diff options
| author | dkl%redhat.com <> | 2008-07-10 11:56:11 +0200 |
|---|---|---|
| committer | dkl%redhat.com <> | 2008-07-10 11:56:11 +0200 |
| commit | a7e7ed0f3a1d29800187a216b0363e0276d2f4ec (patch) | |
| tree | 3a432943e95f96181b967935b22b89c8837839dd /token.cgi | |
| parent | 19cb881523a402a9c5feea49d84f991e7d2dc76c (diff) | |
| download | bugzilla-a7e7ed0f3a1d29800187a216b0363e0276d2f4ec.tar.gz bugzilla-a7e7ed0f3a1d29800187a216b0363e0276d2f4ec.tar.xz | |
Bug 428659 â Setting SSL param to 'authenticated sessions' only protects logins and param doesn't protect WebService calls at all
Patch by Dave Lawrence <dkl@redhat.com> - r/a=mkanat
Diffstat (limited to 'token.cgi')
| -rwxr-xr-x | token.cgi | 8 |
1 files changed, 3 insertions, 5 deletions
@@ -347,11 +347,9 @@ sub request_create_account { $vars->{'date'} = str2time($date); # We require a HTTPS connection if possible. - if (Bugzilla->params->{'sslbase'} ne '' - && Bugzilla->params->{'ssl'} ne 'never') - { - $cgi->require_https(Bugzilla->params->{'sslbase'}); - } + Bugzilla->cgi->require_https(Bugzilla->params->{'sslbase'}) + if ssl_require_redirect(); + print $cgi->header(); $template->process('account/email/confirm-new.html.tmpl', $vars) |