Bug 428659 â Setting SSL param to 'authenticated sessions' only protects logins and param doesn't protect WebService calls at all

Patch by Dave Lawrence <dkl@redhat.com> - r/a=mkanat
author: dkl%redhat.com <> 2008-07-10 09:56:11 +0000
committer: dkl%redhat.com <> 2008-07-10 09:56:11 +0000
commit: a7e7ed0f3a1d29800187a216b0363e0276d2f4ec (patch)
tree: 3a432943e95f96181b967935b22b89c8837839dd /token.cgi
parent: 19cb881523a402a9c5feea49d84f991e7d2dc76c (diff)
download: bugs-a7e7ed0f3a1d29800187a216b0363e0276d2f4ec.tar
bugs-a7e7ed0f3a1d29800187a216b0363e0276d2f4ec.tar.gz
bugs-a7e7ed0f3a1d29800187a216b0363e0276d2f4ec.tar.bz2
bugs-a7e7ed0f3a1d29800187a216b0363e0276d2f4ec.tar.xz
bugs-a7e7ed0f3a1d29800187a216b0363e0276d2f4ec.zip
1 files changed, 3 insertions, 5 deletions
diff --git a/token.cgi b/token.cgi
index c91c2f94f..71996bec0 100755
--- a/token.cgi
+++ b/token.cgi
@@ -347,11 +347,9 @@ sub request_create_account {
     $vars->{'date'} = str2time($date);
 
     # We require a HTTPS connection if possible.
-    if (Bugzilla->params->{'sslbase'} ne ''
-        && Bugzilla->params->{'ssl'} ne 'never')
-    {
-        $cgi->require_https(Bugzilla->params->{'sslbase'});
-    }
+    Bugzilla->cgi->require_https(Bugzilla->params->{'sslbase'}) 
+        if ssl_require_redirect();
+
     print $cgi->header();
 
     $template->process('account/email/confirm-new.html.tmpl', $vars)
author	dkl%redhat.com <>	2008-07-10 09:56:11 +0000
committer	dkl%redhat.com <>	2008-07-10 09:56:11 +0000
commit	a7e7ed0f3a1d29800187a216b0363e0276d2f4ec (patch)
tree	3a432943e95f96181b967935b22b89c8837839dd /token.cgi
parent	19cb881523a402a9c5feea49d84f991e7d2dc76c (diff)
download	bugs-a7e7ed0f3a1d29800187a216b0363e0276d2f4ec.tar bugs-a7e7ed0f3a1d29800187a216b0363e0276d2f4ec.tar.gz bugs-a7e7ed0f3a1d29800187a216b0363e0276d2f4ec.tar.bz2 bugs-a7e7ed0f3a1d29800187a216b0363e0276d2f4ec.tar.xz bugs-a7e7ed0f3a1d29800187a216b0363e0276d2f4ec.zip