Project

General

Profile

Actions

Defect #13268

closed

Invalid assignments possible when using REST API

Added by Phillip Wieser over 11 years ago. Updated 8 months ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
REST API
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Duplicate
Affected version:

Description

Technology stack:
(Bitnami with Redmine 2.2.3-0-ubuntu-12.04 in VMWare Player)

Environment:
Redmine version 2.2.3.stable
Ruby version 1.9.3 (x86_64-linux)
Rails version 3.2.12
Environment production
Database adapter Mysql2
Redmine plugins:
no plugin installed

Using REST API (XML) with curl

Description:
Several invalid field values can be submitted which result in invalid assignments. For example, a category of "3" can be set, even though this category does not exist. Also, a negative integer value can be set. For example, "-3".

This applies to the following fields:
Category_id, fixed_version_id, assigned_to_id.

Expected result:
Invalid assignments are not possible and an error message is thrown

Actions

Also available in: Atom PDF