summaryrefslogtreecommitdiffstats
path: root/Bugzilla/Auth/Login
diff options
context:
space:
mode:
authordkl%redhat.com <>2008-07-10 11:56:11 +0200
committerdkl%redhat.com <>2008-07-10 11:56:11 +0200
commita7e7ed0f3a1d29800187a216b0363e0276d2f4ec (patch)
tree3a432943e95f96181b967935b22b89c8837839dd /Bugzilla/Auth/Login
parent19cb881523a402a9c5feea49d84f991e7d2dc76c (diff)
downloadbugzilla-a7e7ed0f3a1d29800187a216b0363e0276d2f4ec.tar.gz
bugzilla-a7e7ed0f3a1d29800187a216b0363e0276d2f4ec.tar.xz
Bug 428659 – Setting SSL param to 'authenticated sessions' only protects logins and param doesn't protect WebService calls at all
Patch by Dave Lawrence <dkl@redhat.com> - r/a=mkanat
Diffstat (limited to 'Bugzilla/Auth/Login')
-rw-r--r--Bugzilla/Auth/Login/CGI.pm8
1 files changed, 3 insertions, 5 deletions
diff --git a/Bugzilla/Auth/Login/CGI.pm b/Bugzilla/Auth/Login/CGI.pm
index 980e27123..0bc3ee119 100644
--- a/Bugzilla/Auth/Login/CGI.pm
+++ b/Bugzilla/Auth/Login/CGI.pm
@@ -66,11 +66,9 @@ sub fail_nodata {
}
# Redirect to SSL if required
- if (Bugzilla->params->{'sslbase'} ne ''
- and Bugzilla->params->{'ssl'} ne 'never')
- {
- $cgi->require_https(Bugzilla->params->{'sslbase'});
- }
+ Bugzilla->cgi->require_https(Bugzilla->params->{'sslbase'})
+ if ssl_require_redirect();
+
print $cgi->header();
$template->process("account/auth/login.html.tmpl",
{ 'target' => $cgi->url(-relative=>1) })