[FIXED JENKINS-7847] Require POST for doConfigSubmit on jobs

23fc934c · OHTAKE Tomohiro · d951f381 · 23fc934c · 23fc934c
隐藏空白更改
内联并排

Showing with 3 addition and 2 deletion

changelog.html changelog.html +2 -2

core/src/main/java/hudson/model/Job.java core/src/main/java/hudson/model/Job.java +1 -0

未找到文件。
--- a/changelog.html
+++ b/changelog.html
@@ -56,8 +56,8 @@ Upcoming changes</a>
 <div id="trunk" style="display:none"><!--=TRUNK-BEGIN=-->
 <ul class=image>
  <li class=bug>
-    Configuring view when not logged in wipes view configuration
-    (<a href="https://issues.jenkins-ci.org/browse/JENKINS-11397">issue 11397</a>)
+    GET request to configSubmit wipes some configuration
+    (<a href="https://issues.jenkins-ci.org/browse/JENKINS-11397">issue 11397</a>, <a href="https://issues.jenkins-ci.org/browse/JENKINS-7847">issue 7847</a>)
 </ul>
 </div><!--=TRUNK-END=-->


--- a/core/src/main/java/hudson/model/Job.java
+++ b/core/src/main/java/hudson/model/Job.java
@@ -941,6 +941,7 @@ public abstract class Job<JobT extends Job<JobT, RunT>, RunT extends Run<JobT, R
    public synchronized void doConfigSubmit(StaplerRequest req,
            StaplerResponse rsp) throws IOException, ServletException, FormException {
        checkPermission(CONFIGURE);
+        requirePOST();

        description = req.getParameter("description");