Defect #13267

No error message for invalid field values

Added by Phillip Wieser almost 10 years ago.

Status:NewStart date:
Priority:LowDue date:
Assignee:-% Done:


Category:REST API
Target version:-
Resolution: Affected version:2.2.3


Technology stack:
(Bitnami with Redmine 2.2.3-0-ubuntu-12.04 in VMWare Player)

Redmine version 2.2.3.stable
Ruby version 1.9.3 (x86_64-linux)
Rails version 3.2.12
Environment production
Database adapter Mysql2
Redmine plugins:
no plugin installed

Using REST API (XML) with curl

When sending invalid data, there is no indication of an error message for the following fields. No entry in the issue history is made and the application continues to work as expected.

1) project_id
2) tracker_id
3) priority_id

The following error cases were observed:

  • Unknown project IDs don't trigger error messages. Example: "5", where no project with ID 5 exists
  • Invalid integer does not trigger error message. Example: "gg"
  • Accepts value "1a" and parses it to 1
  • Empty values (for example, "<tracker_id></tracker_id>" do not trigger error message)

Expected result:
Error message, e.g. "unparsable entity"

Also available in: Atom PDF