Add doc id validation when creating a new document with the

standalone attachment API.

Closes COUCHDB-565.

git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@834436 13f79535-47bb-0310-9956-ffa450edef68

2 files changed, 8 insertions, 0 deletions

diff --git a/share/www/script/test/attachments.js b/share/www/script/test/attachments.js
index 1ed81ad8..36f5a5ad 100644
--- a/share/www/script/test/attachments.js
+++ b/share/www/script/test/attachments.js
@@ -237,4 +237,11 @@ couchTests.attachments= function(debug) {
     headers:{"Content-Type":"text/plain;charset=utf-8"}
   });
   TEquals(201, xhr.status, "should send 201 Accepted");
+
+  // implicit doc creation allows creating docs with a reserved id. COUCHDB-565
+  var xhr = CouchDB.request("PUT", "/test_suite_db/_nonexistant/attachment.txt", {
+    headers: {"Content-Type":"text/plain;charset=utf-8"},
+    body: "THIS IS AN ATTACHMENT. BOOYA!"
+  });
+  TEquals(400, xhr.status, "should return error code 400 Bad Request");
 };
diff --git a/src/couchdb/couch_httpd_db.erl b/src/couchdb/couch_httpd_db.erl
index 88c51cf7..da62ccb4 100644
--- a/src/couchdb/couch_httpd_db.erl
+++ b/src/couchdb/couch_httpd_db.erl
@@ -958,6 +958,7 @@ db_attachment_req(#httpd{method=Method}=Req, Db, DocId, FileNameParts)
 
     Doc = case extract_header_rev(Req, couch_httpd:qs_value(Req, "rev")) of
         missing_rev -> % make the new doc
+            couch_doc:validate_docid(DocId),
             #doc{id=DocId};
         Rev ->
             case couch_db:open_doc_revs(Db, DocId, [Rev], []) of