From a7e7ed0f3a1d29800187a216b0363e0276d2f4ec Mon Sep 17 00:00:00 2001
From: "dkl%redhat.com" <>
Date: Thu, 10 Jul 2008 09:56:11 +0000
Subject: =?UTF-8?q?Bug=20428659=20=C3=A2=C2=80=C2=93=20Setting=20SSL=20par?=
 =?UTF-8?q?am=20to=20'authenticated=20sessions'=20only=20protects=20logins?=
 =?UTF-8?q?=20and=20param=20doesn't=20protect=20WebService=20calls=20at=20?=
 =?UTF-8?q?all=20Patch=20by=20Dave=20Lawrence=20<dkl@redhat.com>=20-=20r/a?=
 =?UTF-8?q?=3Dmkanat?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 index.cgi | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'index.cgi')

diff --git a/index.cgi b/index.cgi
index 100941765..442617111 100755
--- a/index.cgi
+++ b/index.cgi
@@ -35,6 +35,7 @@ use Bugzilla;
 use Bugzilla::Constants;
 use Bugzilla::Error;
 use Bugzilla::Update;
+use Bugzilla::Util;
 
 # Check whether or not the user is logged in
 my $user = Bugzilla->login(LOGIN_OPTIONAL);
@@ -46,9 +47,8 @@ my $user = Bugzilla->login(LOGIN_OPTIONAL);
 my $cgi = Bugzilla->cgi;
 # Force to use HTTPS unless Bugzilla->params->{'ssl'} equals 'never'.
 # This is required because the user may want to log in from here.
-if (Bugzilla->params->{'sslbase'} ne '' and Bugzilla->params->{'ssl'} ne 'never') {
-    $cgi->require_https(Bugzilla->params->{'sslbase'});
-}
+$cgi->require_https(Bugzilla->params->{'sslbase'}) 
+    if ssl_require_redirect();
 
 my $template = Bugzilla->template;
 my $vars = {};
-- 
cgit v1.2.1