From 353e7fc0eadd7f3622d036713aa402ce5868ac9a Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <>
Date: Mon, 22 Aug 2005 02:27:40 +0000
Subject: Bug 300093: index.cgi remains unsecure when the SSL parameter is set
 to "authenticated sessions" - Patch by Frédéric Buclin <LpSolit@gmail.com>
 r/a=justdave
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 index.cgi | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'index.cgi')

diff --git a/index.cgi b/index.cgi
index bc3a1272f..694292fc7 100755
--- a/index.cgi
+++ b/index.cgi
@@ -43,6 +43,12 @@ Bugzilla->login(LOGIN_OPTIONAL);
 ###############################################################################
 
 my $cgi = Bugzilla->cgi;
+# Force to use HTTPS unless Param('ssl') equals 'never'.
+# This is required because the user may want to log in from here.
+if (Param('sslbase') ne '' and Param('ssl') ne 'never') {
+    $cgi->require_https(Param('sslbase'));
+}
+
 my $template = Bugzilla->template;
 
 # Return the appropriate HTTP response headers.
-- 
cgit v1.2.3-24-g4f1b