aboutsummaryrefslogtreecommitdiffstats
path: root/token.cgi
diff options
context:
space:
mode:
authordkl%redhat.com <>2008-07-10 09:56:11 +0000
committerdkl%redhat.com <>2008-07-10 09:56:11 +0000
commita7e7ed0f3a1d29800187a216b0363e0276d2f4ec (patch)
tree3a432943e95f96181b967935b22b89c8837839dd /token.cgi
parent19cb881523a402a9c5feea49d84f991e7d2dc76c (diff)
downloadbugs-a7e7ed0f3a1d29800187a216b0363e0276d2f4ec.tar
bugs-a7e7ed0f3a1d29800187a216b0363e0276d2f4ec.tar.gz
bugs-a7e7ed0f3a1d29800187a216b0363e0276d2f4ec.tar.bz2
bugs-a7e7ed0f3a1d29800187a216b0363e0276d2f4ec.tar.xz
bugs-a7e7ed0f3a1d29800187a216b0363e0276d2f4ec.zip
Bug 428659 – Setting SSL param to 'authenticated sessions' only protects logins and param doesn't protect WebService calls at all
Patch by Dave Lawrence <dkl@redhat.com> - r/a=mkanat
Diffstat (limited to 'token.cgi')
-rwxr-xr-xtoken.cgi8
1 files changed, 3 insertions, 5 deletions
diff --git a/token.cgi b/token.cgi
index c91c2f94f..71996bec0 100755
--- a/token.cgi
+++ b/token.cgi
@@ -347,11 +347,9 @@ sub request_create_account {
$vars->{'date'} = str2time($date);
# We require a HTTPS connection if possible.
- if (Bugzilla->params->{'sslbase'} ne ''
- && Bugzilla->params->{'ssl'} ne 'never')
- {
- $cgi->require_https(Bugzilla->params->{'sslbase'});
- }
+ Bugzilla->cgi->require_https(Bugzilla->params->{'sslbase'})
+ if ssl_require_redirect();
+
print $cgi->header();
$template->process('account/email/confirm-new.html.tmpl', $vars)