diff options
author | Jan Lehnardt <jan@apache.org> | 2009-03-06 00:12:15 +0000 |
---|---|---|
committer | Jan Lehnardt <jan@apache.org> | 2009-03-06 00:12:15 +0000 |
commit | a05797474397a1598ac2e3436bd8c1e4e2b8678a (patch) | |
tree | 8f7fb3b82ce1f8a95f2db7387e22259a558729a0 /share/www | |
parent | 620db891b57c8a429a7f11f23eed302e5479f250 (diff) |
Verify attachment names. They must be utf-8 (closes COUCHDB-280) and must not start with an underscore.
git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@750695 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'share/www')
-rw-r--r-- | share/www/script/couch_tests.js | 1 | ||||
-rw-r--r-- | share/www/script/test/attachment_names.js | 87 |
2 files changed, 88 insertions, 0 deletions
diff --git a/share/www/script/couch_tests.js b/share/www/script/couch_tests.js index 67c3baed..64c366b6 100644 --- a/share/www/script/couch_tests.js +++ b/share/www/script/couch_tests.js @@ -41,6 +41,7 @@ loadTest("multiple_rows.js"); loadTest("large_docs.js"); loadTest("utf8.js"); loadTest("attachments.js"); +loadTest("attachment_names.js"); loadTest("attachment_paths.js"); loadTest("attachment_views.js"); loadTest("design_paths.js"); diff --git a/share/www/script/test/attachment_names.js b/share/www/script/test/attachment_names.js new file mode 100644 index 00000000..802abc08 --- /dev/null +++ b/share/www/script/test/attachment_names.js @@ -0,0 +1,87 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); you may not +// use this file except in compliance with the License. You may obtain a copy +// of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +// License for the specific language governing permissions and limitations under +// the License. + +couchTests.attatchment_names = function(debug) { + var db = new CouchDB("test_suite_db"); + db.deleteDb(); + db.createDb(); + if (debug) debugger; + + var binAttDoc = { + _id: "bin_doc", + _attachments:{ + "foo\x80txt": { + content_type:"text/plain", + data: "VGhpcyBpcyBhIGJhc2U2NCBlbmNvZGVkIHRleHQ=" + } + } + } + + // inline attachments + try { + db.save(binAttDoc); + TEquals(1, 2, "Attachment name with non UTF-8 encoding saved. Should never show!"); + } catch (e) { + TEquals("bad_request", e.error, "attachment_name: inline attachments"); + TEquals("Attachment name is not UTF-8 encoded", e.reason, "attachment_name: inline attachments"); + } + + + // standalone docs + var bin_data = "JHAPDO*AU£PN ){(3u[d 93DQ9¡€])} ææøo'∂ƒæ≤çæππ•¥∫¶®#†π¶®¥π€ª®˙π8np"; + + var xhr = (CouchDB.request("PUT", "/test_suite_db/bin_doc3/attachment\x80txt", { + headers:{"Content-Type":"text/plain;charset=utf-8"}, + body:bin_data + })); + + var resp = JSON.parse(xhr.responseText); + TEquals(400, xhr.status, "attachment_name: standalone API"); + TEquals("bad_request", resp.error, "attachment_name: standalone API"); + TEquals("Attachment name is not UTF-8 encoded", resp.reason, "attachment_name: standalone API"); + + + // bulk docs + var docs = { docs: [binAttDoc] }; + + var xhr = CouchDB.request("POST", "/test_suite_db/_bulk_docs", { + body: JSON.stringify(docs) + }); + + var resp = JSON.parse(xhr.responseText); + TEquals(400, xhr.status, "attachment_name: bulk docs"); + TEquals("bad_request", resp.error, "attachment_name: bulk docs"); + TEquals("Attachment name is not UTF-8 encoded", resp.reason, "attachment_name: bulk docs"); + + + // leading underscores + var binAttDoc = { + _id: "bin_doc2", + _attachments:{ + "_foo.txt": { + content_type:"text/plain", + data: "VGhpcyBpcyBhIGJhc2U2NCBlbmNvZGVkIHRleHQ=" + } + } + } + + try { + db.save(binAttDoc); + TEquals(1, 2, "Attachment name with leading underscore saved. Should never show!"); + } catch (e) { + TEquals("bad_request", e.error, "attachment_name: leading underscore"); + TEquals("Attachment name can't start with '_'", e.reason, "attachment_name: leading underscore"); + } + + // todo: form uploads, waiting for cmlenz' test case for form uploads + +}; |