diff options
author | mkanat%bugzilla.org <> | 2009-10-09 06:31:08 +0200 |
---|---|---|
committer | mkanat%bugzilla.org <> | 2009-10-09 06:31:08 +0200 |
commit | 8ecb3ad6ecc8d636fb205895d736108cbc8083a1 (patch) | |
tree | 69b5da83e47b1fc8481227f2ec46aba1261e84ad /Bugzilla/WebService | |
parent | 4671e0ffd9920d000fb6191999288ed12d4dac52 (diff) | |
download | bugzilla-8ecb3ad6ecc8d636fb205895d736108cbc8083a1.tar.gz bugzilla-8ecb3ad6ecc8d636fb205895d736108cbc8083a1.tar.xz |
Bug 514913: Eliminate ssl="authenticated sessions"
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat
Diffstat (limited to 'Bugzilla/WebService')
-rw-r--r-- | Bugzilla/WebService/Server.pm | 14 |
1 files changed, 0 insertions, 14 deletions
diff --git a/Bugzilla/WebService/Server.pm b/Bugzilla/WebService/Server.pm index dfb9f559a..2db182fd4 100644 --- a/Bugzilla/WebService/Server.pm +++ b/Bugzilla/WebService/Server.pm @@ -17,26 +17,12 @@ package Bugzilla::WebService::Server; use strict; -use Bugzilla::Util qw(ssl_require_redirect); sub handle_login { my ($self, $class, $method, $full_method) = @_; eval "require $class"; return if $class->login_exempt($method); Bugzilla->login(); - - # Even though we check for the need to redirect in - # Bugzilla->login() we check here again since Bugzilla->login() - # does not know what the current XMLRPC method is. Therefore - # ssl_require_redirect in Bugzilla->login() will have returned - # false if system was configured to redirect for authenticated - # sessions and the user was not yet logged in. - # So here we pass in the method name to ssl_require_redirect so - # it can then check for the extra case where the method equals - # User.login, which we would then need to redirect if not - # over a secure connection. - Bugzilla->cgi->require_https(Bugzilla->params->{'sslbase'}) - if ssl_require_redirect($full_method); } 1; |