Bug 300093: index.cgi remains unsecure when the SSL parameter is set to "authenticate...

author lpsolit%gmail.com <>

Mon, 22 Aug 2005 02:30:07 +0000 (02:30 +0000)

committer lpsolit%gmail.com <>

Mon, 22 Aug 2005 02:30:07 +0000 (02:30 +0000)
author lpsolit%gmail.com <>
Mon, 22 Aug 2005 02:30:07 +0000 (02:30 +0000)
committer lpsolit%gmail.com <>
Mon, 22 Aug 2005 02:30:07 +0000 (02:30 +0000)
diff --git a/index.cgi b/index.cgi

index 88393b41787700c13d33f2c8dcc617b1fe2f49ad..124c81b7a3b1bbaef367e4b92d6b05a0bbccdfea 100755 (executable)
--- a/index.cgi
+++ b/index.cgi
@@ -45,6 +45,12 @@ Bugzilla->login(LOGIN_OPTIONAL);
  ###############################################################################
  
  my $cgi = Bugzilla->cgi;
+# Force to use HTTPS unless Param('ssl') equals 'never'.
+# This is required because the user may want to log in from here.
+if (Param('sslbase') ne '' and Param('ssl') ne 'never') {
+    $cgi->require_https(Param('sslbase'));
+}
+
  my $template = Bugzilla->template;
  
  # Return the appropriate HTTP response headers.
diff --git a/template/en/default/global/useful-links.html.tmpl b/template/en/default/global/useful-links.html.tmpl

index 38b193cf57c2a328781ae6d34a8d142e1291d92f..63dfe0b0489a22af558eee427fb71d8c63a8e0dc 100644 (file)
--- a/template/en/default/global/useful-links.html.tmpl
+++ b/template/en/default/global/useful-links.html.tmpl
@@ -30,7 +30,7 @@
    <div id="links-actions">
      <div class="label">Actions:</div>
      <div class="links">
-        <a href="[% Param('urlbase') %]">Home</a> | 
+        <a href="./">Home</a> | 
          <a href="enter_bug.cgi">New</a> | 
          <a href="query.cgi">Search</a> |
author	lpsolit%gmail.com <>
	Mon, 22 Aug 2005 02:30:07 +0000 (02:30 +0000)
committer	lpsolit%gmail.com <>
	Mon, 22 Aug 2005 02:30:07 +0000 (02:30 +0000)
index.cgi		patch \| blob \| blame \| history
template/en/default/global/useful-links.html.tmpl		patch \| blob \| blame \| history