From ca79ad7b3104ba4a55006a358b3b7ff2f0c060e8 Mon Sep 17 00:00:00 2001 From: John Christopher Anderson Date: Fri, 6 Mar 2009 16:45:45 +0000 Subject: validate reduce view list queries, make query_parse_error response code 400 thanks Jan, thanks Jason Davies. closes COUCHDB-283 git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@750969 13f79535-47bb-0310-9956-ffa450edef68 --- src/couchdb/couch_httpd.erl | 2 ++ src/couchdb/couch_httpd_show.erl | 1 + 2 files changed, 3 insertions(+) (limited to 'src/couchdb') diff --git a/src/couchdb/couch_httpd.erl b/src/couchdb/couch_httpd.erl index 49a86289..44ae0bb1 100644 --- a/src/couchdb/couch_httpd.erl +++ b/src/couchdb/couch_httpd.erl @@ -386,6 +386,8 @@ end_json_response(Resp) -> send_error(Req, bad_request) -> send_error(Req, 400, <<"bad_request">>, <<>>); +send_error(Req, {query_parse_error, Reason}) -> + send_error(Req, 400, <<"query_parse_error">>, Reason); send_error(Req, {bad_request, Reason}) -> send_error(Req, 400, <<"bad_request">>, Reason); send_error(Req, not_found) -> diff --git a/src/couchdb/couch_httpd_show.erl b/src/couchdb/couch_httpd_show.erl index 6fda61b3..5a03d9de 100644 --- a/src/couchdb/couch_httpd_show.erl +++ b/src/couchdb/couch_httpd_show.erl @@ -98,6 +98,7 @@ send_view_list_response(Lang, ListSrc, ViewName, DesignId, Req, Db, Keys) -> {not_found, _Reason} -> case couch_view:get_reduce_view(Db, DesignId, ViewName, Stale) of {ok, ReduceView, Group} -> + couch_httpd_view:parse_view_query(Req, Keys, true, true), % just for validation case Reduce of false -> MapView = couch_view:extract_map_view(ReduceView), -- cgit v1.2.3