-
-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix NPE /repos/issues/search
when not signed in
#19154
Conversation
- Don't panic when on `/repos/issues/search?{created,assigned,mentioned,review_requested}=true` when client didn't pass any authentication. - Resolves go-gitea#19115
But .... should we just deny the anonymous user from querying with these What's the meaning of |
- Backport go-gitea#19154 - Don't panic when on `/repos/issues/search?{created,assigned,mentioned,review_requested}=true` when client didn't pass any authentication. - Resolves go-gitea#19115
Deny? Do you propose to return empty list and some kind of status code? Currently what it will do is filter out all issues, because none are created, commented, mentioned or review requested by userID of zero. #19115 mentions:
Which I think is indeed the correct return output. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, but I think it's better to return 400 Bad Request
when anonymous requests for created=true
, it's meaningless.
Either is fine to me.
* giteaofficial/main: Add 1.18 (go-gitea#19151) [skip ci] Updated translations via Crowdin Fix NPE `/repos/issues/search` when not signed in (go-gitea#19154) [skip ci] Updated licenses and gitignores Use custom favicon when viewing static files if it exists (go-gitea#19130) not send notification emails to inactive users (part 2) (go-gitea#19142) Make migrations SKIP_TLS_VERIFY apply to git too (go-gitea#19132) Do not send notification emails to inactive users (go-gitea#19131)
* main: Reorder issue templates and automatically add labels (go-gitea#18875) Use IterateBufferSize whilst querying repositories during adoption check (go-gitea#19140) Add 1.18 (go-gitea#19151) [skip ci] Updated translations via Crowdin Fix NPE `/repos/issues/search` when not signed in (go-gitea#19154)
## [1.16.5](https://github.com/go-gitea/gitea/releases/tag/1.16.5) - 2022-03-23 * BREAKING * Bump to build with go1.18 (go-gitea#19120 et al) (go-gitea#19127) * SECURITY * Prevent redirect to Host (2) (go-gitea#19175) (go-gitea#19186) * Try to prevent autolinking of displaynames by email readers (go-gitea#19169) (go-gitea#19183) * Clean paths when looking in Storage (go-gitea#19124) (go-gitea#19179) * Do not send notification emails to inactive users (go-gitea#19131) (go-gitea#19139) * Do not send activation email if manual confirm is set (go-gitea#19119) (go-gitea#19122) * ENHANCEMENTS * Use the new/choose link for New Issue on project page (go-gitea#19172) (go-gitea#19176) * BUGFIXES * Fix compare link in active feeds for new branch (go-gitea#19149) (go-gitea#19185) * Redirect .wiki/* ui link to /wiki (go-gitea#18831) (go-gitea#19184) * Ensure deploy keys with write access can push (go-gitea#19010) (go-gitea#19182) * Ensure that setting.LocalURL always has a trailing slash (go-gitea#19171) (go-gitea#19177) * Cleanup protected branches when deleting users & teams (go-gitea#19158) (go-gitea#19174) * Use IterateBufferSize whilst querying repositories during adoption check (go-gitea#19140) (go-gitea#19160) * Fix NPE /repos/issues/search when not signed in (go-gitea#19154) (go-gitea#19155) * Use custom favicon when viewing static files if it exists (go-gitea#19130) (go-gitea#19152) * Fix the editor height in review box (go-gitea#19003) (go-gitea#19147) * Ensure isSSH is set whenever DISABLE_HTTP_GIT is set (go-gitea#19028) (go-gitea#19146) * Fix wrong scopes caused by empty scope input (go-gitea#19029) (go-gitea#19145) * Make migrations SKIP_TLS_VERIFY apply to git too (go-gitea#19132) (go-gitea#19141) * Handle email address not exist (go-gitea#19089) (go-gitea#19121) * MISC * Update json-iterator to allow compilation with go1.18 (go-gitea#18644) (go-gitea#19100) * Update golang.org/x/crypto (go-gitea#19097) (go-gitea#19098) Signed-off-by: Andrew Thornton <[email protected]>
- Don't panic when on `/repos/issues/search?{created,assigned,mentioned,review_requested}=true` when client didn't pass any authentication. - Resolves go-gitea#19115
/repos/issues/search?{created,assigned,mentioned,review_requested}=true
when client didn't pass any authentication.created
param returns 500 if not logged in #19115