From 20d885c77680fc082640c0a7340be44cd02b2779 Mon Sep 17 00:00:00 2001
From: "dkl%redhat.com" <>
Date: Mon, 18 Aug 2008 09:16:12 +0000
Subject: =?UTF-8?q?Bug=20428659=20=C3=A2=C2=80=C2=93=20Setting=20SSL=20par?=
 =?UTF-8?q?am=20to=20'authenticated=20sessions'=20only=20protects=20logins?=
 =?UTF-8?q?=20and=20param=20doesn't=20protect=20WebService=20calls=20at=20?=
 =?UTF-8?q?all=20Patch=20by=20David=20Lawrence=20<dkl@redhat.com>=20-=20r/?=
 =?UTF-8?q?a=3DLpSolit/mkanat?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Bugzilla.pm | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'Bugzilla.pm')

diff --git a/Bugzilla.pm b/Bugzilla.pm
index a20aa0f6b..abba18924 100644
--- a/Bugzilla.pm
+++ b/Bugzilla.pm
@@ -270,6 +270,14 @@ sub login {
     else {
         $class->set_user($authenticated_user);
     }
+
+    # We run after the login has completed since
+    # some of the checks in ssl_require_redirect
+    # look for Bugzilla->user->id to determine 
+    # if redirection is required.
+    if (i_am_cgi() && ssl_require_redirect()) {
+        $class->cgi->require_https($class->params->{'sslbase'});
+    }
     
     return $class->user;
 }
-- 
cgit v1.2.1