From f33f48241e0a32e62fbaab4267b0eb585d9b0b9f Mon Sep 17 00:00:00 2001
From: "dkl%redhat.com" <>
Date: Tue, 29 Jul 2008 01:57:57 +0000
Subject: Backing out these patches as they cause a regression. More
 information in the respective bug reports.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bug 428659 – Setting SSL param to 'authenticated sessions' only
protects logins and param doesn't protect WebService calls at all
Patch by Dave Lawrence <dkl@redhat.com> - r/a=mkanat

Bug 445104: ssl redirects come with a 200 OK HTTP code on mod_perl
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat
---
 Bugzilla/CGI.pm | 34 +++++++++++++++-------------------
 1 file changed, 15 insertions(+), 19 deletions(-)

(limited to 'Bugzilla/CGI.pm')

diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index 0de89408e..aeb8419ca 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -72,8 +72,9 @@ sub new {
     $self->charset(Bugzilla->params->{'utf8'} ? 'UTF-8' : '');
 
     # Redirect to SSL if required
-    if (i_am_cgi() && Bugzilla->usage_mode != USAGE_MODE_WEBSERVICE 
-        && ssl_require_redirect()) 
+    if (Bugzilla->params->{'sslbase'} ne ''
+        && Bugzilla->params->{'ssl'} eq 'always'
+        && i_am_cgi())
     {
         $self->require_https(Bugzilla->params->{'sslbase'});
     }
@@ -296,23 +297,18 @@ sub remove_cookie {
 
 # Redirect to https if required
 sub require_https {
-    my ($self, $url) = @_;
-    # Do not create query string if data submitted via XMLRPC
-    my $query = Bugzilla->usage_mode == USAGE_MODE_WEBSERVICE ? 0 : 1;
-    # XMLRPC clients (SOAP::Lite at least) requires 301 to redirect properly
-    my $status = Bugzilla->usage_mode == USAGE_MODE_WEBSERVICE ? 301 : 302;
-    if (defined $url) {
-        $url .= $self->url('-path_info' => 1, '-query' => $query, '-relative' => 1);
-    } else {
-        $url = $self->self_url;
-        $url =~ s/^http:/https:/i;
+    my $self = shift;
+    if ($self->protocol ne 'https') {
+        my $url = shift;
+        if (defined $url) {
+            $url .= $self->url('-path_info' => 1, '-query' => 1, '-relative' => 1);
+        } else {
+            $url = $self->self_url;
+            $url =~ s/^http:/https:/i;
+        }
+        print $self->redirect(-location => $url);
+        exit;
     }
-    print $self->redirect(-location => $url, -status => $status);
-    # When using XML-RPC with mod_perl, we need the headers sent immediately.
-    # We used to do this by appending a newline to $self->redirect, but
-    # that breaks normal web browser redirects.
-    $self->r->rflush if $ENV{MOD_PERL};
-    exit;
 }
 
 1;
@@ -382,7 +378,7 @@ As its only argument, it takes the name of the cookie to expire.
 This routine checks if the current page is being served over https, and
 redirects to the https protocol if required, retaining QUERY_STRING.
 
-It takes an optional argument which will be used as the base URL.  If $baseurl
+It takes an option argument which will be used as the base URL.  If $baseurl
 is not provided, the current URL is used.
 
 =back
-- 
cgit v1.2.3-24-g4f1b