From a7e7ed0f3a1d29800187a216b0363e0276d2f4ec Mon Sep 17 00:00:00 2001
From: "dkl%redhat.com" <>
Date: Thu, 10 Jul 2008 09:56:11 +0000
Subject: Bug 428659 – Setting SSL param to 'authenticated sessions' only
 protects logins and param doesn't protect WebService calls at all Patch by
 Dave Lawrence <dkl@redhat.com> - r/a=mkanat
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 token.cgi | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

(limited to 'token.cgi')

diff --git a/token.cgi b/token.cgi
index c91c2f94f..71996bec0 100755
--- a/token.cgi
+++ b/token.cgi
@@ -347,11 +347,9 @@ sub request_create_account {
     $vars->{'date'} = str2time($date);
 
     # We require a HTTPS connection if possible.
-    if (Bugzilla->params->{'sslbase'} ne ''
-        && Bugzilla->params->{'ssl'} ne 'never')
-    {
-        $cgi->require_https(Bugzilla->params->{'sslbase'});
-    }
+    Bugzilla->cgi->require_https(Bugzilla->params->{'sslbase'}) 
+        if ssl_require_redirect();
+
     print $cgi->header();
 
     $template->process('account/email/confirm-new.html.tmpl', $vars)
-- 
cgit v1.2.3-24-g4f1b