diff --git a/CHANGELOG.md b/CHANGELOG.md index 93571b7fd03..4bd49eb4fba 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ ### Bugfixes - [#1971](https://github.com/influxdb/influxdb/pull/1971): Fix leader id initialization. +- [#1975](https://github.com/influxdb/influxdb/pull/1975): Require `q` parameter for query endpoint. ## v0.9.0-rc12 [2015-03-15] diff --git a/httpd/handler.go b/httpd/handler.go index f1784124d99..3a0c4b86d0e 100644 --- a/httpd/handler.go +++ b/httpd/handler.go @@ -157,10 +157,18 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { // serveQuery parses an incoming query and, if valid, executes the query. func (h *Handler) serveQuery(w http.ResponseWriter, r *http.Request, user *influxdb.User) { q := r.URL.Query() - p := influxql.NewParser(strings.NewReader(q.Get("q"))) - db := q.Get("db") + pretty := q.Get("pretty") == "true" + qp := strings.TrimSpace(q.Get("q")) + if qp == "" { + httpError(w, `missing required parameter "q"`, pretty, http.StatusBadRequest) + return + } + + p := influxql.NewParser(strings.NewReader(qp)) + db := q.Get("db") + // Parse query from query string. query, err := p.ParseQuery() if err != nil { diff --git a/httpd/handler_test.go b/httpd/handler_test.go index 84fbd14ee49..ec1b5419e6a 100644 --- a/httpd/handler_test.go +++ b/httpd/handler_test.go @@ -904,6 +904,21 @@ func TestHandler_AuthenticatedDatabases_Unauthorized(t *testing.T) { } } +func TestHandler_QueryParamenterMissing(t *testing.T) { + c := test.NewMessagingClient() + defer c.Close() + srvr := OpenAuthlessServer(c) + s := NewHTTPServer(srvr) + defer s.Close() + + status, body := MustHTTP("GET", s.URL+`/query`, nil, nil, "") + if status != http.StatusBadRequest { + t.Fatalf("unexpected status: %d", status) + } else if body != `{"error":"missing required parameter \"q\""}` { + t.Fatalf("unexpected body: %s", body) + } +} + func TestHandler_AuthenticatedDatabases_AuthorizedQueryParams(t *testing.T) { c := test.NewMessagingClient() defer c.Close()