Jul 19 22:59:53 2010 @@ -267,7 +267,7 @@ att_encoding_info(BinProps) - {identity, DiskLen}; Enc - EncodedLen = couch_util:get_value(encoded_length, BinProps, DiskLen), -{list_to_atom(?b2l(Enc)), EncodedLen} +{list_to_existing_atom(?b2l(Enc)), EncodedLen} end. to_doc_info(FullDocInfo) - Modified: couchdb/branches/1.0.x/src/couchdb/couch_httpd.erl URL: http://svn.apache.org/viewvc/couchdb/branches/1.0.x/src/couchdb/couch_httpd.erl?rev=965673r1=965672r2=965673view=diff == --- couchdb/branches/1.0.x/src/couchdb/couch_httpd.erl (original) +++ couchdb/branches/1.0.x/src/couchdb/couch_httpd.erl Mon Jul 19 22:59:53 2010 @@ -225,7 +225,7 @@ handle_request_int(MochiReq, DefaultFun, true - ?LOG_INFO(MethodOverride: ~s (real method was ~s), [MethodOverride, Method1]), case Method1 of -'POST' - list_to_atom(MethodOverride); +'POST' - couch_util:to_existing_atom(MethodOverride); _ - % Ignore X-HTTP-Method-Override when the original verb isn't POST. % I'd like to send a 406 error to the client, but that'd require a nasty refactor. Modified: couchdb/branches/1.0.x/src/couchdb/couch_httpd_rewrite.erl URL: http://svn.apache.org/viewvc/couchdb/branches/1.0.x/src/couchdb/couch_httpd_rewrite.erl?rev=965673r1=965672r2=965673view=diff == --- couchdb/branches/1.0.x/src/couchdb/couch_httpd_rewrite.erl (original) +++ couchdb/branches/1.0.x/src/couchdb/couch_httpd_rewrite.erl Mon Jul 19 22:59:53 2010 @@ -20,7 +20,7 @@ -include(couch_db.hrl). -define(SEPARATOR, $\/). --define(MATCH_ALL, '*'). +-define(MATCH_ALL, {bind, *}). %% doc The http rewrite handler. All rewriting is done from @@ -118,7 +118,7 @@ handle_rewrite_req(#httpd{ DesignId = _design/, DesignName/binary, Prefix = /, DbName/binary, /, DesignId/binary, QueryList = couch_httpd:qs(Req), -QueryList1 = [{to_atom(K), V} || {K, V} - QueryList], +QueryList1 = [{to_binding(K), V} || {K, V} - QueryList], #doc{body={Props}} = DDoc, @@ -132,12 +132,12 @@ handle_rewrite_req(#httpd{ DispatchList = [make_rule(Rule) || {Rule} - Rules], %% get raw path by matching url to a rule. -RawPath = case try_bind_path(DispatchList, Method, PathParts, +RawPath = case try_bind_path(DispatchList, couch_util:to_binary(Method), PathParts, QueryList1) of no_dispatch_path - throw(not_found); {NewPathParts, Bindings} - -Parts = [mochiweb_util:quote_plus(X) || X - NewPathParts], +Parts = [quote_plus(X) || X - NewPathParts], % build new path, reencode query args, eventually convert % them to json @@ -183,7 +183,10 @@ handle_rewrite_req(#httpd{ UrlHandlers, DbUrlHandlers, DesignUrlHandlers) end. - +quote_plus({bind, X}) - +mochiweb_util:quote_plus(X); +quote_plus(X) - +
svn commit: r965702 - in /couchdb/branches/1.0.x: share/www/script/test/view_errors.js src/couchdb/couch_httpd_db.erl src/couchdb/couch_httpd_misc_handlers.erl src/couchdb/couch_httpd_view.erl src/cou
Author: jchris Date: Tue Jul 20 01:04:22 2010 New Revision: 965702 URL: http://svn.apache.org/viewvc?rev=965702view=rev Log: require application/json content-type in the remaining places where a POST has side-effects Modified: couchdb/branches/1.0.x/share/www/script/test/view_errors.js couchdb/branches/1.0.x/src/couchdb/couch_httpd_db.erl couchdb/branches/1.0.x/src/couchdb/couch_httpd_misc_handlers.erl couchdb/branches/1.0.x/src/couchdb/couch_httpd_view.erl couchdb/branches/1.0.x/src/couchdb/couch_rep.erl Modified: couchdb/branches/1.0.x/share/www/script/test/view_errors.js URL: http://svn.apache.org/viewvc/couchdb/branches/1.0.x/share/www/script/test/view_errors.js?rev=965702r1=965701r2=965702view=diff == --- couchdb/branches/1.0.x/share/www/script/test/view_errors.js (original) +++ couchdb/branches/1.0.x/share/www/script/test/view_errors.js Tue Jul 20 01:04:22 2010 @@ -56,14 +56,14 @@ couchTests.view_errors = function(debug) }); T(JSON.parse(xhr.responseText).error == bad_request); - // views should ignore Content-Type, like the rest of CouchDB + // content type must be json var xhr = CouchDB.request(POST, /test_suite_db/_temp_view, { headers: {Content-Type: application/x-www-form-urlencoded}, body: JSON.stringify({language: javascript, map : function(doc){} }) }); - T(xhr.status == 200); + T(xhr.status == 415); var map = function (doc) {emit(doc.integer, doc.integer);}; Modified: couchdb/branches/1.0.x/src/couchdb/couch_httpd_db.erl URL: http://svn.apache.org/viewvc/couchdb/branches/1.0.x/src/couchdb/couch_httpd_db.erl?rev=965702r1=965701r2=965702view=diff == --- couchdb/branches/1.0.x/src/couchdb/couch_httpd_db.erl (original) +++ couchdb/branches/1.0.x/src/couchdb/couch_httpd_db.erl Tue Jul 20 01:04:22 2010 @@ -242,6 +242,7 @@ db_req(#httpd{path_parts=[_DbName]}=Req, send_method_not_allowed(Req, DELETE,GET,HEAD,POST); db_req(#httpd{method='POST',path_parts=[_,_ensure_full_commit]}=Req, Db) - +couch_httpd:validate_ctype(Req, application/json), UpdateSeq = couch_db:get_update_seq(Db), CommittedSeq = couch_db:get_committed_update_seq(Db), {ok, StartTime} = Modified: couchdb/branches/1.0.x/src/couchdb/couch_httpd_misc_handlers.erl URL: http://svn.apache.org/viewvc/couchdb/branches/1.0.x/src/couchdb/couch_httpd_misc_handlers.erl?rev=965702r1=965701r2=965702view=diff == --- couchdb/branches/1.0.x/src/couchdb/couch_httpd_misc_handlers.erl (original) +++ couchdb/branches/1.0.x/src/couchdb/couch_httpd_misc_handlers.erl Tue Jul 20 01:04:22 2010 @@ -79,6 +79,7 @@ handle_task_status_req(Req) - send_method_not_allowed(Req, GET,HEAD). handle_replicate_req(#httpd{method='POST'}=Req) - +couch_httpd:validate_ctype(Req, application/json), PostBody = couch_httpd:json_body_obj(Req), try couch_rep:replicate(PostBody, Req#httpd.user_ctx) of {ok, {continuous, RepId}} - @@ -102,6 +103,7 @@ handle_replicate_req(Req) - handle_restart_req(#httpd{method='POST'}=Req) - +couch_httpd:validate_ctype(Req, application/json), ok = couch_httpd:verify_is_server_admin(Req), couch_server_sup:restart_core_server(), send_json(Req, 200, {[{ok, true}]}); @@ -189,6 +191,7 @@ handle_config_req(Req) - % httpd db handlers increment_update_seq_req(#httpd{method='POST'}=Req, Db) - +couch_httpd:validate_ctype(Req, application/json), {ok, NewSeq} = couch_db:increment_update_seq(Db), send_json(Req, {[{ok, true}, {update_seq, NewSeq} Modified: couchdb/branches/1.0.x/src/couchdb/couch_httpd_view.erl URL: http://svn.apache.org/viewvc/couchdb/branches/1.0.x/src/couchdb/couch_httpd_view.erl?rev=965702r1=965701r2=965702view=diff == --- couchdb/branches/1.0.x/src/couchdb/couch_httpd_view.erl (original) +++ couchdb/branches/1.0.x/src/couchdb/couch_httpd_view.erl Tue Jul 20 01:04:22 2010 @@ -61,6 +61,7 @@ handle_view_req(#httpd{method='GET', handle_view_req(#httpd{method='POST', path_parts=[_, _, DName, _, ViewName]}=Req, Db, _DDoc) - +couch_httpd:validate_ctype(Req, application/json), {Fields} = couch_httpd:json_body_obj(Req), case couch_util:get_value(keys, Fields, nil) of nil - @@ -77,6 +78,7 @@ handle_view_req(Req, _Db, _DDoc) - send_method_not_allowed(Req, GET,POST,HEAD). handle_temp_view_req(#httpd{method='POST'}=Req, Db) - +couch_httpd:validate_ctype(Req, application/json), ok = couch_db:check_is_admin(Db), couch_stats_collector:increment({httpd, temporary_view_reads}), {Props} = couch_httpd:json_body_obj(Req), Modified: