Fixes COUCHDB-422 - Reject invalid _local doc ids.

git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@804269 13f79535-47bb-0310-9956-ffa450edef68
author: Paul Joseph Davis <davisp@apache.org> 2009-08-14 15:47:27 +0000
committer: Paul Joseph Davis <davisp@apache.org> 2009-08-14 15:47:27 +0000
commit: 786bad421dc20bdcf9f7e0a7b5590f65d0c90451 (patch)
tree: 7099b8a641511f6543d63e334a504bba5d8515a4 /src
parent: dc26215a3a831d940f8590c9d1f359e7f2c27e68 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/src/couchdb/couch_httpd_db.erl b/src/couchdb/couch_httpd_db.erl
index 084dd946..55429cef 100644
--- a/src/couchdb/couch_httpd_db.erl
+++ b/src/couchdb/couch_httpd_db.erl
@@ -506,6 +506,21 @@ db_req(#httpd{path_parts=[_DbName,<<"_design">>,Name|FileNameParts]}=Req, Db) ->
     db_attachment_req(Req, Db, <<"_design/",Name/binary>>, FileNameParts);
 
 
+% Special case to allow for accessing local documents without %2F
+% encoding the docid. Throws out requests that don't have the second
+% path part or that specify an attachment name.
+db_req(#httpd{path_parts=[_DbName, <<"_local">>]}, _Db) ->
+    throw({bad_request, <<"Invalid _local document id.">>});
+
+db_req(#httpd{path_parts=[_DbName, <<"_local/">>]}, _Db) ->
+    throw({bad_request, <<"Invalid _local document id.">>});
+
+db_req(#httpd{path_parts=[_DbName, <<"_local">>, Name]}=Req, Db) ->
+    db_doc_req(Req, Db, <<"_local/", Name/binary>>);
+
+db_req(#httpd{path_parts=[_DbName, <<"_local">> | _Rest]}, _Db) ->
+    throw({bad_request, <<"_local documents do not accept attachments.">>});
+
 db_req(#httpd{path_parts=[_, DocId]}=Req, Db) ->
     db_doc_req(Req, Db, DocId);
author	Paul Joseph Davis <davisp@apache.org>	2009-08-14 15:47:27 +0000
committer	Paul Joseph Davis <davisp@apache.org>	2009-08-14 15:47:27 +0000
commit	786bad421dc20bdcf9f7e0a7b5590f65d0c90451 (patch)
tree	7099b8a641511f6543d63e334a504bba5d8515a4 /src
parent	dc26215a3a831d940f8590c9d1f359e7f2c27e68 (diff)