Bug 428659 â Setting SSL param to 'authenticated sessions' only protects logins and param doesn't protect WebService calls at all

Patch by Dave Lawrence <dkl@redhat.com> - r/a=mkanat
author: dkl%redhat.com <> 2008-07-10 11:56:11 +0200
committer: dkl%redhat.com <> 2008-07-10 11:56:11 +0200
commit: a7e7ed0f3a1d29800187a216b0363e0276d2f4ec (patch)
tree: 3a432943e95f96181b967935b22b89c8837839dd /index.cgi
parent: 19cb881523a402a9c5feea49d84f991e7d2dc76c (diff)
download: bugzilla-a7e7ed0f3a1d29800187a216b0363e0276d2f4ec.tar.gz
bugzilla-a7e7ed0f3a1d29800187a216b0363e0276d2f4ec.tar.xz
1 files changed, 3 insertions, 3 deletions
diff --git a/index.cgi b/index.cgi
index 100941765..442617111 100755
--- a/index.cgi
+++ b/index.cgi
@@ -35,6 +35,7 @@ use Bugzilla;
 use Bugzilla::Constants;
 use Bugzilla::Error;
 use Bugzilla::Update;
+use Bugzilla::Util;
 
 # Check whether or not the user is logged in
 my $user = Bugzilla->login(LOGIN_OPTIONAL);
@@ -46,9 +47,8 @@ my $user = Bugzilla->login(LOGIN_OPTIONAL);
 my $cgi = Bugzilla->cgi;
 # Force to use HTTPS unless Bugzilla->params->{'ssl'} equals 'never'.
 # This is required because the user may want to log in from here.
-if (Bugzilla->params->{'sslbase'} ne '' and Bugzilla->params->{'ssl'} ne 'never') {
-    $cgi->require_https(Bugzilla->params->{'sslbase'});
-}
+$cgi->require_https(Bugzilla->params->{'sslbase'}) 
+    if ssl_require_redirect();
 
 my $template = Bugzilla->template;
 my $vars = {};
author	dkl%redhat.com <>	2008-07-10 11:56:11 +0200
committer	dkl%redhat.com <>	2008-07-10 11:56:11 +0200
commit	a7e7ed0f3a1d29800187a216b0363e0276d2f4ec (patch)
tree	3a432943e95f96181b967935b22b89c8837839dd /index.cgi
parent	19cb881523a402a9c5feea49d84f991e7d2dc76c (diff)
download	bugzilla-a7e7ed0f3a1d29800187a216b0363e0276d2f4ec.tar.gz bugzilla-a7e7ed0f3a1d29800187a216b0363e0276d2f4ec.tar.xz