github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-12 02:24:21 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

PUT on /notifications endpoint with invalid date causes internal server error #7133

New Issue
Closed
opened 2025-11-02 07:16:35 -06:00 by GiteaMirror · 3 comments
GiteaMirror commented 2025-11-02 07:16:35 -06:00
Owner
Copy Link

Originally created by @matusf on GitHub (Apr 8, 2021).

  • Gitea version (or commit ref): Gitea version 1.13.7 built with GNU Make 4.1, go1.15.11 : bindata, sqlite, sqlite_unlock_notify
  • Git version: git version 2.17.
  • Operating system: Ubuntu 18.04
  • Downloaded gitea from downloads page
  • Running as a command-line program
  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • MSSQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL)
    • No
  • Log gist:
2021/04/08 18:14:24 Completed PUT /api/v1/notifications?last_read_at=xxx 500 Internal Server Error in 35.807758ms

Description

Make PUT request on /notifications endpoint with supplied authorization token and invalid date in query parameters. Then 500 response is returned with following response body:

curl -X PUT 'http://localhost:3000/api/v1/notifications?last_read_at=xxx' -H "Authorization: token $TOKEN"
{"message":"","url":"http://localhost:3000/api/swagger"}
Originally created by @matusf on GitHub (Apr 8, 2021). <!-- NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue --> <!-- 1. Please speak English, this is the language all maintainers can speak and write. 2. Please ask questions or configuration/deploy problems on our Discord server (https://discord.gg/gitea) or forum (https://discourse.gitea.io). 3. Please take a moment to check that your issue doesn't already exist. 4. Make sure it's not mentioned in the FAQ (https://docs.gitea.io/en-us/faq) 5. Please give all relevant information below for bug reports, because incomplete details will be handled as an invalid report. --> - Gitea version (or commit ref): Gitea version 1.13.7 built with GNU Make 4.1, go1.15.11 : bindata, sqlite, sqlite_unlock_notify - Git version: git version 2.17. - Operating system: Ubuntu 18.04 - Downloaded gitea from downloads page - Running as a command-line program - Database (use `[x]`): - [ ] PostgreSQL - [ ] MySQL - [ ] MSSQL - [x] SQLite - Can you reproduce the bug at https://try.gitea.io: - [X] Yes (provide example URL) - [ ] No - Log gist: ``` 2021/04/08 18:14:24 Completed PUT /api/v1/notifications?last_read_at=xxx 500 Internal Server Error in 35.807758ms ``` <!-- It really is important to provide pertinent logs --> <!-- Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems --> <!-- In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini --> ## Description Make PUT request on `/notifications` endpoint with supplied authorization token and invalid date in query parameters. Then 500 response is returned with following response body: ``` curl -X PUT 'http://localhost:3000/api/v1/notifications?last_read_at=xxx' -H "Authorization: token $TOKEN" {"message":"","url":"http://localhost:3000/api/swagger"} ```
GiteaMirror added the type/bugmodifies/api labels 2025-11-02 07:16:35 -06:00
GiteaMirror commented 2025-11-02 07:16:36 -06:00
Author
Owner
Copy Link

@6543 commented on GitHub (Apr 9, 2021):

I think we should return a 400 with an error description

@6543 commented on GitHub (Apr 9, 2021): I think we should return a 400 with an error description
GiteaMirror commented 2025-11-02 07:16:36 -06:00
Author
Owner
Copy Link

@zeripath commented on GitHub (Apr 10, 2021):

I mean a 500 here is not entirely inappropriate, from MDN:

500 Internal Server Error
The server has encountered a situation it doesn't know how to handle.

I think 422 is really supposed to be emitted by WebDAV servers - I'm not sure how many other services use it.

400: Bad Request is probably the better supported option.

@zeripath commented on GitHub (Apr 10, 2021): I mean a 500 here is not entirely inappropriate, from MDN: ``` 500 Internal Server Error The server has encountered a situation it doesn't know how to handle. ``` I think 422 is really supposed to be emitted by WebDAV servers - I'm not sure how many other services use it. 400: Bad Request is probably the better supported option.
GiteaMirror commented 2025-11-02 07:16:36 -06:00
Author
Owner
Copy Link

@6543 commented on GitHub (Jun 17, 2021):

shuld be solve by #16177

@6543 commented on GitHub (Jun 17, 2021): shuld be solve by #16177
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label modifies/api type/bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#7133
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?