remove unguarded atom creation to prevent DOS attacks. closes COUCHDB-829

git-svn-id: https://svn.apache.org/repos/asf/couchdb/branches/1.0.x@965673 13f79535-47bb-0310-9956-ffa450edef68
author: John Christopher Anderson <jchris@apache.org> 2010-07-19 22:59:53 +0000
committer: John Christopher Anderson <jchris@apache.org> 2010-07-19 22:59:53 +0000
commit: 2f25ac7fb8fc46a45ec0e3e746a6104becff6ce6 (patch)
tree: 3bc0b7cd2a0aba0341f1771f250a75e456b1370f /src/couchdb/couch_httpd.erl
parent: 74161c6207ea150b79dc16a4e84a432a8d8af44e (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/couchdb/couch_httpd.erl b/src/couchdb/couch_httpd.erl
index 079b9367..faf14bcc 100644
--- a/src/couchdb/couch_httpd.erl
+++ b/src/couchdb/couch_httpd.erl
@@ -225,7 +225,7 @@ handle_request_int(MochiReq, DefaultFun,
     true -> 
         ?LOG_INFO("MethodOverride: ~s (real method was ~s)", [MethodOverride, Method1]),
         case Method1 of
-        'POST' -> list_to_atom(MethodOverride);
+        'POST' -> couch_util:to_existing_atom(MethodOverride);
         _ -> 
             % Ignore X-HTTP-Method-Override when the original verb isn't POST.
             % I'd like to send a 406 error to the client, but that'd require a nasty refactor.
author	John Christopher Anderson <jchris@apache.org>	2010-07-19 22:59:53 +0000
committer	John Christopher Anderson <jchris@apache.org>	2010-07-19 22:59:53 +0000
commit	2f25ac7fb8fc46a45ec0e3e746a6104becff6ce6 (patch)
tree	3bc0b7cd2a0aba0341f1771f250a75e456b1370f /src/couchdb/couch_httpd.erl
parent	74161c6207ea150b79dc16a4e84a432a8d8af44e (diff)