Backing out these patches as they cause a regression. More information

in the respective bug reports.

Bug 428659 – Setting SSL param to 'authenticated sessions' only
protects logins and param doesn't protect WebService calls at all
Patch by Dave Lawrence <dkl@redhat.com> - r/a=mkanat

Bug 445104: ssl redirects come with a 200 OK HTTP code on mod_perl
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat

1 files changed, 1 insertions, 21 deletions

diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm
index 8e521c24a..e7a76e21d 100644
--- a/Bugzilla/Util.pm
+++ b/Bugzilla/Util.pm
@@ -36,7 +36,7 @@ use base qw(Exporter);
                              html_quote url_quote xml_quote
                              css_class_quote html_light_quote url_decode
                              i_am_cgi get_netaddr correct_urlbase
-                             lsearch ssl_require_redirect
+                             lsearch
                              diff_arrays diff_strings
                              trim wrap_hard wrap_comment find_wrap_point
                              format_time format_time_decimal validate_date
@@ -218,26 +218,6 @@ sub i_am_cgi {
     return exists $ENV{'SERVER_SOFTWARE'} ? 1 : 0;
 }
 
-sub ssl_require_redirect {
-    my $method = shift;
-
-    # Redirect to SSL if required.
-    if (!(uc($ENV{HTTPS}) eq 'ON' || $ENV{'SERVER_PORT'} == 443)
-        && Bugzilla->params->{'sslbase'} ne '') 
-    {
-        if (Bugzilla->params->{'ssl'} eq 'always'
-            || (Bugzilla->params->{'ssl'} eq 'authenticated sessions'
-                && Bugzilla->user->id)
-            || (Bugzilla->params->{'ssl'} eq 'authenticated sessions'
-                && !Bugzilla->user->id && $method eq 'User.login')) 
-        {
-            return 1;
-        }
-    }
-
-    return 0;
-}
-
 sub correct_urlbase {
     my $ssl = Bugzilla->params->{'ssl'};
     return Bugzilla->params->{'urlbase'} if $ssl eq 'never';