From aee6f18edf8cdf3f7c09c93fcf1af48c2c15fcd8 Mon Sep 17 00:00:00 2001
From: "Damien F. Katz" <damien@apache.org>
Date: Mon, 17 Nov 2008 18:18:51 +0000
Subject: More security and validation work. Still incomplete.

git-svn-id: https://svn.apache.org/repos/asf/incubator/couchdb/trunk@718311 13f79535-47bb-0310-9956-ffa450edef68
---
 src/couchdb/couch_httpd_misc_handlers.erl | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

(limited to 'src/couchdb/couch_httpd_misc_handlers.erl')

diff --git a/src/couchdb/couch_httpd_misc_handlers.erl b/src/couchdb/couch_httpd_misc_handlers.erl
index bcfe17c4..b62a4b85 100644
--- a/src/couchdb/couch_httpd_misc_handlers.erl
+++ b/src/couchdb/couch_httpd_misc_handlers.erl
@@ -62,12 +62,28 @@ handle_all_dbs_req(Req) ->
     send_method_not_allowed(Req, "GET,HEAD").
 
 
-handle_replicate_req(#httpd{method='POST'}=Req) ->
+handle_replicate_req(#httpd{user_ctx=UserCtx,method='POST'}=Req) ->
     {Props} = couch_httpd:json_body(Req),
     Source = proplists:get_value(<<"source">>, Props),
     Target = proplists:get_value(<<"target">>, Props),
+    
+    {SrcOpts} = proplists:get_value(<<"source_options">>, Props, {[]}),
+    {SrcHeadersBinary} = proplists:get_value(<<"headers">>, SrcOpts, {[]}),
+    SrcHeaders = [{?b2l(K),(V)} || {K,V} <- SrcHeadersBinary],
+    
+    {TgtOpts} = proplists:get_value(<<"target_options">>, Props, {[]}),
+    {TgtHeadersBinary} = proplists:get_value(<<"headers">>, TgtOpts, {[]}),
+    TgtHeaders = [{?b2l(K),(V)} || {K,V} <- TgtHeadersBinary],
+    
     {Options} = proplists:get_value(<<"options">>, Props, {[]}),
-    {ok, {JsonResults}} = couch_rep:replicate(Source, Target, Options),
+    Options2 = [{source_options,
+                    [{headers, SrcHeaders},
+                    {user_ctx, UserCtx}]},
+                {target_options,
+                    [{headers, TgtHeaders},
+                    {user_ctx, UserCtx}]}
+                | Options],
+    {ok, {JsonResults}} = couch_rep:replicate(Source, Target, Options2),
     send_json(Req, {[{ok, true} | JsonResults]});
 handle_replicate_req(Req) ->
     send_method_not_allowed(Req, "POST").
-- 
cgit v1.2.3