diff options
author | dkl%redhat.com <> | 2008-07-10 09:56:11 +0000 |
---|---|---|
committer | dkl%redhat.com <> | 2008-07-10 09:56:11 +0000 |
commit | a7e7ed0f3a1d29800187a216b0363e0276d2f4ec (patch) | |
tree | 3a432943e95f96181b967935b22b89c8837839dd /index.cgi | |
parent | 19cb881523a402a9c5feea49d84f991e7d2dc76c (diff) | |
download | bugs-a7e7ed0f3a1d29800187a216b0363e0276d2f4ec.tar bugs-a7e7ed0f3a1d29800187a216b0363e0276d2f4ec.tar.gz bugs-a7e7ed0f3a1d29800187a216b0363e0276d2f4ec.tar.bz2 bugs-a7e7ed0f3a1d29800187a216b0363e0276d2f4ec.tar.xz bugs-a7e7ed0f3a1d29800187a216b0363e0276d2f4ec.zip |
Bug 428659 â Setting SSL param to 'authenticated sessions' only protects logins and param doesn't protect WebService calls at all
Patch by Dave Lawrence <dkl@redhat.com> - r/a=mkanat
Diffstat (limited to 'index.cgi')
-rwxr-xr-x | index.cgi | 6 |
1 files changed, 3 insertions, 3 deletions
@@ -35,6 +35,7 @@ use Bugzilla; use Bugzilla::Constants; use Bugzilla::Error; use Bugzilla::Update; +use Bugzilla::Util; # Check whether or not the user is logged in my $user = Bugzilla->login(LOGIN_OPTIONAL); @@ -46,9 +47,8 @@ my $user = Bugzilla->login(LOGIN_OPTIONAL); my $cgi = Bugzilla->cgi; # Force to use HTTPS unless Bugzilla->params->{'ssl'} equals 'never'. # This is required because the user may want to log in from here. -if (Bugzilla->params->{'sslbase'} ne '' and Bugzilla->params->{'ssl'} ne 'never') { - $cgi->require_https(Bugzilla->params->{'sslbase'}); -} +$cgi->require_https(Bugzilla->params->{'sslbase'}) + if ssl_require_redirect(); my $template = Bugzilla->template; my $vars = {}; |