From 02dd55e08c2328201849cfda51f203a17885368d Mon Sep 17 00:00:00 2001
From: Filipe David Borba Manana <fdmanana@apache.org>
Date: Tue, 23 Nov 2010 16:40:23 +0000
Subject: Merged revision 1038193 from trunk:

Seal documents before passing them to map functions (JavaScript view server only).
This prevents one map function from modifying a document before it's passed to another map function.
Has no effect on array fields for some Spidermonkey versions (see https://bugzilla.mozilla.org/show_bug.cgi?id=449657).

Closes COUCHDB-925.



git-svn-id: https://svn.apache.org/repos/asf/couchdb/branches/1.0.x@1038196 13f79535-47bb-0310-9956-ffa450edef68
---
 share/server/util.js                     |  8 ++-
 share/server/views.js                    | 13 +----
 share/www/script/test/view_sandboxing.js | 88 ++++++++++++++++++++++++++++++++
 3 files changed, 96 insertions(+), 13 deletions(-)

diff --git a/share/server/util.js b/share/server/util.js
index 1b57f041..c5e89f3d 100644
--- a/share/server/util.js
+++ b/share/server/util.js
@@ -96,7 +96,13 @@ var Couch = {
   },
   recursivelySeal : function(obj) {
     // seal() is broken in current Spidermonkey
-    seal(obj);
+    try {
+      seal(obj);
+    } catch (x) {
+      // Sealing of arrays broken in some SpiderMonkey versions.
+      // https://bugzilla.mozilla.org/show_bug.cgi?id=449657
+      return;
+    }
     for (var propname in obj) {
       if (typeof obj[propname] == "object") {
         arguments.callee(obj[propname]);
diff --git a/share/server/views.js b/share/server/views.js
index ffe63377..2a15ee56 100644
--- a/share/server/views.js
+++ b/share/server/views.js
@@ -105,19 +105,8 @@ var Views = (function() {
       // ]
       //
 
-      /*
-      Immutable document support temporarily removed.
+      Couch.recursivelySeal(doc);
 
-      Removed because the seal function no longer works on JS 1.8 arrays,
-      instead returning an error. The sealing is meant to prevent map
-      functions from modifying the same document that is passed to other map
-      functions. However, only map functions in the same design document are
-      run together, so we have a reasonable expectation they can trust each
-      other. Any map fun that can't be trusted can be placed in its own
-      design document, and it cannot affect other map functions.
-
-      recursivelySeal(doc); // seal to prevent map functions from changing doc
-      */
       var buf = [];
       for (var i = 0; i < State.funs.length; i++) {
         map_results = [];
diff --git a/share/www/script/test/view_sandboxing.js b/share/www/script/test/view_sandboxing.js
index 61b44954..02951d9f 100644
--- a/share/www/script/test/view_sandboxing.js
+++ b/share/www/script/test/view_sandboxing.js
@@ -49,4 +49,92 @@ couchTests.view_sandboxing = function(debug) {
     // the view server
     var results = db.query(function(doc) { map_results.push(1); emit(null, doc); });
     T(results.total_rows == 0);
+
+  // test for COUCHDB-925
+  // altering 'doc' variable in map function affects other map functions
+  var ddoc = {
+    _id: "_design/foobar",
+    language: "javascript",
+    views: {
+      view1: {
+        map:
+          (function(doc) {
+            if (doc.values) {
+              doc.values = [666];
+            }
+            if (doc.tags) {
+              doc.tags.push("qwerty");
+            }
+            if (doc.tokens) {
+              doc.tokens["c"] = 3;
+            }
+          }).toString()
+      },
+      view2: {
+        map:
+          (function(doc) {
+            if (doc.values) {
+              emit(doc._id, doc.values);
+            }
+            if (doc.tags) {
+              emit(doc._id, doc.tags);
+            }
+            if (doc.tokens) {
+              emit(doc._id, doc.tokens);
+            }
+          }).toString()
+      }
+    }
+  };
+  var doc1 = {
+    _id: "doc1",
+    values: [1, 2, 3]
+  };
+  var doc2 = {
+    _id: "doc2",
+    tags: ["foo", "bar"],
+    tokens: {a: 1, b: 2}
+  };
+
+  db.deleteDb();
+  db.createDb();
+  T(db.save(ddoc).ok);
+  T(db.save(doc1).ok);
+  T(db.save(doc2).ok);
+
+  var view1Results = db.view(
+    "foobar/view1", {bypass_cache: Math.round(Math.random() * 1000)});
+  var view2Results = db.view(
+    "foobar/view2", {bypass_cache: Math.round(Math.random() * 1000)});
+
+  TEquals(0, view1Results.rows.length, "view1 has 0 rows");
+  TEquals(3, view2Results.rows.length, "view2 has 3 rows");
+
+  TEquals(doc1._id, view2Results.rows[0].key);
+  TEquals(doc2._id, view2Results.rows[1].key);
+  TEquals(doc2._id, view2Results.rows[2].key);
+
+  // https://bugzilla.mozilla.org/show_bug.cgi?id=449657
+  TEquals(3, view2Results.rows[0].value.length,
+    "Warning: installed SpiderMonkey version doesn't allow sealing of arrays");
+  if (view2Results.rows[0].value.length === 3) {
+    TEquals(1, view2Results.rows[0].value[0]);
+    TEquals(2, view2Results.rows[0].value[1]);
+    TEquals(3, view2Results.rows[0].value[2]);
+  }
+
+  TEquals(1, view2Results.rows[1].value["a"]);
+  TEquals(2, view2Results.rows[1].value["b"]);
+  TEquals('undefined', typeof view2Results.rows[1].value["c"],
+    "doc2.tokens object was not sealed");
+
+  TEquals(2, view2Results.rows[2].value.length,
+    "Warning: installed SpiderMonkey version doesn't allow sealing of arrays");
+  if (view2Results.rows[2].value.length === 2) {
+    TEquals("foo", view2Results.rows[2].value[0]);
+    TEquals("bar", view2Results.rows[2].value[1]);
+  }
+
+  // cleanup
+  db.deleteDb();
 };
-- 
cgit v1.2.3