Bug 300093: index.cgi remains unsecure when the SSL parameter is set to "authenticated sessions" - Patch by Frédéric Buclin <LpSolit@gmail.com> r/a=justdave

author: lpsolit%gmail.com <> 2005-08-22 04:27:40 +0200
committer: lpsolit%gmail.com <> 2005-08-22 04:27:40 +0200
commit: 353e7fc0eadd7f3622d036713aa402ce5868ac9a (patch)
tree: 5dec936344bef2dd8fcc9147efaa6521a958f6e2 /index.cgi
parent: f4966aeb0e7a655c986aeb285c1a220274ddbfd9 (diff)
download: bugzilla-353e7fc0eadd7f3622d036713aa402ce5868ac9a.tar.gz
bugzilla-353e7fc0eadd7f3622d036713aa402ce5868ac9a.tar.xz
1 files changed, 6 insertions, 0 deletions
diff --git a/index.cgi b/index.cgi
index bc3a1272f..694292fc7 100755
--- a/index.cgi
+++ b/index.cgi
@@ -43,6 +43,12 @@ Bugzilla->login(LOGIN_OPTIONAL);
 ###############################################################################
 
 my $cgi = Bugzilla->cgi;
+# Force to use HTTPS unless Param('ssl') equals 'never'.
+# This is required because the user may want to log in from here.
+if (Param('sslbase') ne '' and Param('ssl') ne 'never') {
+    $cgi->require_https(Param('sslbase'));
+}
+
 my $template = Bugzilla->template;
 
 # Return the appropriate HTTP response headers.
author	lpsolit%gmail.com <>	2005-08-22 04:27:40 +0200
committer	lpsolit%gmail.com <>	2005-08-22 04:27:40 +0200
commit	353e7fc0eadd7f3622d036713aa402ce5868ac9a (patch)
tree	5dec936344bef2dd8fcc9147efaa6521a958f6e2 /index.cgi
parent	f4966aeb0e7a655c986aeb285c1a220274ddbfd9 (diff)
download	bugzilla-353e7fc0eadd7f3622d036713aa402ce5868ac9a.tar.gz bugzilla-353e7fc0eadd7f3622d036713aa402ce5868ac9a.tar.xz