diff options
author | dkl%redhat.com <> | 2008-08-18 09:16:12 +0000 |
---|---|---|
committer | dkl%redhat.com <> | 2008-08-18 09:16:12 +0000 |
commit | 20d885c77680fc082640c0a7340be44cd02b2779 (patch) | |
tree | a7b20520a3f1e6648ed9dbb5bc72321007bace84 /Bugzilla.pm | |
parent | b3e936bf2bbc1fb1ec55732703650d9f78dfd5f0 (diff) | |
download | bugs-20d885c77680fc082640c0a7340be44cd02b2779.tar bugs-20d885c77680fc082640c0a7340be44cd02b2779.tar.gz bugs-20d885c77680fc082640c0a7340be44cd02b2779.tar.bz2 bugs-20d885c77680fc082640c0a7340be44cd02b2779.tar.xz bugs-20d885c77680fc082640c0a7340be44cd02b2779.zip |
Bug 428659 â Setting SSL param to 'authenticated sessions' only protects logins and param
doesn't protect WebService calls at all
Patch by David Lawrence <dkl@redhat.com> - r/a=LpSolit/mkanat
Diffstat (limited to 'Bugzilla.pm')
-rw-r--r-- | Bugzilla.pm | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/Bugzilla.pm b/Bugzilla.pm index a20aa0f6b..abba18924 100644 --- a/Bugzilla.pm +++ b/Bugzilla.pm @@ -270,6 +270,14 @@ sub login { else { $class->set_user($authenticated_user); } + + # We run after the login has completed since + # some of the checks in ssl_require_redirect + # look for Bugzilla->user->id to determine + # if redirection is required. + if (i_am_cgi() && ssl_require_redirect()) { + $class->cgi->require_https($class->params->{'sslbase'}); + } return $class->user; } |