Stack trace on PUT for collections

Question

Stack trace on PUT for collections

dstockto opened this issue 10 years ago · 6 comments

If you PUT to a collection URI something that isn't an array you get a 500 Internal server error and a stack trace. It should probably be a 400 with an error but no stack trace.

Answer 1 · 2015-07-08T21:22:47.000Z

Is this still true? v1.0.5 had a fix for #35 that likely fixes this, but I'm not 100% certain. Are you still seeing the problem today, @dstockto ?

Answer 2 · 2015-07-09T05:28:21.000Z

Yes, as far as I can remember for the repro steps.

I just tried this running v1.0.7 and was able to get a 500 with a stack trace by sending in a JSON object with a random key/value into a collection PUT URI.

Answer 3 · 2015-07-09T13:33:04.000Z

@dstockto I've just tested, and the situation is definitely resolved in the latest versions.

Answer 4 · 2015-07-09T16:44:42.000Z

Per @dstockto in IRC, the issue found was specifically when sending an object to PUT for a collection.

Answer 5 · 2015-07-09T16:51:34.000Z

I've recreated the issue with the following payload:

{
  "foo": "bar"
}

This returns a 500 status, with a problem detail indicating the issue. However, it should return a 400, and likely no stack trace; the issue is the client is sending an invalid data structure.

(The issue is that each item in the object or array should be an object or array, as it's supposed to be a set of entities.)

Answer 6 · 2015-07-09T19:08:13.000Z

The issue is in zf-rest, as the checks for array or object are done in the Resource class:

I'll update those exceptions to use a 400 status code.