[FIXED HUDSON-3721] Job-enabling API should reject GET requests.

git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@22207 71c3de6d-444a-0410-be80-ed276b4c234a

core/src/main/java/hudson/model/AbstractModelObject.java

@@ -76,7 +76,9 @@ public abstract class AbstractModelObject implements SearchableModelObject {
      * Convenience method to verify that the current request is a POST request.
      */
     protected final void requirePOST() throws ServletException {
-        String method = Stapler.getCurrentRequest().getMethod();
+        StaplerRequest req = Stapler.getCurrentRequest();
+        if (req==null)  return; // invoked outside the context of servlet
+        String method = req.getMethod();
         if(!method.equalsIgnoreCase("POST"))
             throw new ServletException("Must be POST, Can't be "+method);
     }

core/src/main/java/hudson/model/AbstractProject.java

@@ -1439,6 +1439,7 @@ public abstract class AbstractProject<P extends AbstractProject<P,R>,R extends A
     }
 
     public HttpResponse doEnable() throws IOException, ServletException {
+        requirePOST();
         checkPermission(CONFIGURE);
         makeDisabled(false);
         return new HttpRedirect(".");