This should go into 1.2.x., 1.3.x and master. Sorry for the commit-spam earlier.
Best Jan -- On Jun 18, 2013, at 16:59 , j...@apache.org wrote: > Updated Branches: > refs/heads/1832-fix-empty-attachment-name [created] 6b8fc0831 > > > Prevent creation of empty attachment names via inline API. > > It is possible to create an attachment using the inline > attachment API that has the empty string "" as the name: > > { > "_id":"11612aba0238dc0dd8c2d37e7909b4e6", > "_attachments": { > "": {...} > } > } > > Attachments created this way can’t be retrieved via the > standalone attachment API. > > This patch adds testing for the empty string in the > `validate_attachment_name` function. > > Closes COUCHDB-1832 > > > Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo > Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/6b8fc083 > Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/6b8fc083 > Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/6b8fc083 > > Branch: refs/heads/1832-fix-empty-attachment-name > Commit: 6b8fc0831810442ddb23808ab54340fe18f37e8b > Parents: 0bb6787 > Author: Jan Lehnardt <j...@apache.org> > Authored: Tue Jun 18 16:28:30 2013 +0200 > Committer: Jan Lehnardt <j...@apache.org> > Committed: Tue Jun 18 16:33:49 2013 +0200 > > ---------------------------------------------------------------------- > share/www/script/test/attachment_names.js | 19 +++++++++++++++++++ > src/couchdb/couch_httpd_db.erl | 2 ++ > 2 files changed, 21 insertions(+) > ---------------------------------------------------------------------- > > > http://git-wip-us.apache.org/repos/asf/couchdb/blob/6b8fc083/share/www/script/test/attachment_names.js > ---------------------------------------------------------------------- > diff --git a/share/www/script/test/attachment_names.js > b/share/www/script/test/attachment_names.js > index c9a5fcc..b140f0b 100644 > --- a/share/www/script/test/attachment_names.js > +++ b/share/www/script/test/attachment_names.js > @@ -48,6 +48,25 @@ couchTests.attachment_names = function(debug) { > resp = db.save(binAttDoc); > TEquals(true, resp.ok, "attachment_name: inline attachment"); > > + // COUCHDB-1832 Inline Attachment API allows empty names > + var binAttDoc4 = { > + _id: "bin_doc4", > + _attachments:{ > + "": { > + content_type:"text/plain", > + data: "VGhpcyBpcyBhIGJhc2U2NCBlbmNvZGVkIHRleHQ=" > + } > + } > + }; > + > + try { > + resp = db.save(binAttDoc4); > + TEquals(1,2, "should throw on empty attachment names"); > + } catch (e) { > + TEquals(e.error, "bad_request", "should return bad_request"); > + TEquals(e.reason, "Attachment name can't be empty", > + "should state that attachment name can't be empty"); > + } > > // standalone docs > var bin_data = "JHAPDO*AU£PN ){(3u[d 93DQ9¡€])} > ææøo'∂ƒæ≤çæππ•¥∫¶®#†π¶®¥π€ª®˙π8np"; > > http://git-wip-us.apache.org/repos/asf/couchdb/blob/6b8fc083/src/couchdb/couch_httpd_db.erl > ---------------------------------------------------------------------- > diff --git a/src/couchdb/couch_httpd_db.erl b/src/couchdb/couch_httpd_db.erl > index f270fef..9a5af0f 100644 > --- a/src/couchdb/couch_httpd_db.erl > +++ b/src/couchdb/couch_httpd_db.erl > @@ -1198,6 +1198,8 @@ validate_attachment_name(Name) when is_list(Name) -> > validate_attachment_name(list_to_binary(Name)); > validate_attachment_name(<<"_",_/binary>>) -> > throw({bad_request, <<"Attachment name can't start with '_'">>}); > +validate_attachment_name(<<"">>) -> > + throw({bad_request, <<"Attachment name can't be empty">>}); > validate_attachment_name(Name) -> > case couch_util:validate_utf8(Name) of > true -> Name; >