summaryrefslogtreecommitdiffstats
path: root/Bugzilla/WebService.pm
diff options
context:
space:
mode:
Diffstat (limited to 'Bugzilla/WebService.pm')
-rwxr-xr-xBugzilla/WebService.pm17
1 files changed, 16 insertions, 1 deletions
diff --git a/Bugzilla/WebService.pm b/Bugzilla/WebService.pm
index 7812a237b..d1502468d 100755
--- a/Bugzilla/WebService.pm
+++ b/Bugzilla/WebService.pm
@@ -19,6 +19,7 @@ package Bugzilla::WebService;
use strict;
use Bugzilla::WebService::Constants;
+use Bugzilla::Util;
use Date::Parse;
use XMLRPC::Lite;
@@ -49,7 +50,21 @@ sub handle_login {
eval "require $class";
return if $class->login_exempt($method);
- Bugzilla->login;
+ Bugzilla->login();
+
+ # Even though we check for the need to redirect in
+ # Bugzilla->login() we check here again since Bugzilla->login()
+ # does not know what the current XMLRPC method is. Therefore
+ # ssl_require_redirect in Bugzilla->login() will have returned
+ # false if system was configured to redirect for authenticated
+ # sessions and the user was not yet logged in.
+ # So here we pass in the method name to ssl_require_redirect so
+ # it can then check for the extra case where the method equals
+ # User.login, which we would then need to redirect if not
+ # over a secure connection.
+ my $full_method = $uri . "." . $method;
+ Bugzilla->cgi->require_https(Bugzilla->params->{'sslbase'})
+ if ssl_require_redirect($full_method);
return;
}