Redmine

"POST /issues.(json|xml)" raises exception when the following parameters are given:

1. Any value for assigned_to_id and an invalid value for project_id.

{"issue": {"project_id": 0, "assigned_to_id": "1"}}

2. Any value for fixed_version_id and an invalid value for project_id.

{"issue": {"project_id": 0, "fixed_version_id": "1"}}

Here is a workaround for this issue:

diff --git a/app/models/issue.rb b/app/models/issue.rb
index 487b1b552..e665a46cb 100644
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -723,7 +723,7 @@ class Issue < ActiveRecord::Base
       errors.add :start_date, :earlier_than_minimum_start_date, :date => format_date(soonest_start)
     end

-    if fixed_version
+    if project && fixed_version
       if !assignable_versions.include?(fixed_version)
         errors.add :fixed_version_id, :inclusion
       elsif reopening? && fixed_version.closed?
@@ -738,7 +738,7 @@ class Issue < ActiveRecord::Base
       end
     end

-    if assigned_to_id_changed? && assigned_to_id.present?
+    if project && assigned_to_id_changed? && assigned_to_id.present?
       unless assignable_users.include?(assigned_to)
         errors.add :assigned_to_id, :invalid
       end
@@ -938,6 +938,8 @@ class Issue < ActiveRecord::Base

   # Users the issue can be assigned to
   def assignable_users
+    return [] if project.nil?
+
     users = project.assignable_users(tracker).to_a
     users << author if author && author.active?
     if assigned_to_id_was.present? && assignee = Principal.find_by_id(assigned_to_id_was)
@@ -949,6 +951,7 @@ class Issue < ActiveRecord::Base
   # Versions that the issue can be assigned to
   def assignable_versions
     return @assignable_versions if @assignable_versions
+    return [] if project.nil?

     versions = project.shared_versions.open.to_a
     if fixed_version