From ca79ad7b3104ba4a55006a358b3b7ff2f0c060e8 Mon Sep 17 00:00:00 2001
From: John Christopher Anderson <jchris@apache.org>
Date: Fri, 6 Mar 2009 16:45:45 +0000
Subject: validate reduce view list queries, make query_parse_error response
 code 400 thanks Jan, thanks Jason Davies. closes COUCHDB-283

git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@750969 13f79535-47bb-0310-9956-ffa450edef68
---
 share/www/script/test/list_views.js | 7 +++++++
 src/couchdb/couch_httpd.erl         | 2 ++
 src/couchdb/couch_httpd_show.erl    | 1 +
 3 files changed, 10 insertions(+)

diff --git a/share/www/script/test/list_views.js b/share/www/script/test/list_views.js
index 6ebd159e..3e5e8db4 100644
--- a/share/www/script/test/list_views.js
+++ b/share/www/script/test/list_views.js
@@ -276,4 +276,11 @@ couchTests.list_views = function(debug) {
   T(/Key: 2/.test(xhr.responseText));
   T(/FirstKey: 2/.test(xhr.responseText));
   T(/LastKey: 7/.test(xhr.responseText));
+  
+  // no multi-key fetch allowed when group=false
+  xhr = CouchDB.request("POST", "/test_suite_db/_list/lists/simpleForm/withReduce?group=false", {
+    body: '{"keys":[2,4,5,7]}'
+  });
+  T(xhr.status == 400);
+  T(/query_parse_error/.test(xhr.responseText));
 };
diff --git a/src/couchdb/couch_httpd.erl b/src/couchdb/couch_httpd.erl
index 49a86289..44ae0bb1 100644
--- a/src/couchdb/couch_httpd.erl
+++ b/src/couchdb/couch_httpd.erl
@@ -386,6 +386,8 @@ end_json_response(Resp) ->
 
 send_error(Req, bad_request) ->
     send_error(Req, 400, <<"bad_request">>, <<>>);
+send_error(Req, {query_parse_error, Reason}) ->
+    send_error(Req, 400, <<"query_parse_error">>, Reason);
 send_error(Req, {bad_request, Reason}) ->
     send_error(Req, 400, <<"bad_request">>, Reason);
 send_error(Req, not_found) ->
diff --git a/src/couchdb/couch_httpd_show.erl b/src/couchdb/couch_httpd_show.erl
index 6fda61b3..5a03d9de 100644
--- a/src/couchdb/couch_httpd_show.erl
+++ b/src/couchdb/couch_httpd_show.erl
@@ -98,6 +98,7 @@ send_view_list_response(Lang, ListSrc, ViewName, DesignId, Req, Db, Keys) ->
     {not_found, _Reason} ->
         case couch_view:get_reduce_view(Db, DesignId, ViewName, Stale) of
         {ok, ReduceView, Group} ->
+            couch_httpd_view:parse_view_query(Req, Keys, true, true), % just for validation
             case Reduce of
             false ->
                 MapView = couch_view:extract_map_view(ReduceView),
-- 
cgit v1.2.3