diff options
author | lpsolit%gmail.com <> | 2005-08-22 02:27:40 +0000 |
---|---|---|
committer | lpsolit%gmail.com <> | 2005-08-22 02:27:40 +0000 |
commit | 353e7fc0eadd7f3622d036713aa402ce5868ac9a (patch) | |
tree | 5dec936344bef2dd8fcc9147efaa6521a958f6e2 /index.cgi | |
parent | Bug 70907: QuickSearch: port the JS code to perl (make it server-side) - Patc... (diff) | |
download | bugzilla-353e7fc0eadd7f3622d036713aa402ce5868ac9a.tar.gz bugzilla-353e7fc0eadd7f3622d036713aa402ce5868ac9a.tar.bz2 bugzilla-353e7fc0eadd7f3622d036713aa402ce5868ac9a.zip |
Bug 300093: index.cgi remains unsecure when the SSL parameter is set to "authenticated sessions" - Patch by Frédéric Buclin <LpSolit@gmail.com> r/a=justdave
Diffstat (limited to 'index.cgi')
-rwxr-xr-x | index.cgi | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -43,6 +43,12 @@ Bugzilla->login(LOGIN_OPTIONAL); ############################################################################### my $cgi = Bugzilla->cgi; +# Force to use HTTPS unless Param('ssl') equals 'never'. +# This is required because the user may want to log in from here. +if (Param('sslbase') ne '' and Param('ssl') ne 'never') { + $cgi->require_https(Param('sslbase')); +} + my $template = Bugzilla->template; # Return the appropriate HTTP response headers. |