Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[FIXED JENKINS-16608] View name should not allow "..".
  • Loading branch information
ssogabe committed Mar 22, 2013
1 parent 8284013 commit d8b29df
Show file tree
Hide file tree
Showing 5 changed files with 44 additions and 19 deletions.
3 changes: 3 additions & 0 deletions changelog.html
Expand Up @@ -76,6 +76,9 @@
<li class=bug>
ChangeLog should produce some output even if some (plugin) annotator fails
(<a href="https://issues.jenkins-ci.org/browse/JENKINS-17084">issue 17084</a>)
<li class=bug>
View name should not allow "..".
(<a href="https://issues.jenkins-ci.org/browse/JENKINS-16608">issue 16608</a>)
</ul>
</div><!--=TRUNK-END=-->

Expand Down
2 changes: 2 additions & 0 deletions core/src/main/java/jenkins/model/Jenkins.java
Expand Up @@ -2922,6 +2922,8 @@ public static void checkGoodName(String name) throws Failure {
if(name==null || name.length()==0)
throw new Failure(Messages.Hudson_NoName());

if("..".equals(name.trim()))
throw new Failure(Messages.Jenkins_NotAllowedName(".."));
for( int i=0; i<name.length(); i++ ) {
char ch = name.charAt(i);
if(Character.isISOControl(ch)) {
Expand Down
2 changes: 2 additions & 0 deletions core/src/main/resources/hudson/model/Messages.properties
Expand Up @@ -344,3 +344,5 @@ BuildAuthorizationToken.InvalidTokenProvided=Invalid token provided.

Jenkins.CheckDisplayName.NameNotUniqueWarning=The display name, "{0}", is used as a name by a job and could cause confusing search results.
Jenkins.CheckDisplayName.DisplayNameNotUniqueWarning=The display name, "{0}", is already in use by another job and could cause confusion and delay.

Jenkins.NotAllowedName="{0}" is not allowed name
Expand Up @@ -333,3 +333,4 @@ ManageJenkinsAction.DisplayName=Jenkins\u306e\u7ba1\u7406
Jenkins.CheckDisplayName.NameNotUniqueWarning=\u8868\u793a\u7528\u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u540d "{0}" \u306f\u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u540d\u3068\u3057\u3066\u65e2\u306b\u4f7f\u7528\u3055\u308c\u3066\u3044\u308b\u305f\u3081\u3001\u691c\u7d22\u7d50\u679c\u3067\u533a\u5225\u3067\u304d\u306a\u3044\u3053\u3068\u304c\u3042\u308a\u307e\u3059\u3002
Jenkins.CheckDisplayName.DisplayNameNotUniqueWarning=\u8868\u793a\u7528\u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u540d "{0}" \u306f\u4ed6\u306e\u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u3067\u4f7f\u7528\u3055\u308c\u3066\u3044\u308b\u305f\u3081\u3001 \u533a\u5225\u3067\u304d\u306a\u3044\u3053\u3068\u304c\u3042\u308a\u307e\u3059\u3002

Jenkins.NotAllowedName="{0}" \u306f\u8a31\u53ef\u3055\u308c\u306a\u3044\u540d\u524d\u3067\u3059\u3002
55 changes: 36 additions & 19 deletions test/src/test/java/hudson/model/ViewTest.java
Expand Up @@ -35,6 +35,9 @@
import org.w3c.dom.Text;

import static hudson.model.Messages.Hudson_ViewName;
import static junit.framework.TestCase.assertEquals;
import static junit.framework.TestCase.assertNotNull;
import static junit.framework.TestCase.fail;

/**
* @author Kohsuke Kawaguchi
Expand All @@ -46,7 +49,7 @@ public void testXHudsonHeader() throws Exception {
assertNotNull(new WebClient().goTo("/").getWebResponse().getResponseHeaderValue("X-Hudson"));
}

/**
/**
* Creating two views with the same name.
*/
@Email("http://d.hatena.ne.jp/ssogabe/20090101/1230744150")
Expand All @@ -64,7 +67,7 @@ public void testConflictingName() throws Exception {
submit(form);
fail("shouldn't be allowed to create two views of the same name.");
} catch (FailingHttpStatusCodeException e) {
assertEquals(400,e.getStatusCode());
assertEquals(400, e.getStatusCode());
}
}

Expand Down Expand Up @@ -100,24 +103,24 @@ public void testPrivateView() throws Exception {
assertEquals(((ProxyView) proxyView).getProxiedViewName(), "listView");
assertEquals(((ProxyView) proxyView).getProxiedView(), listView);
}

public void testDeleteView() throws Exception {
WebClient wc = new WebClient();

ListView v = new ListView("list", jenkins);
jenkins.addView(v);
HtmlPage delete = wc.getPage(v, "delete");
submit(delete.getFormByName("delete"));
assertNull(jenkins.getView("list"));
User user = User.get("user", true);
MyViewsProperty p = user.getProperty(MyViewsProperty.class);
v = new ListView("list", p);
p.addView(v);
delete = wc.getPage(v, "delete");
submit(delete.getFormByName("delete"));
assertNull(p.getView("list"));
WebClient wc = new WebClient();

ListView v = new ListView("list", jenkins);
jenkins.addView(v);
HtmlPage delete = wc.getPage(v, "delete");
submit(delete.getFormByName("delete"));
assertNull(jenkins.getView("list"));

User user = User.get("user", true);
MyViewsProperty p = user.getProperty(MyViewsProperty.class);
v = new ListView("list", p);
p.addView(v);
delete = wc.getPage(v, "delete");
submit(delete.getFormByName("delete"));
assertNull(p.getView("list"));

}

@Bug(9367)
Expand All @@ -137,4 +140,18 @@ public void testAllImagesCanBeLoaded() throws Exception {
webClient.setJavaScriptEnabled(false);
assertAllImageLoadSuccessfully(webClient.goTo("asynchPeople"));
}

@Bug(16608)
public void testNotAlloedName() throws Exception {
HtmlForm form = new WebClient().goTo("newView").getFormByName("createItem");
form.getInputByName("name").setValueAttribute("..");
form.getRadioButtonsByName("mode").get(0).setChecked(true);

try {
submit(form);
fail("\"..\" should not be allowed.");
} catch (FailingHttpStatusCodeException e) {
assertEquals(400, e.getStatusCode());
}
}
}

0 comments on commit d8b29df

Please sign in to comment.