Merge pull request #51 from jenkinsci-cert/SECURITY-233

[FIX SECURITY-233] Remove multipart form exception from crumb filter

core/src/main/java/hudson/security/csrf/CrumbFilter.java

@@ -80,8 +80,8 @@ public class CrumbFilter implements Filter {
                     LOGGER.log(Level.WARNING, "Found invalid crumb {0}.  Will check remaining parameters for a valid one...", crumb);
                 }
             }
-            // Multipart requests need to be handled by each handler.
-            if (valid || isMultipart(httpRequest)) {
+
+            if (valid) {
                 chain.doFilter(request, response);
             } else {
                 LOGGER.log(Level.WARNING, "No valid crumb was included in request for {0}. Returning {1}.", new Object[] {httpRequest.getRequestURI(), HttpServletResponse.SC_FORBIDDEN});

war/src/main/webapp/scripts/hudson-behavior.js

@@ -117,6 +117,13 @@ var crumb = {
         var div = document.createElement("div");
         div.innerHTML = "<input type=hidden name='"+this.fieldName+"' value='"+this.value+"'>";
         form.appendChild(div);
+        if (form.enctype == "multipart/form-data") {
+            if (form.action.indexOf("?") != -1) {
+                form.action = form.action+"&"+this.fieldName+"="+this.value;
+            } else {
+                form.action = form.action+"?"+this.fieldName+"="+this.value;
+            }
+        }
     }
 }
 
@@ -2419,6 +2426,7 @@ function buildFormTree(form) {
                 // switch to multipart/form-data to support file submission
                 // @enctype is the standard, but IE needs @encoding.
                 form.enctype = form.encoding = "multipart/form-data";
+                crumb.appendToForm(form);
                 break;
             case "radio":
                 if(!e.checked)  break;