diff options
| author | lpsolit%gmail.com <> | 2005-08-22 04:27:40 +0200 |
|---|---|---|
| committer | lpsolit%gmail.com <> | 2005-08-22 04:27:40 +0200 |
| commit | 353e7fc0eadd7f3622d036713aa402ce5868ac9a (patch) | |
| tree | 5dec936344bef2dd8fcc9147efaa6521a958f6e2 | |
| parent | f4966aeb0e7a655c986aeb285c1a220274ddbfd9 (diff) | |
| download | bugzilla-353e7fc0eadd7f3622d036713aa402ce5868ac9a.tar.gz bugzilla-353e7fc0eadd7f3622d036713aa402ce5868ac9a.tar.xz | |
Bug 300093: index.cgi remains unsecure when the SSL parameter is set to "authenticated sessions" - Patch by Frédéric Buclin <LpSolit@gmail.com> r/a=justdave
| -rwxr-xr-x | index.cgi | 6 | ||||
| -rw-r--r-- | template/en/default/global/useful-links.html.tmpl | 2 |
2 files changed, 7 insertions, 1 deletions
@@ -43,6 +43,12 @@ Bugzilla->login(LOGIN_OPTIONAL); ############################################################################### my $cgi = Bugzilla->cgi; +# Force to use HTTPS unless Param('ssl') equals 'never'. +# This is required because the user may want to log in from here. +if (Param('sslbase') ne '' and Param('ssl') ne 'never') { + $cgi->require_https(Param('sslbase')); +} + my $template = Bugzilla->template; # Return the appropriate HTTP response headers. diff --git a/template/en/default/global/useful-links.html.tmpl b/template/en/default/global/useful-links.html.tmpl index 5a01a5703..2ac89f91c 100644 --- a/template/en/default/global/useful-links.html.tmpl +++ b/template/en/default/global/useful-links.html.tmpl @@ -29,7 +29,7 @@ <div id="links-actions"> <div class="label">Actions:</div> <div class="links"> - <a href="[% Param('urlbase') %]">Home</a> | + <a href="./">Home</a> | <a href="enter_bug.cgi">New</a> | <a href="query.cgi">Search</a> | |