Skip to content
Permalink
Browse files
[FIXED JENKINS-11397] Require POST for doConfigSubmit on views
[FIXED JENKINS-7847] Require POST for doConfigSubmit on jobs

Merge remote branch 'ohtake/get-configsubmit'
  • Loading branch information
ssogabe committed Oct 20, 2011
2 parents c236f9d + e31dbf7 commit 52471787c6c5c9474e46cc396bf3b91e20036255
@@ -58,6 +58,9 @@
<li class=bug>
"Changes" in Build Summary broken in IE standard mode since 1.434
(<a href="https://issues.jenkins-ci.org/browse/JENKINS-11383">issue 11383</a>)
<li class=bug>
GET request to configSubmit wipes some configuration
(<a href="https://issues.jenkins-ci.org/browse/JENKINS-11397">issue 11397</a>, <a href="https://issues.jenkins-ci.org/browse/JENKINS-7847">issue 7847</a>)
</ul>
</div><!--=TRUNK-END=-->

@@ -157,6 +157,7 @@ public LogRecorderManager getParent() {
* Accepts submission from the configuration page.
*/
public synchronized void doConfigSubmit( StaplerRequest req, StaplerResponse rsp ) throws IOException, ServletException {
requirePOST();
JSONObject src = req.getSubmittedForm();

String newName = src.getString("name"), redirect = ".";
@@ -1059,6 +1059,7 @@ protected void _doScript( StaplerRequest req, StaplerResponse rsp, String view)
*/
public void doConfigSubmit( StaplerRequest req, StaplerResponse rsp ) throws IOException, ServletException, FormException {
checkPermission(CONFIGURE);
requirePOST();

String name = Util.fixEmptyAndTrim(req.getSubmittedForm().getString("name"));
Jenkins.checkGoodName(name);
@@ -306,6 +306,7 @@ public synchronized void doConfigSubmit( StaplerRequest req, StaplerResponse rsp
BulkChange bc = new BulkChange(MONITORS_OWNER);
try {
Jenkins.getInstance().checkPermission(Jenkins.ADMINISTER);
requirePOST();
monitors.rebuild(req,req.getSubmittedForm(),getNodeMonitorDescriptors());

// add in the rest of instances are ignored instances
@@ -941,6 +941,7 @@ private HealthReport getBuildStabilityHealthReport() {
public synchronized void doConfigSubmit(StaplerRequest req,
StaplerResponse rsp) throws IOException, ServletException, FormException {
checkPermission(CONFIGURE);
requirePOST();

description = req.getParameter("description");

@@ -1899,6 +1899,7 @@ public long getEstimatedDuration() {

public HttpResponse doConfigSubmit( StaplerRequest req ) throws IOException, ServletException, FormException {
checkPermission(UPDATE);
requirePOST();
BulkChange bc = new BulkChange(this);
try {
JSONObject json = req.getSubmittedForm();
@@ -454,6 +454,7 @@ public Api getApi() {
*/
public void doConfigSubmit( StaplerRequest req, StaplerResponse rsp ) throws IOException, ServletException, FormException {
checkPermission(Jenkins.ADMINISTER);
requirePOST();

fullName = req.getParameter("fullName");
description = req.getParameter("description");
@@ -48,7 +48,6 @@
import hudson.views.ListViewColumn;
import hudson.widgets.Widget;
import jenkins.model.Jenkins;
import net.sf.json.JSONObject;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;
import org.kohsuke.stapler.export.Exported;
@@ -698,6 +697,7 @@ public synchronized void doSubmitDescription( StaplerRequest req, StaplerRespons
*/
public final synchronized void doConfigSubmit( StaplerRequest req, StaplerResponse rsp ) throws IOException, ServletException, FormException {
checkPermission(CONFIGURE);
requirePOST();

submit(req);

@@ -707,8 +707,6 @@ public final synchronized void doConfigSubmit( StaplerRequest req, StaplerRespon

rename(req.getParameter("name"));

JSONObject json = req.getSubmittedForm();

getProperties().rebuild(req, req.getSubmittedForm(), getApplicablePropertyDescriptors());

save();
@@ -203,6 +203,7 @@ public void doConfigSubmit( StaplerRequest req, StaplerResponse rsp ) throws IOE
final Jenkins app = Jenkins.getInstance();

app.checkPermission(Jenkins.ADMINISTER);
requirePOST();

properties.rebuild(req, req.getSubmittedForm(), getApplicablePropertyDescriptors());
updateTransientActions();

0 comments on commit 5247178

Please sign in to comment.