[Issue 177] New - Guest users can start builds via direct URLs

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[Issue 177] New - Guest users can start builds via direct URLs

vsizikov
https://hudson.dev.java.net/issues/show_bug.cgi?id=177
                 Issue #|177
                 Summary|Guest users can start builds via direct URLs
               Component|hudson
                 Version|current
                Platform|All
              OS/Version|All
                     URL|
                  Status|NEW
       Status whiteboard|
                Keywords|
              Resolution|
              Issue type|DEFECT
                Priority|P3
            Subcomponent|www
             Assigned to|issues@hudson
             Reported by|vsizikov






------- Additional comments from [hidden email] Wed Nov 22 12:11:57 +0000 2006 -------
Guest users (when security is enabled) can trigger a new build by using direct URLs.

Nothing descructive can be done, but anyways,
guest/anonymous users should not be able to do that.

The fix is simple:

Index: src/main/java/hudson/model/Project.java
===================================================================
RCS file: /cvs/hudson/hudson/main/core/src/main/java/hudson/model/Project.java,v
retrieving revision 1.8
diff -u -r1.8 Project.java
--- src/main/java/hudson/model/Project.java 20 Nov 2006 14:46:55 -0000 1.8
+++ src/main/java/hudson/model/Project.java 22 Nov 2006 12:10:52 -0000
@@ -493,6 +493,9 @@
      * Schedules a new build command.
      */
     public void doBuild( StaplerRequest req, StaplerResponse rsp ) throws
IOException, ServletException {
+        if(!Hudson.adminCheck(req,rsp))
+            return;
+
         scheduleBuild();
         rsp.forwardToPreviousPage(req);
     }

Let me know if that's OK and I'll commit.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]