|
||||||||||||||||
|
This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira |
||||||||||||||||
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
For more options, visit https://groups.google.com/d/optout.
Steven, I realizes this "fixes" the NPE, but I wonder if it breaks what Nicolas was trying to accomplish in 96a52696 in the first place – to prevent users without RUN_SCRIPTS from editing the groovy script.
Note that the groovy script is read-only without the RUN_SCRIPTS permission, but one could trivially edit the HTML to inject whatever groovy they like. So the server side check is still needed.
My point is, I think we need to re-open JENKINS-19852 and let @ndeloof fix the NPE in a way which still prevents editing of the groovy in this case as desired in 96a52696.