Add admin-permission check on _launchAll method.

I'd list this security fix in the changelog, but this method wasn't actually working properly so there was no previous security hole (it called launch() on only nodes that do NOT support launch, instead of those that DO). Fixed method to work properly now that permission check is in place (though I don't see this method used anywhere, but you can manually enter computer/_launchAll URL to invoke it). git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@14044 71c3de6d-444a-0410-be80-ed276b4c234a

Add admin-permission check on _launchAll method.
I'd list this security fix in the changelog, but this method wasn't actually working properly so there was no previous security hole (it called launch() on only nodes that do NOT support launch, instead of those that DO). Fixed method to work properly now that permission check is in place (though I don't see this method used anywhere, but you can manually enter computer/_launchAll URL to invoke it). git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@14044 71c3de6d-444a-0410-be80-ed276b4c234a
6ab07d0b · mindless · 7baeec36 · 6ab07d0b
隐藏空白更改
内联并排

Showing with 3 addition and 2 deletion

core/src/main/java/hudson/model/ComputerSet.java core/src/main/java/hudson/model/ComputerSet.java +3 -2

未找到文件。
--- a/core/src/main/java/hudson/model/ComputerSet.java
+++ b/core/src/main/java/hudson/model/ComputerSet.java
@@ -42,10 +42,11 @@ public final class ComputerSet implements ModelObject {
    }

    public void do_launchAll(StaplerRequest req, StaplerResponse rsp) throws IOException {
+        Hudson.getInstance().checkPermission(Hudson.ADMINISTER);
+
        for(Computer c : get_all()) {
            if(c.isLaunchSupported())
-                continue;
-            c.launch();
+                c.launch();
        }
        rsp.sendRedirect(".");
    }