diff options
| author | jocuri%softhome.net <> | 2005-01-16 22:09:56 +0100 |
|---|---|---|
| committer | jocuri%softhome.net <> | 2005-01-16 22:09:56 +0100 |
| commit | 3b4174f1273818d1a01080ed8a97715c38e74e37 (patch) | |
| tree | f7e9fe0ae0bae21fa95d877ffeca364ad97eb3e5 /Bugzilla | |
| parent | b36c4ef40718e469d5924721cee4ef15b1a1bf64 (diff) | |
| download | bugzilla-3b4174f1273818d1a01080ed8a97715c38e74e37.tar.gz bugzilla-3b4174f1273818d1a01080ed8a97715c38e74e37.tar.xz | |
Patch for bug 260682: Support redirecting to HTTPS always or for authenticated sessions only; patch by Byron Jones (glob) <bugzilla@glob.com.au>, r=vladd, a=myk.
Diffstat (limited to 'Bugzilla')
| -rw-r--r-- | Bugzilla/Auth/Login/WWW.pm | 5 | ||||
| -rw-r--r-- | Bugzilla/Auth/Login/WWW/CGI.pm | 6 | ||||
| -rw-r--r-- | Bugzilla/CGI.pm | 28 |
3 files changed, 39 insertions, 0 deletions
diff --git a/Bugzilla/Auth/Login/WWW.pm b/Bugzilla/Auth/Login/WWW.pm index 8b7724bef..cc3ae25e2 100644 --- a/Bugzilla/Auth/Login/WWW.pm +++ b/Bugzilla/Auth/Login/WWW.pm @@ -70,6 +70,11 @@ sub login { if ($userid) { $user = new Bugzilla::User($userid); + # Redirect to SSL if required + if (Param('sslbase') ne '' and Param('ssl') ne 'never') { + Bugzilla->cgi->require_https(Param('sslbase')); + } + $user->set_flags('can_logout' => $class->can_logout); # Compat stuff diff --git a/Bugzilla/Auth/Login/WWW/CGI.pm b/Bugzilla/Auth/Login/WWW/CGI.pm index a66ce7425..10eb85f60 100644 --- a/Bugzilla/Auth/Login/WWW/CGI.pm +++ b/Bugzilla/Auth/Login/WWW/CGI.pm @@ -135,6 +135,12 @@ sub login { # No login details were given, but we require a login if the # page does if ($authres == AUTH_NODATA && $type == LOGIN_REQUIRED) { + + # Redirect to SSL if required + if (Param('sslbase') ne '' and Param('ssl') ne 'never') { + $cgi->require_https(Param('sslbase')); + } + # Throw up the login page print Bugzilla->cgi->header(); diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm index e81cf5da8..ce0a8ab6c 100644 --- a/Bugzilla/CGI.pm +++ b/Bugzilla/CGI.pm @@ -52,6 +52,11 @@ sub new { # Make sure that we don't send any charset headers $self->charset(''); + # Redirect to SSL if required + if (Param('sslbase') ne '' and Param('ssl') eq 'always') { + $self->require_https(Param('sslbase')); + } + # Check for errors # All of the Bugzilla code wants to do this, so do it here instead of # in each script @@ -185,6 +190,21 @@ sub send_cookie { return; } +# Redirect to https if required +sub require_https { + my $self = shift; + if ($self->protocol ne 'https') { + my $url = shift; + if (defined $url) { + $url .= $self->url('-path_info' => 1, '-query' => 1, '-relative' => 1); + } else { + $url = $self->self_url; + $url =~ s/^http:/https:/i; + } + print $self->redirect(-location => $url); + exit; + } +} 1; @@ -238,6 +258,14 @@ Bugzilla code (instead of C<cookie> or the C<-cookie> argument to C<header>), so that under mod_perl the headers can be sent correctly, using C<print> or the mod_perl APIs as appropriate. +=item C<require_https($baseurl)> + +This routine checks if the current page is being served over https, and +redirects to the https protocol if required, retaining QUERY_STRING. + +It takes an option argument which will be used as the base URL. If $baseurl +is not provided, the current URL is used. + =back =head1 SEE ALSO |