Bug 428659 â Setting SSL param to 'authenticated sessions' only protects logins and param

doesn't protect WebService calls at all Patch by David Lawrence <dkl@redhat.com> - r/a=LpSolit/mkanat
author: dkl%redhat.com <> 2008-08-18 09:16:12 +0000
committer: dkl%redhat.com <> 2008-08-18 09:16:12 +0000
commit: 20d885c77680fc082640c0a7340be44cd02b2779 (patch)
tree: a7b20520a3f1e6648ed9dbb5bc72321007bace84 /Bugzilla.pm
parent: b3e936bf2bbc1fb1ec55732703650d9f78dfd5f0 (diff)
download: bugs-20d885c77680fc082640c0a7340be44cd02b2779.tar
bugs-20d885c77680fc082640c0a7340be44cd02b2779.tar.gz
bugs-20d885c77680fc082640c0a7340be44cd02b2779.tar.bz2
bugs-20d885c77680fc082640c0a7340be44cd02b2779.tar.xz
bugs-20d885c77680fc082640c0a7340be44cd02b2779.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/Bugzilla.pm b/Bugzilla.pm
index a20aa0f6b..abba18924 100644
--- a/Bugzilla.pm
+++ b/Bugzilla.pm
@@ -270,6 +270,14 @@ sub login {
     else {
         $class->set_user($authenticated_user);
     }
+
+    # We run after the login has completed since
+    # some of the checks in ssl_require_redirect
+    # look for Bugzilla->user->id to determine 
+    # if redirection is required.
+    if (i_am_cgi() && ssl_require_redirect()) {
+        $class->cgi->require_https($class->params->{'sslbase'});
+    }
     
     return $class->user;
 }
author	dkl%redhat.com <>	2008-08-18 09:16:12 +0000
committer	dkl%redhat.com <>	2008-08-18 09:16:12 +0000
commit	20d885c77680fc082640c0a7340be44cd02b2779 (patch)
tree	a7b20520a3f1e6648ed9dbb5bc72321007bace84 /Bugzilla.pm
parent	b3e936bf2bbc1fb1ec55732703650d9f78dfd5f0 (diff)
download	bugs-20d885c77680fc082640c0a7340be44cd02b2779.tar bugs-20d885c77680fc082640c0a7340be44cd02b2779.tar.gz bugs-20d885c77680fc082640c0a7340be44cd02b2779.tar.bz2 bugs-20d885c77680fc082640c0a7340be44cd02b2779.tar.xz bugs-20d885c77680fc082640c0a7340be44cd02b2779.zip