From a7e7ed0f3a1d29800187a216b0363e0276d2f4ec Mon Sep 17 00:00:00 2001 From: "dkl%redhat.com" <> Date: Thu, 10 Jul 2008 09:56:11 +0000 Subject: Bug 428659 – Setting SSL param to 'authenticated sessions' only protects logins and param doesn't protect WebService calls at all Patch by Dave Lawrence - r/a=mkanat MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Bugzilla/Auth/Login/CGI.pm | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'Bugzilla/Auth/Login/CGI.pm') diff --git a/Bugzilla/Auth/Login/CGI.pm b/Bugzilla/Auth/Login/CGI.pm index 980e27123..0bc3ee119 100644 --- a/Bugzilla/Auth/Login/CGI.pm +++ b/Bugzilla/Auth/Login/CGI.pm @@ -66,11 +66,9 @@ sub fail_nodata { } # Redirect to SSL if required - if (Bugzilla->params->{'sslbase'} ne '' - and Bugzilla->params->{'ssl'} ne 'never') - { - $cgi->require_https(Bugzilla->params->{'sslbase'}); - } + Bugzilla->cgi->require_https(Bugzilla->params->{'sslbase'}) + if ssl_require_redirect(); + print $cgi->header(); $template->process("account/auth/login.html.tmpl", { 'target' => $cgi->url(-relative=>1) }) -- cgit v1.2.3-24-g4f1b