[JIRA] (JENKINS-16608) View name allows '..'

2013-03-22 Thread dogf...@java.net (JIRA) 














































dogfood
 commented on  JENKINS-16608


View name allows '..'















Integrated in  jenkins_main_trunk #2398
 [FIXED JENKINS-16608] View name should not allow "..". (Revision d8b29df3558724090efaf18326937075c25ba7f3)

 Result = SUCCESS
Seiji Sogabe : d8b29df3558724090efaf18326937075c25ba7f3
Files : 

	test/src/test/java/hudson/model/ViewTest.java
	core/src/main/java/jenkins/model/Jenkins.java
	core/src/main/resources/hudson/model/Messages_ja.properties
	core/src/main/resources/hudson/model/Messages.properties
	changelog.html





























This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira







-- 
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[JIRA] (JENKINS-16608) View name allows '..'

2013-03-22 Thread scm_issue_l...@java.net (JIRA) 














































SCM/JIRA link daemon
 commented on  JENKINS-16608


View name allows '..'















Code changed in jenkins
User: Seiji Sogabe
Path:
 changelog.html
 core/src/main/java/jenkins/model/Jenkins.java
 core/src/main/resources/hudson/model/Messages.properties
 core/src/main/resources/hudson/model/Messages_ja.properties
 test/src/test/java/hudson/model/ViewTest.java
http://jenkins-ci.org/commit/jenkins/d8b29df3558724090efaf18326937075c25ba7f3
Log:
  [FIXED JENKINS-16608] View name should not allow "..".



– 
You received this message because you are subscribed to the Google Groups "Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-commits+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.






























This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira







-- 
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[JIRA] (JENKINS-16608) View name allows '..'

2013-03-22 Thread scm_issue_l...@java.net (JIRA) 















































SCM/JIRA link daemon
 resolved  JENKINS-16608 as Fixed


View name allows '..'
















Change By:


SCM/JIRA link daemon
(22/Mar/13 6:41 PM)




Status:


Open
Resolved





Resolution:


Fixed



























This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira







-- 
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[JIRA] (JENKINS-16608) View name allows '..'

2013-03-22 Thread s.sog...@gmail.com (JIRA) 















































sogabe
 assigned  JENKINS-16608 to sogabe



View name allows '..'
















Change By:


sogabe
(22/Mar/13 6:36 PM)




Assignee:


sogabe



























This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira







-- 
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[JIRA] (JENKINS-16608) View name allows '..'

2013-03-22 Thread jacob.robertson.w...@gmail.com (JIRA) 














































Jacob Robertson
 updated  JENKINS-16608


View name allows '..'
















Change By:


Jacob Robertson
(22/Mar/13 2:18 PM)




Assignee:


Jacob Robertson





Component/s:


core





Component/s:


view-job-filters



























This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira







-- 
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[JIRA] (JENKINS-16608) View name allows '..'

2013-02-01 Thread jfairley+jenkin...@gmail.com (JIRA) 














































Jeffrey Fairley
 created  JENKINS-16608


View name allows '..'















Issue Type:


Bug



Affects Versions:


current



Assignee:


Jacob Robertson



Components:


view-job-filters



Created:


02/Feb/13 6:50 AM



Description:


In Jenkins 1.480.2.1 it is possible to create a view called '..'. Since actions on a view include the view name in the URL, '..' being interpreted as directory traversal is an issue. As such, it is not possible to view, edit, or delete a view with this name via standard methods.

To read more, see my post on StackOverflow.




Project:


Jenkins



Priority:


Major



Reporter:


Jeffrey Fairley

























This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira







-- 
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[JIRA] (JENKINS-16608) View name allows '..'

2013-02-01 Thread jfairley+jenkin...@gmail.com (JIRA) 














































Jeffrey Fairley
 updated  JENKINS-16608


View name allows '..'
















Change By:


Jeffrey Fairley
(02/Feb/13 6:50 AM)




Description:


In Jenkins 1.480.2.1 it is possible to create a view called '..'. Since actions on a view include the view name in the URL, '..' being interpreted as directory traversal is an issue. As such, it is not possible to view, edit, or delete a view with this name via standard methods.To read more, see my post on StackOverflow.
http://stackoverflow.com/questions/14445729/how-to-delete-a-view-named/



























This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira







-- 
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.