-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Major
-
Component/s: core
-
Environment:Platform: All, OS: All
Guest users (when security is enabled) can trigger a new build by using direct URLs.
Nothing descructive can be done, but anyways,
guest/anonymous users should not be able to do that.
The fix is simple:
Index: src/main/java/hudson/model/Project.java
===================================================================
RCS file: /cvs/hudson/hudson/main/core/src/main/java/hudson/model/Project.java,v
retrieving revision 1.8
diff -u -r1.8 Project.java
— src/main/java/hudson/model/Project.java 20 Nov 2006 14:46:55 -0000 1.8
+++ src/main/java/hudson/model/Project.java 22 Nov 2006 12:10:52 -0000
@@ -493,6 +493,9 @@
- Schedules a new build command.
*/
public void doBuild( StaplerRequest req, StaplerResponse rsp ) throws
IOException, ServletException { + if(!Hudson.adminCheck(req,rsp)) + return; + scheduleBuild(); rsp.forwardToPreviousPage(req); }
Let me know if that's OK and I'll commit.
- depends on
-
JENKINS-178 Needed an easy way to trigger builds remotely from scripts
-
- Closed
-
