You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@continuum.apache.org by oc...@apache.org on 2011/04/11 17:19:02 UTC
svn commit: r1091098 - in /continuum/branches/continuum-1.3.x:
continuum-webapp-test/src/test/testng/config/
continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/
continuum-webapp/src/main/resources/ continuum-webapp/src/main/webapp/WEB-...
Author: oching
Date: Mon Apr 11 15:19:01 2011
New Revision: 1091098
URL: http://svn.apache.org/viewvc?rev=1091098&view=rev
Log:
[CONTINUUM-2622]
o added CSRF checks for delete actions and some save actions
o added selenium tests for CSRF checks
Added:
continuum/branches/continuum-1.3.x/continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/CSRFSecurityTest.java
Modified:
continuum/branches/continuum-1.3.x/continuum-webapp-test/src/test/testng/config/testng.xml
continuum/branches/continuum-1.3.x/continuum-webapp/src/main/resources/struts.xml
continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/appearance.jsp
continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildAgentsList.jsp
continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildDefinitionTemplateSummary.jsp
continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildAgent.jsp
continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildAgentGroup.jsp
continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildDefinitionTemplate.jsp
continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildEnv.jsp
continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildQueue.jsp
continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteInstallation.jsp
continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteLocalRepository.jsp
continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeletePurgeConfiguration.jsp
continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/editPom.jsp
continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/localRepositoriesList.jsp
continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/parallelbuilds.jsp
continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/purgeConfigurationsList.jsp
continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/buildResult.jsp
continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/buildResults.jsp
continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/buildDefinitionGroupSummaryComponent.jsp
continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/buildDefinitionSummaryComponent.jsp
continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/projectSummaryComponent.jsp
continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/confirmBuildDefinitionRemoval.jsp
continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/confirmBuildResultsRemoval.jsp
continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/confirmGroupRemoval.jsp
continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/confirmReleaseResultsRemoval.jsp
continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/confirmScheduleRemoval.jsp
continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/deleteBuildDefinition.jsp
continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/deleteProject.jsp
continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/groupSummary.jsp
continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/notifier/deleteNotifier.jsp
continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupMembers.jsp
continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupReleaseResults.jsp
continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupSummary.jsp
continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/schedules.jsp
Modified: continuum/branches/continuum-1.3.x/continuum-webapp-test/src/test/testng/config/testng.xml
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp-test/src/test/testng/config/testng.xml?rev=1091098&r1=1091097&r2=1091098&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp-test/src/test/testng/config/testng.xml (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp-test/src/test/testng/config/testng.xml Mon Apr 11 15:19:01 2011
@@ -62,6 +62,7 @@ under the License.
<include name="buildDefinitionTemplate" />
<include name="userroles"/>
<include name="agent"/>
+ <include name="csrf"/>
</run>
</groups>
<packages>
Added: continuum/branches/continuum-1.3.x/continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/CSRFSecurityTest.java
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/CSRFSecurityTest.java?rev=1091098&view=auto
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/CSRFSecurityTest.java (added)
+++ continuum/branches/continuum-1.3.x/continuum-webapp-test/src/test/testng/org/apache/continuum/web/test/CSRFSecurityTest.java Mon Apr 11 15:19:01 2011
@@ -0,0 +1,148 @@
+package org.apache.continuum.web.test;
+
+import org.apache.continuum.web.test.parent.AbstractContinuumTest;
+import org.testng.annotations.Test;
+
+/**
+ * Test actions that are vulnerable to CSRF.
+ */
+@Test( groups = { "csrf" }, dependsOnMethods = { "testWithCorrectUsernamePassword" } )
+public class CSRFSecurityTest
+ extends AbstractContinuumTest
+{
+ public void testCSRFDeleteProject()
+ {
+ getSelenium().open( baseUrl );
+ getSelenium().open( baseUrl + "/deleteProject!default.action?projectGroupId=2&projectId=2" );
+ assertTextPresent( "Security Alert - Invalid Token Found" );
+ assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
+ }
+
+ public void testCSRFRemoveProjectBuildDefinition()
+ {
+ getSelenium().open( baseUrl );
+ getSelenium().open( baseUrl + "/removeProjectBuildDefinition.action?projectId=1&buildDefinitionId=9&confirmed=true" );
+ assertTextPresent( "Security Alert - Invalid Token Found" );
+ assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
+ }
+
+ public void testCSRFRemoveGroupBuildDefinition()
+ {
+ getSelenium().open( baseUrl );
+ getSelenium().open( baseUrl + "/removeGroupBuildDefinition.action?projectGroupId=2&buildDefinitionId=8&confirmed=true" );
+ assertTextPresent( "Security Alert - Invalid Token Found" );
+ assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
+ }
+
+ public void testCSRFRemoveProjectGroup()
+ {
+ getSelenium().open( baseUrl );
+ getSelenium().open( baseUrl + "/removeProjectGroup.action?projectGroupId=2" );
+ assertTextPresent( "Security Alert - Invalid Token Found" );
+ assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
+ }
+
+ public void testCSRFRemoveBuildResult()
+ {
+ getSelenium().open( baseUrl );
+ getSelenium().open( baseUrl + "/removeBuildResult.action?projectId=1&buildId=1&confirmed=true" );
+ assertTextPresent( "Security Alert - Invalid Token Found" );
+ assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
+ }
+
+ public void testCSRFRemoveSchedule()
+ {
+ getSelenium().open( baseUrl );
+ getSelenium().open( baseUrl + "/removeSchedule.action?id=1&name=DEFAULT_SCHEDULE" );
+ assertTextPresent( "Security Alert - Invalid Token Found" );
+ assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
+ }
+
+ public void testCSRFRemoveReleaseResults()
+ {
+ getSelenium().open( baseUrl );
+ getSelenium().open( baseUrl + "/removeReleaseResults.action?projectGroupId=2&selectedReleaseResults=1&confirmed=true" );
+ assertTextPresent( "Security Alert - Invalid Token Found" );
+ assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
+ }
+
+ public void testCSRFSaveFooter()
+ {
+ getSelenium().open( baseUrl );
+ getSelenium().open( baseUrl + "/admin/saveFooter!saveFooter.action?footer=testValue" );
+ assertTextPresent( "Security Alert - Invalid Token Found" );
+ assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
+ }
+
+ public void testCSRFSaveCompanyPOM()
+ {
+ getSelenium().open( baseUrl );
+ getSelenium().open( baseUrl + "/admin/saveCompanyPom.action" );
+ assertTextPresent( "Security Alert - Invalid Token Found" );
+ assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
+ }
+
+ public void testCSRFDeleteBuildEnvironment()
+ {
+ getSelenium().open( baseUrl );
+ getSelenium().open( baseUrl + "/deleteBuildEnv.action?profile.id=1" );
+ assertTextPresent( "Security Alert - Invalid Token Found" );
+ assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
+ }
+
+ public void testCSRFDeleteBuildDefinitionTemplate()
+ {
+ getSelenium().open( baseUrl );
+ getSelenium().open( baseUrl + "/deleteDefinitionTemplate.action?buildDefinitionTemplate.id=5&buildDefinitionTemplate.name=Test+Template" );
+ assertTextPresent( "Security Alert - Invalid Token Found" );
+ assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
+ }
+
+ public void testCSRFDeleteBuildQueue()
+ {
+ getSelenium().open( baseUrl );
+ getSelenium().open( baseUrl + "/deleteBuildQueue.action?buildQueue.id=3&buildQueue.name=TEST_BUILD_QUEUE" );
+ assertTextPresent( "Security Alert - Invalid Token Found" );
+ assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
+ }
+
+ public void testCSRFRemoveLocalRepository()
+ {
+ getSelenium().open( baseUrl );
+ getSelenium().open( baseUrl + "/removeRepository.action?repository.id=2" );
+ assertTextPresent( "Security Alert - Invalid Token Found" );
+ assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
+ }
+
+ public void testCSRFRemovePurgeConfiguration()
+ {
+ getSelenium().open( baseUrl );
+ getSelenium().open( baseUrl + "/removePurgeConfig.action?purgeConfigId=2&confirmed=true" );
+ assertTextPresent( "Security Alert - Invalid Token Found" );
+ assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
+ }
+
+ public void testCSRFDeleteBuildAgent()
+ {
+ getSelenium().open( baseUrl );
+ getSelenium().open( baseUrl + "/security/deleteBuildAgent.action?buildAgent.url=http%3A%2F%2Flocalhost%3A8181%2Fcontinuum-buildagent%2Fxmlrpc&confirmed=true" );
+ assertTextPresent( "Security Alert - Invalid Token Found" );
+ assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
+ }
+
+ public void testCSRFDeleteBuildAgentGroup()
+ {
+ getSelenium().open( baseUrl );
+ getSelenium().open( baseUrl + "/security/deleteBuildAgentGroup.action?buildAgentGroup.name=Test+Agent+Group&confirmed=true" );
+ assertTextPresent( "Security Alert - Invalid Token Found" );
+ assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
+ }
+
+ public void testCSRFDeleteProjectGroupNotifier()
+ {
+ getSelenium().open( baseUrl );
+ getSelenium().open( baseUrl + "/deleteProjectGroupNotifier.action?projectGroupId=2¬ifierId=1¬ifierType=mail" );
+ assertTextPresent( "Security Alert - Invalid Token Found" );
+ assertTextPresent( "Possible CSRF attack detected! Invalid token found in the request." );
+ }
+}
Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/resources/struts.xml
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/resources/struts.xml?rev=1091098&r1=1091097&r2=1091098&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/resources/struts.xml (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/resources/struts.xml Mon Apr 11 15:19:01 2011
@@ -47,6 +47,9 @@
</interceptor-ref>
<interceptor-ref name="redbackPolicyEnforcement"/>
<interceptor-ref name="continuumConfigurationCheck"/>
+ <interceptor-ref name="tokenSession">
+ <param name="excludeMethods">*</param>
+ </interceptor-ref>
<interceptor-ref name="validation">
<param name="excludeMethods">input,back,cancel,browse,edit</param>
</interceptor-ref>
@@ -153,6 +156,8 @@
<param name="actionName">password</param>
<param name="namespace">/security</param>
</result>
+
+ <result name="invalid.token">/WEB-INF/jsp/redback/invalidToken.jsp</result>
</global-results>
<global-exception-mappings>
@@ -246,7 +251,9 @@
</action>
<action name="deleteProject" class="deleteProject">
- <interceptor-ref name="storeStack"/>
+ <interceptor-ref name="storeStack">
+ <param name="tokenSession.includeMethods">*</param>
+ </interceptor-ref>
<result name="delete">/WEB-INF/jsp/deleteProject.jsp</result>
<result name="success" type="redirect-action">
<param name="actionName">projectGroupSummary</param>
@@ -309,6 +316,9 @@
<action name="removeProjectBuildDefinition" class="buildDefinition" method="removeFromProject">
<result name="confirm">/WEB-INF/jsp/deleteBuildDefinition.jsp</result>
<result name="success" type="chain">projectView</result>
+ <interceptor-ref name="configuredContinuumStack">
+ <param name="tokenSession.includeMethods">removeFromProject</param>
+ </interceptor-ref>
</action>
<action name="saveGroupBuildDefinition" class="buildDefinition" method="saveToGroup">
@@ -318,6 +328,9 @@
<action name="removeGroupBuildDefinition" class="buildDefinition" method="removeFromProjectGroup">
<result name="confirm">/WEB-INF/jsp/confirmBuildDefinitionRemoval.jsp</result>
<result name="success" type="chain">projectGroupBuildDefinition</result>
+ <interceptor-ref name="configuredContinuumStack">
+ <param name="tokenSession.includeMethods">removeFromProjectGroup</param>
+ </interceptor-ref>
</action>
@@ -353,7 +366,9 @@
</action>
<action name="removeProjectGroup" class="projectGroup" method="remove">
- <interceptor-ref name="storeStack"/>
+ <interceptor-ref name="storeStack">
+ <param name="tokenSession.includeMethods">remove</param>
+ </interceptor-ref>
<result name="confirm">/WEB-INF/jsp/confirmGroupRemoval.jsp</result>
<result name="success" type="redirect-action">
<param name="actionName">groupSummary</param>
@@ -423,7 +438,9 @@
</action>
<action name="removeBuildResult" class="buildResult" method="remove">
- <interceptor-ref name="storeStack"/>
+ <interceptor-ref name="storeStack">
+ <param name="tokenSession.includeMethods">remove</param>
+ </interceptor-ref>
<result name="success" type="redirect-action">
<param name="actionName">buildResults</param>
<param name="projectId">${projectId}</param>
@@ -472,10 +489,14 @@
<result name="success" type="chain">schedules</result>
<result name="error" type="chain">schedule</result>
</action>
+
<action name="removeSchedule" class="schedule" method="remove">
<result name="confirm">/WEB-INF/jsp/confirmScheduleRemoval.jsp</result>
<result name="success" type="chain">schedules</result>
<result name="error" type="chain">schedule</result>
+ <interceptor-ref name="configuredContinuumStack">
+ <param name="tokenSession.includeMethods">remove</param>
+ </interceptor-ref>
</action>
<action name="cancelBuild" class="cancelBuild">
@@ -621,6 +642,9 @@
<param name="actionName">projectGroupReleaseResults</param>
<param name="projectGroupId">${projectGroupId}</param>
</result>
+ <interceptor-ref name="configuredContinuumStack">
+ <param name="tokenSession.includeMethods">remove</param>
+ </interceptor-ref>
</action>
<action name="viewReleases" class="distributedRelease" method="list">
@@ -652,6 +676,9 @@
<action name="saveFooter" class="configureFooter" method="saveFooter">
<result name="input">/WEB-INF/jsp/admin/appearance.jsp</result>
<result name="success">/WEB-INF/jsp/admin/appearance.jsp</result>
+ <interceptor-ref name="configuredContinuumStack">
+ <param name="tokenSession.includeMethods">saveFooter</param>
+ </interceptor-ref>
</action>
<action name="editAppearance" class="configureAppearance" method="input">
@@ -676,6 +703,9 @@
<param name="actionName">configureAppearance</param>
<param name="namespace">/admin</param>
</result>
+ <interceptor-ref name="configuredContinuumStack">
+ <param name="tokenSession.includeMethods">execute</param>
+ </interceptor-ref>
</action>
<!--
@@ -697,7 +727,9 @@
</action>
<action name="deleteBuildEnv" class="profileAdministration" method="delete">
- <interceptor-ref name="storeStack"/>
+ <interceptor-ref name="storeStack">
+ <param name="tokenSession.includeMethods">delete</param>
+ </interceptor-ref>
<result name="success" type="redirect-action">
<param name="actionName">buildEnvList</param>
<param name="namespace">/admin</param>
@@ -722,7 +754,7 @@
<action name="removeBuildEnvInstallation" class="profileAdministration" method="removeInstallation">
<result name="success">/WEB-INF/jsp/admin/editProfile.jsp</result>
- <result name="input">/WEB-INF/jsp/admin/editProfile.jsp</result>
+ <result name="input">/WEB-INF/jsp/admin/editProfile.jsp</result>
</action>
<!--
@@ -774,6 +806,9 @@
<param name="actionName">buildDefinitionTemplates.action</param>
</result>
<result name="confirm">/WEB-INF/jsp/admin/confirmDeleteBuildDefinitionTemplate.jsp</result>
+ <interceptor-ref name="configuredContinuumStack">
+ <param name="tokenSession.includeMethods">delete</param>
+ </interceptor-ref>
</action>
<action name="saveBuildDefinitionTemplate" class="buildDefinitionTemplates" method="save">
@@ -914,8 +949,11 @@
<result name="confirm">/WEB-INF/jsp/admin/confirmDeleteBuildQueue.jsp</result>
<result name="success" type="redirect-action">
<param name="actionName">buildQueueList</param>
- </result>
- </action>
+ </result>
+ <interceptor-ref name="configuredContinuumStack">
+ <param name="tokenSession.includeMethods">delete</param>
+ </interceptor-ref>
+ </action>
<!--
* Local Repository actions
@@ -940,7 +978,9 @@
</action>
<action name="removeRepository" class="localRepository" method="remove">
- <interceptor-ref name="storeStack"/>
+ <interceptor-ref name="storeStack">
+ <param name="tokenSession.includeMethods">remove</param>
+ </interceptor-ref>
<result name="confirm">/WEB-INF/jsp/admin/confirmDeleteLocalRepository.jsp</result>
<result name="success" type="redirect-action">
<param name="actionName">repositoryList</param>
@@ -983,6 +1023,9 @@
<result name="success" type="redirect-action">
<param name="actionName">purgeConfigList</param>
</result>
+ <interceptor-ref name="configuredContinuumStack">
+ <param name="tokenSession.includeMethods">remove</param>
+ </interceptor-ref>
</action>
<action name="doPurge" class="purgeConfiguration" method="purge">
@@ -1021,6 +1064,9 @@
<result name="success" type="redirect-action">
<param name="actionName">buildAgentList</param>
</result>
+ <interceptor-ref name="configuredContinuumStack">
+ <param name="tokenSession.includeMethods">delete</param>
+ </interceptor-ref>
</action>
<action name="viewBuildAgent" class="buildAgent" method="view">
@@ -1036,6 +1082,9 @@
<result name="success" type="redirect-action">
<param name="actionName">buildAgentList</param>
</result>
+ <interceptor-ref name="configuredContinuumStack">
+ <param name="tokenSession.includeMethods">deleteGroup</param>
+ </interceptor-ref>
</action>
<action name="editBuildAgentGroup" class="buildAgent" method="inputGroup">
@@ -1099,6 +1148,9 @@
<result name="delete">/WEB-INF/jsp/notifier/deleteNotifier.jsp</result>
<result name="success" type="chain">projectView</result>
<result name="to_group_page" type="chain">projectGroupNotifier</result>
+ <interceptor-ref name="configuredContinuumStack">
+ <param name="tokenSession.includeMethods">execute</param>
+ </interceptor-ref>
</action>
<action name="addProjectNotifier" class="addProjectNotifier" method="doDefault">
@@ -1175,6 +1227,9 @@
<action name="deleteProjectGroupNotifier" class="deleteGroupNotifier">
<result name="delete">/WEB-INF/jsp/notifier/deleteNotifier.jsp</result>
<result name="success" type="chain">projectGroupNotifier</result>
+ <interceptor-ref name="configuredContinuumStack">
+ <param name="tokenSession.includeMethods">execute</param>
+ </interceptor-ref>
</action>
<action name="addProjectGroupNotifier" class="addGroupNotifier" method="doDefault">
Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/appearance.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/appearance.jsp?rev=1091098&r1=1091097&r2=1091098&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/appearance.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/appearance.jsp Mon Apr 11 15:19:01 2011
@@ -94,6 +94,7 @@
</c:choose>
</c:if>
<s:form action="saveFooter!saveFooter.action" method="get" namespace="/admin">
+ <s:token/>
<div id="axial" class="h3">
<h3><s:text name="appearance.footerContent"/></h3>
<div class="axial">
Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildAgentsList.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildAgentsList.jsp?rev=1091098&r1=1091097&r2=1091098&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildAgentsList.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildAgentsList.jsp Mon Apr 11 15:19:01 2011
@@ -62,8 +62,11 @@
</s:a>
</ec:column>
<ec:column property="deleteActions" title=" " width="1%">
+ <s:token/>
<s:url id="removeBuildAgentUrl" action="deleteBuildAgent">
<s:param name="buildAgent.url">${pageScope.buildAgent.url}</s:param>
+ <s:param name="struts.token.name">struts.token</s:param>
+ <s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
<s:a href="%{removeBuildAgentUrl}">
<img src="<s:url value='/images/delete.gif' includeParams="none"/>" alt="<s:text name='delete'/>" title="<s:text name='delete'/>" border="0"/>
@@ -108,8 +111,11 @@
</s:a>
</ec:column>
<ec:column property="deleteActions" title=" " width="1%">
+ <s:token/>
<s:url id="removeBuildAgentGroupUrl" action="deleteBuildAgentGroup">
<s:param name="buildAgentGroup.name">${pageScope.buildAgentGroup.name}</s:param>
+ <s:param name="struts.token.name">struts.token</s:param>
+ <s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
<s:a href="%{removeBuildAgentGroupUrl}">
<img src="<s:url value='/images/delete.gif' includeParams="none"/>" alt="<s:text name='delete'/>" title="<s:text name='delete'/>" border="0"/>
Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildDefinitionTemplateSummary.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildDefinitionTemplateSummary.jsp?rev=1091098&r1=1091097&r2=1091098&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildDefinitionTemplateSummary.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/buildDefinitionTemplateSummary.jsp Mon Apr 11 15:19:01 2011
@@ -57,9 +57,12 @@
<img src="<s:url value='/images/delete_disabled.gif' includeParams="none"/>" alt="<s:text name='disabled'/>" title="<s:text name='disabled'/>" border="0" />
</c:when>
<c:otherwise>
+ <s:token/>
<s:url id="deleteUrl" action="deleteDefinitionTemplate" method="delete" namespace="/">
<s:param name="buildDefinitionTemplate.id">${pageScope.template.id}</s:param>
<s:param name="buildDefinitionTemplate.name">${pageScope.template.name}</s:param>
+ <s:param name="struts.token.name">struts.token</s:param>
+ <s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
<s:a href="%{deleteUrl}"><img src="<s:url value='/images/delete.gif' includeParams="none"/>" alt="<s:text name='delete'/>" title="<s:text name='delete'/>" border="0"></s:a>
</c:otherwise>
Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildAgent.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildAgent.jsp?rev=1091098&r1=1091097&r2=1091098&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildAgent.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildAgent.jsp Mon Apr 11 15:19:01 2011
@@ -40,6 +40,7 @@
</div>
<div class="functnbar3">
<s:form action="deleteBuildAgent!delete.action" method="post">
+ <s:token/>
<input type="hidden" name="buildAgent.url" value="${buildAgent.url}" />
<s:hidden name="confirmed" value="true"/>
<c1:submitcancel value="%{getText('delete')}" cancel="%{getText('cancel')}"/>
Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildAgentGroup.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildAgentGroup.jsp?rev=1091098&r1=1091097&r2=1091098&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildAgentGroup.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildAgentGroup.jsp Mon Apr 11 15:19:01 2011
@@ -40,6 +40,7 @@
</div>
<div class="functnbar3">
<s:form action="deleteBuildAgentGroup!deleteGroup.action" method="post">
+ <s:token/>
<input type="hidden" name="buildAgentGroup.name" value="${buildAgentGroup.name}" />
<s:hidden name="confirmed" value="true"/>
<c1:submitcancel value="%{getText('delete')}" cancel="%{getText('cancel')}"/>
Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildDefinitionTemplate.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildDefinitionTemplate.jsp?rev=1091098&r1=1091097&r2=1091098&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildDefinitionTemplate.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildDefinitionTemplate.jsp Mon Apr 11 15:19:01 2011
@@ -39,6 +39,7 @@
</div>
<div class="functnbar3">
<s:form action="deleteDefinitionTemplate" method="post">
+ <s:token/>
<s:hidden name="buildDefinitionTemplate.id"/>
<s:hidden name="confirmed" value="true"/>
<c1:submitcancel value="%{getText('delete')}" cancel="%{getText('cancel')}"/>
Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildEnv.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildEnv.jsp?rev=1091098&r1=1091097&r2=1091098&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildEnv.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildEnv.jsp Mon Apr 11 15:19:01 2011
@@ -39,6 +39,7 @@
</div>
<div class="functnbar3">
<s:form action="deleteBuildEnv!delete.action" method="post">
+ <s:token/>
<input type="hidden" name="profile.id" value="${profile.id}" />
<c1:submitcancel value="%{getText('delete')}" cancel="%{getText('cancel')}"/>
</s:form>
Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildQueue.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildQueue.jsp?rev=1091098&r1=1091097&r2=1091098&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildQueue.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteBuildQueue.jsp Mon Apr 11 15:19:01 2011
@@ -39,6 +39,7 @@
</div>
<div class="functnbar3">
<s:form action="deleteBuildQueue" method="post">
+ <s:token/>
<s:hidden name="buildQueue.id"/>
<s:hidden name="confirmed" value="true"/>
<c1:submitcancel value="%{getText('delete')}" cancel="%{getText('cancel')}"/>
Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteInstallation.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteInstallation.jsp?rev=1091098&r1=1091097&r2=1091098&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteInstallation.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteInstallation.jsp Mon Apr 11 15:19:01 2011
@@ -38,7 +38,7 @@
</p>
</div>
<div class="functnbar3">
- <s:form action="deleteInstallation" method="post">
+ <s:form action="deleteInstallation" method="post">
<input type="hidden" name="installation.installationId" value="${installation.installationId}" />
<s:hidden name="confirmed" value="true"/>
<c1:submitcancel value="%{getText('delete')}" cancel="%{getText('cancel')}"/>
Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteLocalRepository.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteLocalRepository.jsp?rev=1091098&r1=1091097&r2=1091098&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteLocalRepository.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeleteLocalRepository.jsp Mon Apr 11 15:19:01 2011
@@ -30,6 +30,7 @@
<h3><s:text name="deleteRepository.section.title"/></h3>
<div class="axial">
<s:form action="removeRepository" method="post">
+ <s:token/>
<s:hidden name="repository.id"/>
<s:hidden name="confirmed" value="true"/>
<s:actionerror/>
Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeletePurgeConfiguration.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeletePurgeConfiguration.jsp?rev=1091098&r1=1091097&r2=1091098&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeletePurgeConfiguration.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/confirmDeletePurgeConfiguration.jsp Mon Apr 11 15:19:01 2011
@@ -30,6 +30,7 @@
<h3><s:text name="deletePurgeConfiguration.section.title"/></h3>
<div class="axial">
<s:form action="removePurgeConfig" method="post">
+ <s:token/>
<s:hidden name="purgeConfigId"/>
<s:hidden name="confirmed" value="true"/>
<s:actionerror/>
Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/editPom.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/editPom.jsp?rev=1091098&r1=1091097&r2=1091098&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/editPom.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/editPom.jsp Mon Apr 11 15:19:01 2011
@@ -29,6 +29,7 @@
<s:actionmessage/>
<s:form method="post" action="saveCompanyPom" namespace="/admin" validate="true" theme="xhtml">
+ <s:token/>
<s:label name="companyModel.groupId" label="%{getText('appearance.companyPom.groupId')}"/>
<s:label name="companyModel.artifactId" label="%{getText('appearance.companyPom.artifactId')}"/>
<tr>
Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/localRepositoriesList.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/localRepositoriesList.jsp?rev=1091098&r1=1091097&r2=1091098&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/localRepositoriesList.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/localRepositoriesList.jsp Mon Apr 11 15:19:01 2011
@@ -76,8 +76,11 @@
</c:choose>
</ec:column>
<ec:column property="deleteActions" title=" " width="1%">
+ <s:token/>
<s:url id="removeRepositoryUrl" action="removeRepository">
<s:param name="repository.id">${pageScope.repository.id}</s:param>
+ <s:param name="struts.token.name">struts.token</s:param>
+ <s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
<c:choose>
<c:when test="${repository.name == 'DEFAULT'}">
Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/parallelbuilds.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/parallelbuilds.jsp?rev=1091098&r1=1091097&r2=1091098&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/parallelbuilds.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/parallelbuilds.jsp Mon Apr 11 15:19:01 2011
@@ -47,10 +47,13 @@
<ec:column property="name" title="Name" style="white-space: nowrap" />
<ec:column property="id" title=" " width="1%">
- <c:if test="${buildQueue.id != 1}">
+ <c:if test="${buildQueue.id != 1}">
+ <s:token/>
<s:url id="deleteBuildQueueUrl" action="deleteBuildQueue">
<s:param name="buildQueue.id">${pageScope.buildQueue.id}</s:param>
<s:param name="buildQueue.name">${pageScope.buildQueue.name}</s:param>
+ <s:param name="struts.token.name">struts.token</s:param>
+ <s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
<s:a href="%{deleteBuildQueueUrl}">
<img src="<s:url value='/images/delete.gif' includeParams="none"/>" alt="<s:text name='delete'/>" title="<s:text name='delete'/>" border="0" />
Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/purgeConfigurationsList.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/purgeConfigurationsList.jsp?rev=1091098&r1=1091097&r2=1091098&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/purgeConfigurationsList.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/admin/purgeConfigurationsList.jsp Mon Apr 11 15:19:01 2011
@@ -80,9 +80,12 @@
<s:a href="%{purgeUrl}"><img src="<s:url value='/images/purgenow.gif' includeParams="none"/>" alt="<s:text name='purge'/>" title="<s:text name='purge'/>" border="0" /></s:a>
</ec:column>
<ec:column property="deleteActions" title=" " width="1%">
+ <s:token/>
<s:url id="removePurgeConfigUrl" action="removePurgeConfig">
<s:param name="purgeConfigId">${pageScope.repoPurge.id}</s:param>
<s:param name="description">${pageScope.repoPurge.description}</s:param>
+ <s:param name="struts.token.name">struts.token</s:param>
+ <s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
<s:a href="%{removePurgeConfigUrl}"><img src="<s:url value='/images/delete.gif' includeParams="none"/>" alt="<s:text name='delete'/>" title="<s:text name='delete'/>" border="0"></s:a>
</ec:column>
@@ -129,9 +132,12 @@
<s:a href="%{purgeUrl}"><img src="<s:url value='/images/purgenow.gif' includeParams="none"/>" alt="<s:text name='purge'/>" title="<s:text name='purge'/>" border="0" /></s:a>
</ec:column>
<ec:column property="deleteActions" title=" " width="1%">
+ <s:token/>
<s:url id="removePurgeConfigUrl" action="removePurgeConfig">
<s:param name="purgeConfigId">${pageScope.dirPurge.id}</s:param>
<s:param name="description">${pageScope.dirPurge.description}</s:param>
+ <s:param name="struts.token.name">struts.token</s:param>
+ <s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
<s:a href="%{removePurgeConfigUrl}"><img src="<s:url value='/images/delete.gif' includeParams="none"/>" alt="<s:text name='delete'/>" title="<s:text name='delete'/>" border="0"></s:a>
</ec:column>
Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/buildResult.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/buildResult.jsp?rev=1091098&r1=1091097&r2=1091098&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/buildResult.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/buildResult.jsp Mon Apr 11 15:19:01 2011
@@ -77,6 +77,7 @@
<form action="removeBuildResult.action">
<input type="hidden" name="projectId" value="<s:property value="projectId"/>"/>
<input type="hidden" name="buildId" value="<s:property value="buildId"/>"/>
+ <s:token/>
<s:if test="canDelete">
<input type="submit" name="delete-project" value="<s:text name="delete"/>"/>
</s:if>
Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/buildResults.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/buildResults.jsp?rev=1091098&r1=1091097&r2=1091098&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/buildResults.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/buildResults.jsp Mon Apr 11 15:19:01 2011
@@ -51,6 +51,7 @@
<form id="buildResultsForm" action="removeBuildResults.action" method="post">
<s:hidden name="projectGroupId"/>
<s:hidden name="projectId"/>
+ <s:token/>
<s:set name="buildResults" value="buildResults" scope="request"/>
<ec:table items="buildResults"
var="buildResult"
Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/buildDefinitionGroupSummaryComponent.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/buildDefinitionGroupSummaryComponent.jsp?rev=1091098&r1=1091097&r2=1091098&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/buildDefinitionGroupSummaryComponent.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/buildDefinitionGroupSummaryComponent.jsp Mon Apr 11 15:19:01 2011
@@ -99,10 +99,13 @@
<img src="<s:url value='/images/delete_disabled.gif' includeParams="none"/>" alt="<s:text name='delete'/>" title="<s:text name='delete'/>" border="0">
</c:when>
<c:otherwise>
+ <s:token/>
<s:url id="removeUrl" action="removeGroupBuildDefinition" namespace="/">
<s:param name="projectGroupId">${pageScope.buildDefinitionSummary.projectGroupId}</s:param>
<s:param name="buildDefinitionId">${pageScope.buildDefinitionSummary.id}</s:param>
<s:param name="confirmed" value="false"/>
+ <s:param name="struts.token.name">struts.token</s:param>
+ <s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
<s:a href="%{removeUrl}">
<img src="<s:url value='/images/delete.gif' includeParams="none"/>" alt="<s:text name='delete'/>" title="<s:text name='delete'/>" border="0">
@@ -202,10 +205,13 @@
</ec:column>
<ec:column property="removeAction" title=" " width="1%">
<redback:ifAuthorized permission="continuum-modify-group" resource="${projectGroupName}">
+ <s:token/>
<s:url id="removeUrl" action="removeProjectBuildDefinition" namespace="/">
<s:param name="projectId">${pageScope.buildDefinitionSummary.projectId}</s:param>
<s:param name="buildDefinitionId">${pageScope.buildDefinitionSummary.id}</s:param>
<s:param name="confirmed" value="false"/>
+ <s:param name="struts.token.name">struts.token</s:param>
+ <s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
<s:a href="%{removeUrl}">
<img src="<s:url value='/images/delete.gif' includeParams="none"/>" alt="<s:text name='delete'/>" title="<s:text name='delete'/>" border="0">
Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/buildDefinitionSummaryComponent.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/buildDefinitionSummaryComponent.jsp?rev=1091098&r1=1091097&r2=1091098&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/buildDefinitionSummaryComponent.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/buildDefinitionSummaryComponent.jsp Mon Apr 11 15:19:01 2011
@@ -101,10 +101,13 @@
<c:choose>
<c:when test="${pageScope.buildDefinitionSummary.from=='PROJECT'}">
<redback:ifAuthorized permission="continuum-remove-project-build-definition" resource="${projectGroupName}">
+ <s:token/>
<s:url id="removeUrl" action="removeProjectBuildDefinition" namespace="/">
<s:param name="projectId">${projectId}</s:param>
<s:param name="buildDefinitionId">${pageScope.buildDefinitionSummary.id}</s:param>
<s:param name="confirmed" value="false"/>
+ <s:param name="struts.token.name">struts.token</s:param>
+ <s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
<s:a href="%{removeUrl}"><img src="<s:url value='/images/delete.gif' includeParams="none"/>" alt="<s:text name='delete'/>" title="<s:text name='delete'/>" border="0"></s:a>
</redback:ifAuthorized>
@@ -119,11 +122,14 @@
<img src="<s:url value='/images/delete_disabled.gif' includeParams="none"/>" alt="<s:text name='delete'/>" title="<s:text name='delete'/>" border="0" />
</c:when>
<c:otherwise>
+ <s:token/>
<s:url id="removeUrl" action="removeGroupBuildDefinition" namespace="/">
<s:param name="projectGroupId">${pageScope.buildDefinitionSummary.projectGroupId}</s:param>
<s:param name="buildDefinitionId">${pageScope.buildDefinitionSummary.id}</s:param>
<s:param name="groupBuildDefinition">true</s:param>
<s:param name="confirmed" value="false"/>
+ <s:param name="struts.token.name">struts.token</s:param>
+ <s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
<s:a href="%{removeUrl}"><img src="<s:url value='/images/delete.gif' includeParams="none"/>" alt="<s:text name='delete'/>" title="<s:text name='delete'/>" border="0"></s:a>
</c:otherwise>
Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/projectSummaryComponent.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/projectSummaryComponent.jsp?rev=1091098&r1=1091097&r2=1091098&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/projectSummaryComponent.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/components/projectSummaryComponent.jsp Mon Apr 11 15:19:01 2011
@@ -211,8 +211,11 @@
<c:choose>
<c:when
test="${projectIdle}">
+ <s:token/>
<s:url id="deleteProjectUrl" value="deleteProject!default.action" namespace="/">
<s:param name="projectId">${project.id}</s:param>
+ <s:param name="struts.token.name">struts.token</s:param>
+ <s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
<s:a href="%{deleteProjectUrl}">
<img src="<s:url value='/images/delete.gif' includeParams="none"/>" alt="<s:text name="delete"/>" title="<s:text name="delete"/>" border="0">
Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/confirmBuildDefinitionRemoval.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/confirmBuildDefinitionRemoval.jsp?rev=1091098&r1=1091097&r2=1091098&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/confirmBuildDefinitionRemoval.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/confirmBuildDefinitionRemoval.jsp Mon Apr 11 15:19:01 2011
@@ -41,6 +41,7 @@
</div>
<div class="functnbar3">
<s:form action="removeGroupBuildDefinition">
+ <s:token/>
<s:hidden name="buildDefinitionId"/>
<s:hidden name="projectGroupId"/>
<s:hidden name="projectId"/>
Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/confirmBuildResultsRemoval.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/confirmBuildResultsRemoval.jsp?rev=1091098&r1=1091097&r2=1091098&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/confirmBuildResultsRemoval.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/confirmBuildResultsRemoval.jsp Mon Apr 11 15:19:01 2011
@@ -44,6 +44,7 @@
<c:set var="action" value="removeBuildResults.action" />
</s:else>
<form action="${action}" method="post">
+ <s:token/>
<s:hidden name="projectGroupId"/>
<s:hidden name="projectId"/>
<s:hidden name="buildId"/>
Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/confirmGroupRemoval.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/confirmGroupRemoval.jsp?rev=1091098&r1=1091097&r2=1091098&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/confirmGroupRemoval.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/confirmGroupRemoval.jsp Mon Apr 11 15:19:01 2011
@@ -31,6 +31,7 @@
<s:form action="removeProjectGroup" method="post">
<s:hidden name="projectGroupId"/>
<s:hidden name="confirmed" value="true"/>
+ <s:token/>
<s:actionerror/>
<div class="warningmessage">
Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/confirmReleaseResultsRemoval.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/confirmReleaseResultsRemoval.jsp?rev=1091098&r1=1091097&r2=1091098&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/confirmReleaseResultsRemoval.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/confirmReleaseResultsRemoval.jsp Mon Apr 11 15:19:01 2011
@@ -41,6 +41,7 @@
<div class="functnbar3">
<s:form action="removeReleaseResults" method="post">
+ <s:token/>
<s:iterator value="selectedReleaseResults">
<input type="hidden" value="<s:property/>" name="selectedReleaseResults"/>
</s:iterator>
Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/confirmScheduleRemoval.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/confirmScheduleRemoval.jsp?rev=1091098&r1=1091097&r2=1091098&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/confirmScheduleRemoval.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/confirmScheduleRemoval.jsp Mon Apr 11 15:19:01 2011
@@ -29,6 +29,7 @@
<h3><s:text name="deleteSchedule.section.title"/></h3>
<div class="axial">
<s:form action="removeSchedule" method="post">
+ <s:token/>
<s:hidden name="id"/>
<s:hidden name="confirmed" value="true"/>
<s:actionerror/>
Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/deleteBuildDefinition.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/deleteBuildDefinition.jsp?rev=1091098&r1=1091097&r2=1091098&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/deleteBuildDefinition.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/deleteBuildDefinition.jsp Mon Apr 11 15:19:01 2011
@@ -40,6 +40,7 @@
</div>
<div class="functnbar3">
<s:form action="removeProjectBuildDefinition.action" method="post">
+ <s:token/>
<s:hidden name="projectId"/>
<s:hidden name="buildDefinitionId"/>
<s:hidden name="confirmed" value="true"/>
Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/deleteProject.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/deleteProject.jsp?rev=1091098&r1=1091097&r2=1091098&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/deleteProject.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/deleteProject.jsp Mon Apr 11 15:19:01 2011
@@ -39,6 +39,7 @@
</div>
<div class="functnbar3">
<s:form action="deleteProject.action" method="post">
+ <s:token/>
<s:hidden name="projectId"/>
<s:hidden name="projectGroupId"/>
<c1:submitcancel value="%{getText('delete')}" cancel="%{getText('cancel')}"/>
Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/groupSummary.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/groupSummary.jsp?rev=1091098&r1=1091097&r2=1091098&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/groupSummary.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/groupSummary.jsp Mon Apr 11 15:19:01 2011
@@ -96,8 +96,11 @@
</ec:column>
<ec:column property="removeProjectGroupAction" title=" " width="1%">
<redback:ifAuthorized permission="continuum-remove-group" resource="${group.name}">
+ <s:token/>
<s:url id="removeProjectGroupUrl" action="removeProjectGroup" namespace="/" includeParams="none">
<s:param name="projectGroupId">${group.id}</s:param>
+ <s:param name="struts.token.name">struts.token</s:param>
+ <s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
<s:a href="%{removeProjectGroupUrl}">
<img src="<s:url value='/images/delete.gif'/>" alt="<s:text name="projectGroup.deleteGroup"/>" title="<s:text name="projectGroup.deleteGroup"/>" border="0">
Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/notifier/deleteNotifier.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/notifier/deleteNotifier.jsp?rev=1091098&r1=1091097&r2=1091098&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/notifier/deleteNotifier.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/notifier/deleteNotifier.jsp Mon Apr 11 15:19:01 2011
@@ -41,6 +41,7 @@
<div class="functnbar3">
<s:if test="projectId == -1">
<s:form action="deleteProjectGroupNotifier.action" method="post">
+ <s:token/>
<s:hidden name="notifierId"/>
<s:hidden name="projectGroupId" />
<c1:submitcancel value="%{getText('delete')}" cancel="%{getText('cancel')}"/>
@@ -48,6 +49,7 @@
</s:if>
<s:else>
<s:form action="deleteProjectNotifier.action" method="post">
+ <s:token/>
<s:hidden name="notifierId"/>
<s:hidden name="projectId"/>
<s:hidden name="projectGroupId" />
Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupMembers.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupMembers.jsp?rev=1091098&r1=1091097&r2=1091098&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupMembers.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupMembers.jsp Mon Apr 11 15:19:01 2011
@@ -88,9 +88,12 @@
<c:choose>
<c:when
test="${pageScope.project.state == 1 || pageScope.project.state == 10 || pageScope.project.state == 2 || pageScope.project.state == 3 || pageScope.project.state == 4}">
+ <s:token/>
<s:url id="removeProjectUrl" action="deleteProject!default.action">
<s:param name="projectId">${pageScope.project.id}</s:param>
<s:param name="projectName">${pageScope.project.name}</s:param>
+ <s:param name="struts.token.name">struts.token</s:param>
+ <s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
<s:a href="%{removeProjectUrl}">
<img src="<s:url value='/images/delete.gif' includeParams="none"/>" alt="<s:text name="delete"/>" title="<s:text name="delete"/>" border="0">
Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupReleaseResults.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupReleaseResults.jsp?rev=1091098&r1=1091097&r2=1091098&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupReleaseResults.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupReleaseResults.jsp Mon Apr 11 15:19:01 2011
@@ -40,6 +40,7 @@
<h3><s:text name="projectGroup.releaseResults.section.title"><s:param>${projectGroup.name}</s:param></s:text></h3>
<form id="releaseResultsForm" action="removeReleaseResults.action" method="post">
+ <s:token/>
<s:hidden name="projectGroupId"/>
<ec:table items="releaseResults"
var="result"
Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupSummary.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupSummary.jsp?rev=1091098&r1=1091097&r2=1091098&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupSummary.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/projectGroupSummary.jsp Mon Apr 11 15:19:01 2011
@@ -173,6 +173,7 @@
<form action="removeProjectGroup.action" method="post">
<input type="hidden" name="projectGroupId" value="<s:property value="projectGroupId"/>"/>
<input type="submit" name="remove" value="<s:text name="projectGroup.deleteGroup"/>"/>
+ <s:token/>
</form>
</redback:ifAuthorized>
</td>
Modified: continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/schedules.jsp
URL: http://svn.apache.org/viewvc/continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/schedules.jsp?rev=1091098&r1=1091097&r2=1091098&view=diff
==============================================================================
--- continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/schedules.jsp (original)
+++ continuum/branches/continuum-1.3.x/continuum-webapp/src/main/webapp/WEB-INF/jsp/schedules.jsp Mon Apr 11 15:19:01 2011
@@ -51,9 +51,12 @@
<s:a href="%{editScheduleUrl}"><img src="<s:url value='/images/edit.gif' includeParams="none"/>" alt="<s:text name='edit'/>" title="<s:text name='edit'/>" border="0" /></s:a>
</ec:column>
<ec:column property="editActions" title=" " width="1%">
+ <s:token/>
<s:url id="removeScheduleUrl" action="removeSchedule">
<s:param name="id">${pageScope.schedule.id}</s:param>
<s:param name="name">${pageScope.schedule.name}</s:param>
+ <s:param name="struts.token.name">struts.token</s:param>
+ <s:param name="struts.token"><s:property value="struts.token"/></s:param>
</s:url>
<s:a href="%{removeScheduleUrl}"><img src="<s:url value='/images/delete.gif' includeParams="none"/>" alt="<s:text name='delete'/>" title="<s:text name='delete'/>" border="0"></s:a>
</ec:column>