~ubuntu-branches/ubuntu/saucy/jenkins/saucy

« back to all changes in this revision

Viewing changes to core/src/main/java/hudson/model/DirectoryBrowserSupport.java

  • Committer: Package Import Robot
  • Author(s): James Page
  • Date: 2013-01-10 09:50:50 UTC
  • mfrom: (5.1.10 experimental)
  • Revision ID: package-import@ubuntu.com-20130110095050-kj8xuw20gcfh62k3
Tags: 1.480.2+dfsg-1~exp1
* New upstream release (Closes: #696816, #697617):
  - d/control: Added new BD on libjbcrypt-java.
  - d/control: Versioned BD jenkins-winstone >= 0.9.10-jenkins-40.
  - d/control: Versioned BD jenkins-trilead-ssh2 >= 214-jenkins-1.
  - Fixes the following security vulnerabilities:
    CVE-2012-6072, CVE-2012-6073, CVE-2012-6072, CVE-2013-0158.
* Tidied lintian warnings.
* Bumped Standards-Version: 3.9.4, no changes.

Show diffs side-by-side

added added

removed removed

Lines of Context:
137
137
        String pattern = req.getParameter("pattern");
138
138
        if(pattern==null)
139
139
            pattern = req.getParameter("path"); // compatibility with Hudson<1.129
140
 
        if(pattern!=null) {
 
140
        if(pattern!=null && !Util.isAbsoluteUri(pattern)) {// avoid open redirect
141
141
            rsp.sendRedirect2(pattern);
142
142
            return;
143
143
        }