github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-19 14:42:41 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

Uploading asset to release leads to HTTP 500 #5521

New Issue
Closed
opened 2025-11-02 06:27:41 -06:00 by GiteaMirror · 7 comments
GiteaMirror commented 2025-11-02 06:27:41 -06:00
Owner
Copy Link

Originally created by @johndoe31415 on GitHub (Jun 9, 2020).

  • Gitea version (or commit ref): 1.11.4 built with GNU Make 4.1, go1.13.9 : bindata, sqlite, sqlite_unlock_notify
  • Git version: git version 2.20.1
  • Operating system: Debian Buster
  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • MSSQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL)
    • No
    • Not relevant
  • Log gist:

Description

When trying to upload an asset file, i.e., attach it to a release, I get a HTTP 500.

Example request headers against try.gitea.io:

URI = https://try.gitea.io/api/v1/repos/ZN1F8ddE/asdasdasdasd/releases/3301412/assets?name=x.zip

{
'User-Agent': 'python-requests/2.21.0', 
'Accept-Encoding': 'gzip, deflate', 
'Accept': 'application/json', 
'Connection': 'keep-alive', 
'Content-Type': 'multipart/form-data', 
'Authorization': 'token 7dc4bd206717db53b28cd23fedf8b8c63fdb7bc1', 
'Cookie': '_csrf=s4zdx1l24COAba_Qt3BqQVgbRbs6MTU5MTcxMjQ1NDIyMjgzMDgzMQ; i_like_gitea=249d8c93ce8136eb; lang=en-US', 
'Content-Length': '317'}

Request body (Python encoded bytes string):

b'--bd1c7f9ffb7eaa45ac8de02c5aa60333\r\nContent-Disposition: form-data; name="file"; filename="x.zip"\r\n\r\nPK\x03\x04\n\x00\x00\x00\x00\x00Y\x82\xc9P\xa3\xff*\xad\x04\x00\x00\x00\x04\x00\x00\x00\x0b\x00\x1c\x00zipfile.txtUT\t\x00\x03J\x9a\xdf^J\x9a\xdf^ux\x0b\x00\x01\x04\xe8\x03\x00\x00\x04\xe8\x03\x00\x00zip\nPK\x01\x02\x1e\x03\n\x00\x00\x00\x00\x00Y\x82\xc9P\xa3\xff*\xad\x04\x00\x00\x00\x04\x00\x00\x00\x0b\x00\x18\x00\x00\x00\x00\x00\x01\x00\x00\x00\x80\x81\x00\x00\x00\x00zipfile.txtUT\x05\x00\x03J\x9a\xdf^ux\x0b\x00\x01\x04\xe8\x03\x00\x00\x04\xe8\x03\x00\x00PK\x05\x06\x00\x00\x00\x00\x01\x00\x01\x00Q\x00\x00\x00I\x00\x00\x00\x00\x00\r\n--bd1c7f9ffb7eaa45ac8de02c5aa60333--\r\n'

Request body as base64:

LS1iZDFjN2Y5ZmZiN2VhYTQ1YWM4ZGUwMmM1YWE2MDMzMw0KQ29udGVudC1EaXNwb3NpdGlvbjogZm9ybS1kYXRhOyBuYW1lPSJmaWxlIjsgZmlsZW5hbWU9InguemlwIg0KDQpQSwMECgAAAAAAWYLJUKP/Kq0EAAAABAAAAAsAHAB6aXBmaWxlLnR4dFVUCQADSprfXkqa3151eAsAAQToAwAABOgDAAB6aXAKUEsBAh4DCgAAAAAAWYLJUKP/Kq0EAAAABAAAAAsAGAAAAAAAAQAAAICBAAAAAHppcGZpbGUudHh0VVQFAANKmt9edXgLAAEE6AMAAAToAwAAUEsFBgAAAAABAAEAUQAAAEkAAAAAAA0KLS1iZDFjN2Y5ZmZiN2VhYTQ1YWM4ZGUwMmM1YWE2MDMzMy0tDQo=
Originally created by @johndoe31415 on GitHub (Jun 9, 2020). - Gitea version (or commit ref): 1.11.4 built with GNU Make 4.1, go1.13.9 : bindata, sqlite, sqlite_unlock_notify - Git version: git version 2.20.1 - Operating system: Debian Buster - Database (use `[x]`): - [ ] PostgreSQL - [ ] MySQL - [ ] MSSQL - [x] SQLite - Can you reproduce the bug at https://try.gitea.io: - [x] Yes (provide example URL) - [ ] No - [ ] Not relevant - Log gist: ## Description When trying to upload an asset file, i.e., attach it to a release, I get a HTTP 500. Example request headers against try.gitea.io: URI = https://try.gitea.io/api/v1/repos/ZN1F8ddE/asdasdasdasd/releases/3301412/assets?name=x.zip ``` { 'User-Agent': 'python-requests/2.21.0', 'Accept-Encoding': 'gzip, deflate', 'Accept': 'application/json', 'Connection': 'keep-alive', 'Content-Type': 'multipart/form-data', 'Authorization': 'token 7dc4bd206717db53b28cd23fedf8b8c63fdb7bc1', 'Cookie': '_csrf=s4zdx1l24COAba_Qt3BqQVgbRbs6MTU5MTcxMjQ1NDIyMjgzMDgzMQ; i_like_gitea=249d8c93ce8136eb; lang=en-US', 'Content-Length': '317'} ``` Request body (Python encoded bytes string): ``` b'--bd1c7f9ffb7eaa45ac8de02c5aa60333\r\nContent-Disposition: form-data; name="file"; filename="x.zip"\r\n\r\nPK\x03\x04\n\x00\x00\x00\x00\x00Y\x82\xc9P\xa3\xff*\xad\x04\x00\x00\x00\x04\x00\x00\x00\x0b\x00\x1c\x00zipfile.txtUT\t\x00\x03J\x9a\xdf^J\x9a\xdf^ux\x0b\x00\x01\x04\xe8\x03\x00\x00\x04\xe8\x03\x00\x00zip\nPK\x01\x02\x1e\x03\n\x00\x00\x00\x00\x00Y\x82\xc9P\xa3\xff*\xad\x04\x00\x00\x00\x04\x00\x00\x00\x0b\x00\x18\x00\x00\x00\x00\x00\x01\x00\x00\x00\x80\x81\x00\x00\x00\x00zipfile.txtUT\x05\x00\x03J\x9a\xdf^ux\x0b\x00\x01\x04\xe8\x03\x00\x00\x04\xe8\x03\x00\x00PK\x05\x06\x00\x00\x00\x00\x01\x00\x01\x00Q\x00\x00\x00I\x00\x00\x00\x00\x00\r\n--bd1c7f9ffb7eaa45ac8de02c5aa60333--\r\n' ``` Request body as base64: ``` LS1iZDFjN2Y5ZmZiN2VhYTQ1YWM4ZGUwMmM1YWE2MDMzMw0KQ29udGVudC1EaXNwb3NpdGlvbjogZm9ybS1kYXRhOyBuYW1lPSJmaWxlIjsgZmlsZW5hbWU9InguemlwIg0KDQpQSwMECgAAAAAAWYLJUKP/Kq0EAAAABAAAAAsAHAB6aXBmaWxlLnR4dFVUCQADSprfXkqa3151eAsAAQToAwAABOgDAAB6aXAKUEsBAh4DCgAAAAAAWYLJUKP/Kq0EAAAABAAAAAsAGAAAAAAAAQAAAICBAAAAAHppcGZpbGUudHh0VVQFAANKmt9edXgLAAEE6AMAAAToAwAAUEsFBgAAAAABAAEAUQAAAEkAAAAAAA0KLS1iZDFjN2Y5ZmZiN2VhYTQ1YWM4ZGUwMmM1YWE2MDMzMy0tDQo= ```
GiteaMirror added the issue/confirmedtype/bug labels 2025-11-02 06:27:41 -06:00
GiteaMirror commented 2025-11-02 06:27:43 -06:00
Author
Owner
Copy Link

@johndoe31415 commented on GitHub (Jun 9, 2020):

Additional information: I receive no output at all even on TRACE in the logfile, just the HTTP 500.

@johndoe31415 commented on GitHub (Jun 9, 2020): Additional information: I receive no output at all even on TRACE in the logfile, just the HTTP 500.
GiteaMirror commented 2025-11-02 06:27:43 -06:00
Author
Owner
Copy Link

@johndoe31415 commented on GitHub (Jun 12, 2020):

This is a more easy to replicate reproducer:

$ md5sum payload.bin 
3e97148c21753bd401a47c009bc2de1f  payload.bin

$ curl -v -H 'Accept: application/json' -H 'Authorization: token 7dc4bd206717db53b28cd23fedf8b8c63fdb7bc1' -H 'Content-Type: multipart/form-data' --data-binary '@payload.bin' 'https://try.gitea.io/api/v1/repos/ZN1F8ddE/asdasdasdasd/releases/3301412/assets?name=x.zip'

gives the output:

[...]
* Using Stream ID: 1 (easy handle 0x55affccf31d0)
> POST /api/v1/repos/ZN1F8ddE/asdasdasdasd/releases/3301412/assets?name=x.zip HTTP/2
> Host: try.gitea.io
> User-Agent: curl/7.65.3
> Accept: application/json
> Authorization: token 7dc4bd206717db53b28cd23fedf8b8c63fdb7bc1
> Content-Type: multipart/form-data
> Content-Length: 317
> 
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
* We are completely uploaded and fine
< HTTP/2 500 
< content-type: text/html; charset=UTF-8
< date: Fri, 12 Jun 2020 08:20:17 GMT
< set-cookie: lang=en-US; Path=/; Max-Age=2147483647
< set-cookie: i_like_gitea=a0c97d2750ca559f; Path=/; HttpOnly
< set-cookie: _csrf=B24mRo5jVFUxKxYU14CjwfWRCSU6MTU5MTk1MDAxNzQ1ODIxMTE5MA; Path=/; Expires=Sat, 13 Jun 2020 08:20:17 GMT; HttpOnly
<

I'll attach payload.bin here (wrapped in a ZIP file because GitHub only allows that file type).
payload.zip

@johndoe31415 commented on GitHub (Jun 12, 2020): This is a more easy to replicate reproducer: ``` $ md5sum payload.bin 3e97148c21753bd401a47c009bc2de1f payload.bin $ curl -v -H 'Accept: application/json' -H 'Authorization: token 7dc4bd206717db53b28cd23fedf8b8c63fdb7bc1' -H 'Content-Type: multipart/form-data' --data-binary '@payload.bin' 'https://try.gitea.io/api/v1/repos/ZN1F8ddE/asdasdasdasd/releases/3301412/assets?name=x.zip' ``` gives the output: ``` [...] * Using Stream ID: 1 (easy handle 0x55affccf31d0) > POST /api/v1/repos/ZN1F8ddE/asdasdasdasd/releases/3301412/assets?name=x.zip HTTP/2 > Host: try.gitea.io > User-Agent: curl/7.65.3 > Accept: application/json > Authorization: token 7dc4bd206717db53b28cd23fedf8b8c63fdb7bc1 > Content-Type: multipart/form-data > Content-Length: 317 > * Connection state changed (MAX_CONCURRENT_STREAMS == 250)! * We are completely uploaded and fine < HTTP/2 500 < content-type: text/html; charset=UTF-8 < date: Fri, 12 Jun 2020 08:20:17 GMT < set-cookie: lang=en-US; Path=/; Max-Age=2147483647 < set-cookie: i_like_gitea=a0c97d2750ca559f; Path=/; HttpOnly < set-cookie: _csrf=B24mRo5jVFUxKxYU14CjwfWRCSU6MTU5MTk1MDAxNzQ1ODIxMTE5MA; Path=/; Expires=Sat, 13 Jun 2020 08:20:17 GMT; HttpOnly < ``` I'll attach `payload.bin` here (wrapped in a ZIP file because GitHub only allows that file type). [payload.zip](https://github.com/go-gitea/gitea/files/4769589/payload.zip)
GiteaMirror commented 2025-11-02 06:27:43 -06:00
Author
Owner
Copy Link

@johndoe31415 commented on GitHub (Jun 12, 2020):

Figured out the reason.... the field name should be called "attachment", I mistakenly called it "file". Still, shouldn't result in HTTP 500 IMHO, so I'm leaving this one open.

@johndoe31415 commented on GitHub (Jun 12, 2020): Figured out the reason.... the field name should be called "attachment", I mistakenly called it "file". Still, shouldn't result in HTTP 500 IMHO, so I'm leaving this one open.
GiteaMirror commented 2025-11-02 06:27:43 -06:00
Author
Owner
Copy Link

@stale[bot] commented on GitHub (Aug 17, 2020):

This issue has been automatically marked as stale because it has not had recent activity. I am here to help clear issues left open even if solved or waiting for more insight. This issue will be closed if no further activity occurs during the next 2 weeks. If the issue is still valid just add a comment to keep it alive. Thank you for your contributions.

@stale[bot] commented on GitHub (Aug 17, 2020): This issue has been automatically marked as stale because it has not had recent activity. I am here to help clear issues left open even if solved or waiting for more insight. This issue will be closed if no further activity occurs during the next 2 weeks. If the issue is still valid just add a comment to keep it alive. Thank you for your contributions.
GiteaMirror commented 2025-11-02 06:27:43 -06:00
Author
Owner
Copy Link

@stale[bot] commented on GitHub (Aug 31, 2020):

This issue has been automatically closed because of inactivity. You can re-open it if needed.

@stale[bot] commented on GitHub (Aug 31, 2020): This issue has been automatically closed because of inactivity. You can re-open it if needed.
GiteaMirror commented 2025-11-02 06:27:43 -06:00
Author
Owner
Copy Link

@johndoe31415 commented on GitHub (Aug 31, 2020):

Bad bot, no oil for you.

I thought that the added label would prevent you from closing this, but apparently no...

Also, I cannot re-open the issue. You lied to me, bot, you lied!

@johndoe31415 commented on GitHub (Aug 31, 2020): Bad bot, no oil for you. I thought that the added label would prevent you from closing this, but apparently no... Also, I cannot re-open the issue. You lied to me, bot, you lied!
GiteaMirror commented 2025-11-02 06:27:44 -06:00
Author
Owner
Copy Link

@jolheiser commented on GitHub (Aug 31, 2020):

It does, but the bot (I think) looks for the stale tag before checking for the confirmed tag.

@jolheiser commented on GitHub (Aug 31, 2020): It does, but the bot (I think) looks for the `stale` tag before checking for the `confirmed` tag.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label issue/confirmed type/bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#5521
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?