[SECURITY-412] Fix handling of restart/safeRestart URLs

core/src/main/java/jenkins/model/Jenkins.java

@@ -3367,19 +3367,25 @@ public DirectoryBrowserSupport doUserContent() {
      *
      * This first replaces "app" to {@link HudsonIsRestarting}
      */
-    @CLIMethod(name="restart")
-    @RequirePOST
     public void doRestart(StaplerRequest req, StaplerResponse rsp) throws IOException, ServletException, RestartNotSupportedException {
         checkPermission(ADMINISTER);
         if (req != null && req.getMethod().equals("GET")) {
             req.getView(this,"_restart.jelly").forward(req,rsp);
             return;
         }
 
-        restart();
+        if (req != null && req.getMethod().equals("POST")) {
+            restart();
+        }
 
-        if (rsp != null) // null for CLI
-            rsp.sendRedirect2(".");
+        rsp.sendRedirect2(".");
+    }
+
+    @CLIMethod(name="restart")
+    @Restricted(NoExternalUse.class)
+    public void cliRestart() throws RestartNotSupportedException {
+        checkPermission(ADMINISTER);
+        restart();
     }
 
     /**
@@ -3389,18 +3395,25 @@ public void doRestart(StaplerRequest req, StaplerResponse rsp) throws IOExceptio
      *
      * @since 1.332
      */
-    @CLIMethod(name="safe-restart")
-    @RequirePOST
     public HttpResponse doSafeRestart(StaplerRequest req) throws IOException, ServletException, RestartNotSupportedException {
         checkPermission(ADMINISTER);
         if (req != null && req.getMethod().equals("GET"))
             return HttpResponses.forwardToView(this,"_safeRestart.jelly");
 
-        safeRestart();
+        if (req != null && req.getMethod().equals("POST")) {
+            safeRestart();
+        }
 
         return HttpResponses.redirectToDot();
     }
 
+    @CLIMethod(name="safe-restart")
+    @Restricted(NoExternalUse.class)
+    public void cliSafeRestart() throws RestartNotSupportedException {
+        checkPermission(ADMINISTER);
+        safeRestart();
+    }
+
     /**
      * Performs a restart.
      */