[JIRA] [maven-plugin] (JENKINS-25416) text parameter with newlines causing the default goal run

[thomas.wab...@siemens.com (JIRA)]

Thomas Wabner commented on JENKINS-25416 text parameter with newlines causing the default goal run Yes, I have tried with ant ... more or less the same result: [testwebapp_svn_commit] $ cmd.exe /C '"D:\applications\prg\jenkinsSlave1\tools\hudson.tasks.Ant_AntInstallation\ant-1.9.3\bin\ant.bat -Ddeployment_reason=a b c -Dpart_svn_url=trunk/devopts/testprojects clean && exit %%ERRORLEVEL%%"' Buildfile: D:\applications\prg\jenkinsSlave1\workspace\test-webapp\testwebapp_svn_commit\build.xml test-offline: get-deps: .... the default goal is "package", but the goal configured is "clean" (which never tries to get the dependencies). With a one-liner it works. I have set for the parameter "deployment_reason" the content a b c I'm afraid that someone (the user) can also inject other commands into the command shell call and in the worst case hack or destroy the build agent (I have not started to check this ... but the escaping thing looks like a possible target)

This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira

--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.