From 2f25ac7fb8fc46a45ec0e3e746a6104becff6ce6 Mon Sep 17 00:00:00 2001
From: John Christopher Anderson <jchris@apache.org>
Date: Mon, 19 Jul 2010 22:59:53 +0000
Subject: remove unguarded atom creation to prevent DOS attacks. closes
 COUCHDB-829

git-svn-id: https://svn.apache.org/repos/asf/couchdb/branches/1.0.x@965673 13f79535-47bb-0310-9956-ffa450edef68
---
 src/couchdb/couch_httpd.erl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/couchdb/couch_httpd.erl')

diff --git a/src/couchdb/couch_httpd.erl b/src/couchdb/couch_httpd.erl
index 079b9367..faf14bcc 100644
--- a/src/couchdb/couch_httpd.erl
+++ b/src/couchdb/couch_httpd.erl
@@ -225,7 +225,7 @@ handle_request_int(MochiReq, DefaultFun,
     true -> 
         ?LOG_INFO("MethodOverride: ~s (real method was ~s)", [MethodOverride, Method1]),
         case Method1 of
-        'POST' -> list_to_atom(MethodOverride);
+        'POST' -> couch_util:to_existing_atom(MethodOverride);
         _ -> 
             % Ignore X-HTTP-Method-Override when the original verb isn't POST.
             % I'd like to send a 406 error to the client, but that'd require a nasty refactor.
-- 
cgit v1.2.3