From a7e7ed0f3a1d29800187a216b0363e0276d2f4ec Mon Sep 17 00:00:00 2001 From: "dkl%redhat.com" <> Date: Thu, 10 Jul 2008 09:56:11 +0000 Subject: Bug 428659 – Setting SSL param to 'authenticated sessions' only protects logins and param doesn't protect WebService calls at all Patch by Dave Lawrence - r/a=mkanat MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- xmlrpc.cgi | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'xmlrpc.cgi') diff --git a/xmlrpc.cgi b/xmlrpc.cgi index 324382ea2..5ca40bef0 100755 --- a/xmlrpc.cgi +++ b/xmlrpc.cgi @@ -53,5 +53,9 @@ my $dispatch = { my $response = Bugzilla::WebService::XMLRPC::Transport::HTTP::CGI ->dispatch_with($dispatch) - ->on_action(sub { Bugzilla::WebService::handle_login($dispatch, @_) } ) + ->on_action(sub { + my ($action, $uri, $method) = @_; + Bugzilla::WebService::handle_login($dispatch, @_); + Bugzilla::WebService::handle_redirect(@_); + } ) ->handle; -- cgit v1.2.3-24-g4f1b