diff options
author | dkl%redhat.com <> | 2008-08-18 09:16:12 +0000 |
---|---|---|
committer | dkl%redhat.com <> | 2008-08-18 09:16:12 +0000 |
commit | 20d885c77680fc082640c0a7340be44cd02b2779 (patch) | |
tree | a7b20520a3f1e6648ed9dbb5bc72321007bace84 /index.cgi | |
parent | b3e936bf2bbc1fb1ec55732703650d9f78dfd5f0 (diff) | |
download | bugs-20d885c77680fc082640c0a7340be44cd02b2779.tar bugs-20d885c77680fc082640c0a7340be44cd02b2779.tar.gz bugs-20d885c77680fc082640c0a7340be44cd02b2779.tar.bz2 bugs-20d885c77680fc082640c0a7340be44cd02b2779.tar.xz bugs-20d885c77680fc082640c0a7340be44cd02b2779.zip |
Bug 428659 â Setting SSL param to 'authenticated sessions' only protects logins and param
doesn't protect WebService calls at all
Patch by David Lawrence <dkl@redhat.com> - r/a=LpSolit/mkanat
Diffstat (limited to 'index.cgi')
-rwxr-xr-x | index.cgi | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -46,7 +46,9 @@ my $user = Bugzilla->login(LOGIN_OPTIONAL); my $cgi = Bugzilla->cgi; # Force to use HTTPS unless Bugzilla->params->{'ssl'} equals 'never'. # This is required because the user may want to log in from here. -if (Bugzilla->params->{'sslbase'} ne '' and Bugzilla->params->{'ssl'} ne 'never') { +if ($cgi->protocol ne 'https' && Bugzilla->params->{'sslbase'} ne '' + && Bugzilla->params->{'ssl'} ne 'never') +{ $cgi->require_https(Bugzilla->params->{'sslbase'}); } |