Defect #6932

submitting wrong parent task input creates a 500 error

Added by Alberto Soverchia about 7 years ago. Updated about 7 years ago.

Status:ClosedStart date:2010-11-18
Priority:NormalDue date:
Assignee:Jean-Philippe Lang% Done:

0%

Category:Issues
Target version:1.0.4
Resolution:Fixed Affected version:1.0.3

Description

When creating a new issue, submitting a wrong input (not an integer) in the "parent task" field generates a 500 error, instead of displaying an error.

this is the error line:

Processing IssuesController#create (for 10.11.2.123 at 2010-11-17 19:18:46) [POST]
  Parameters: {"commit"=>"Crea", "project_id"=>"siiratti", "action"=>"create", "authenticity_token"=>"a5e1Lt8H0S9Fgt+vyMEGL4iFIpSVf2KH4MWDYbGw6fs=", "issue"=>{"start_date"=>"2010-11-17", "estimated_hours"=>"", "priority_id"=>"4", "parent_issue_id"=>"ATTI", "done_ratio"=>"0", "assigned_to_id"=>"", "subject"=>"implementazione Ricerca Verbali", "tracker_id"=>"2", "due_date"=>"", "status_id"=>"1", "description"=>"l'attività prevede lo sviluppo della ricerca...", "watcher_user_ids"=>["70", "67", "61"]}, "controller"=>"issues", "attachments"=>{"1"=>{"description"=>""}}}

ActiveRecord::StatementInvalid (PGError: ERROR:  invalid input syntax for integer: "ATTI" 
LINE 1: ...".id = "issues".project_id WHERE ("issues"."id" = E'ATTI') A...
                                                             ^
: SELECT "issues"."id" AS t0_r0, "issues"."tracker_id" AS t0_r1, "issues"."project_id" AS t0_r2, "issues"."subject" AS t0_r3, "issues"."description" AS t0_r4, "issues"."due_date" AS t0_r5, "issues"."category_id" AS t0_r6, "issues"."status_id" AS t0_r7, "issues"."assigned_to_id" AS t0_r8, "issues"."priority_id" AS t0_r9, "issues"."fixed_version_id" AS t0_r10, "issues"."author_id" AS t0_r11, "issues"."lock_version" AS t0_r12, "issues"."created_on" AS t0_r13, "issues"."updated_on" AS t0_r14, "issues"."start_date" AS t0_r15, "issues"."done_ratio" AS t0_r16, "issues"."estimated_hours" AS t0_r17, "issues"."parent_id" AS t0_r18, "issues"."root_id" AS t0_r19, "issues"."lft" AS t0_r20, "issues"."rgt" AS t0_r21, "projects"."id" AS t1_r0, "projects"."name" AS t1_r1, "projects"."description" AS t1_r2, "projects"."homepage" AS t1_r3, "projects"."is_public" AS t1_r4, "projects"."parent_id" AS t1_r5, "projects"."created_on" AS t1_r6, "projects"."updated_on" AS t1_r7, "projects"."identifier" AS t1_r8, "projects"."status" AS t1_r9, "projects"."lft" AS t1_r10, "projects"."rgt" AS t1_r11 FROM "issues"  LEFT OUTER JOIN "projects" ON "projects".id = "issues".project_id WHERE ("issues"."id" = E'ATTI') AND (((projects.status=1 AND projects.id IN (SELECT em.project_id FROM enabled_modules em WHERE em.name='issue_tracking')) AND (1=0 OR projects.is_public = 't' OR projects.id IN (29,31,32,30))))  LIMIT 1):
  app/models/issue.rb:240:in `safe_attributes='
  app/controllers/issues_controller.rb:304:in `build_new_issue_from_params'
  passenger (2.2.15) lib/phusion_passenger/rack/request_handler.rb:92:in `process_request'
  passenger (2.2.15) lib/phusion_passenger/abstract_request_handler.rb:207:in `main_loop'
  passenger (2.2.15) lib/phusion_passenger/railz/application_spawner.rb:441:in `start_request_handler'
  passenger (2.2.15) lib/phusion_passenger/railz/application_spawner.rb:381:in `handle_spawn_application'
  passenger (2.2.15) lib/phusion_passenger/utils.rb:252:in `safe_fork'
  passenger (2.2.15) lib/phusion_passenger/railz/application_spawner.rb:377:in `handle_spawn_application'
  passenger (2.2.15) lib/phusion_passenger/abstract_server.rb:352:in `__send__'
  passenger (2.2.15) lib/phusion_passenger/abstract_server.rb:352:in `main_loop'
  passenger (2.2.15) lib/phusion_passenger/abstract_server.rb:196:in `start_synchronously'
  passenger (2.2.15) lib/phusion_passenger/abstract_server.rb:163:in `start'
  passenger (2.2.15) lib/phusion_passenger/railz/application_spawner.rb:222:in `start'
  passenger (2.2.15) lib/phusion_passenger/spawn_manager.rb:253:in `spawn_rails_application'
  passenger (2.2.15) lib/phusion_passenger/abstract_server_collection.rb:126:in `lookup_or_add'
  passenger (2.2.15) lib/phusion_passenger/spawn_manager.rb:247:in `spawn_rails_application'
  passenger (2.2.15) lib/phusion_passenger/abstract_server_collection.rb:80:in `synchronize'
  passenger (2.2.15) lib/phusion_passenger/abstract_server_collection.rb:79:in `synchronize'
  passenger (2.2.15) lib/phusion_passenger/spawn_manager.rb:246:in `spawn_rails_application'
  passenger (2.2.15) lib/phusion_passenger/spawn_manager.rb:145:in `spawn_application'
  passenger (2.2.15) lib/phusion_passenger/spawn_manager.rb:278:in `handle_spawn_application'
  passenger (2.2.15) lib/phusion_passenger/abstract_server.rb:352:in `__send__'
  passenger (2.2.15) lib/phusion_passenger/abstract_server.rb:352:in `main_loop'
  passenger (2.2.15) lib/phusion_passenger/abstract_server.rb:196:in `start_synchronously'

Rendering /usr/local/share/redmine-1.0-stable/public/500.html (500 Internal Server Error)

environment:
DB: Postgresql 8.4.4
ruby 1.8.8dev
Rails 2.3.5
redmine 1.0.3 from svn repo http://redmine.rubyforge.org/svn/branches/1.0-stable

Associated revisions

Revision 4414
Added by Jean-Philippe Lang about 7 years ago

Fixed: submitting a non numerical parent task input creates a 500 error (#6932).

History

#1 Updated by Jean-Philippe Lang about 7 years ago

  • Assignee set to Jean-Philippe Lang

#2 Updated by Jean-Philippe Lang about 7 years ago

  • Status changed from New to Closed
  • Target version set to 1.0.4
  • Resolution set to Fixed

Fixed in r4414. Invalid parent id now ignored.

Also available in: Atom PDF