diff options
| author | dkl%redhat.com <> | 2008-07-10 11:56:11 +0200 |
|---|---|---|
| committer | dkl%redhat.com <> | 2008-07-10 11:56:11 +0200 |
| commit | a7e7ed0f3a1d29800187a216b0363e0276d2f4ec (patch) | |
| tree | 3a432943e95f96181b967935b22b89c8837839dd /Bugzilla/WebService.pm | |
| parent | 19cb881523a402a9c5feea49d84f991e7d2dc76c (diff) | |
| download | bugzilla-a7e7ed0f3a1d29800187a216b0363e0276d2f4ec.tar.gz bugzilla-a7e7ed0f3a1d29800187a216b0363e0276d2f4ec.tar.xz | |
Bug 428659 â Setting SSL param to 'authenticated sessions' only protects logins and param doesn't protect WebService calls at all
Patch by Dave Lawrence <dkl@redhat.com> - r/a=mkanat
Diffstat (limited to 'Bugzilla/WebService.pm')
| -rwxr-xr-x | Bugzilla/WebService.pm | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/Bugzilla/WebService.pm b/Bugzilla/WebService.pm index 7812a237b..13e32c9d7 100755 --- a/Bugzilla/WebService.pm +++ b/Bugzilla/WebService.pm @@ -19,6 +19,7 @@ package Bugzilla::WebService; use strict; use Bugzilla::WebService::Constants; +use Bugzilla::Util; use Date::Parse; use XMLRPC::Lite; @@ -54,6 +55,15 @@ sub handle_login { return; } +sub handle_redirect { + my ($action, $uri, $method) = @_; + my $full_method = $uri . "." . $method; + + # Redirect to SSL if required. + Bugzilla->cgi->require_https(Bugzilla->params->{'sslbase'}) + if ssl_require_redirect($full_method); +} + # For some methods, we shouldn't call Bugzilla->login before we call them use constant LOGIN_EXEMPT => { }; |