if ($userid) {
$user = new Bugzilla::User($userid);
+ # Redirect to SSL if required
+ if (Param('sslbase') ne '' and Param('ssl') ne 'never') {
+ Bugzilla->cgi->require_https(Param('sslbase'));
+ }
+
$user->set_flags('can_logout' => $class->can_logout);
# Compat stuff
# No login details were given, but we require a login if the
# page does
if ($authres == AUTH_NODATA && $type == LOGIN_REQUIRED) {
+
+ # Redirect to SSL if required
+ if (Param('sslbase') ne '' and Param('ssl') ne 'never') {
+ $cgi->require_https(Param('sslbase'));
+ }
+
# Throw up the login page
print Bugzilla->cgi->header();
# Make sure that we don't send any charset headers
$self->charset('');
+ # Redirect to SSL if required
+ if (Param('sslbase') ne '' and Param('ssl') eq 'always') {
+ $self->require_https(Param('sslbase'));
+ }
+
# Check for errors
# All of the Bugzilla code wants to do this, so do it here instead of
# in each script
return;
}
+# Redirect to https if required
+sub require_https {
+ my $self = shift;
+ if ($self->protocol ne 'https') {
+ my $url = shift;
+ if (defined $url) {
+ $url .= $self->url('-path_info' => 1, '-query' => 1, '-relative' => 1);
+ } else {
+ $url = $self->self_url;
+ $url =~ s/^http:/https:/i;
+ }
+ print $self->redirect(-location => $url);
+ exit;
+ }
+}
1;
so that under mod_perl the headers can be sent correctly, using C<print> or
the mod_perl APIs as appropriate.
+=item C<require_https($baseurl)>
+
+This routine checks if the current page is being served over https, and
+redirects to the https protocol if required, retaining QUERY_STRING.
+
+It takes an option argument which will be used as the base URL. If $baseurl
+is not provided, the current URL is used.
+
=back
=head1 SEE ALSO
use strict;
use vars qw(@param_list);
use File::Spec; # for find_languages
+use Socket;
use Bugzilla::Config qw(:DEFAULT $templatedir $webdotdir);
+use Bugzilla::Util;
# Checking functions for the various values
# Some generic checking functions are included in Bugzilla::Config
+sub check_sslbase {
+ my $url = shift;
+ if ($url ne '') {
+ if ($url !~ m#^https://([^/]+).*/$#) {
+ return "must be a legal URL, that starts with https and ends with a slash.";
+ }
+ my $host = $1;
+ if ($host =~ /:\d+$/) {
+ return "must not contain a port.";
+ }
+ local *SOCK;
+ my $proto = getprotobyname('tcp');
+ socket(SOCK, PF_INET, SOCK_STREAM, $proto);
+ my $sin = sockaddr_in(443, inet_aton($host));
+ if (!connect(SOCK, $sin)) {
+ return "Failed to connect to " . html_quote($host) .
+ ":443, unable to enable SSL.";
+ }
+ }
+ return "";
+}
+
sub check_priority {
my ($value) = (@_);
&::GetVersionTable();
checker => \&check_urlbase
},
+ {
+ name => 'sslbase',
+ desc => 'The URL that is the common initial leading part of all HTTPS ' .
+ '(SSL) Bugzilla URLs.',
+ type => 't',
+ default => '',
+ checker => \&check_sslbase
+ },
+
+ {
+ name => 'ssl',
+ desc => 'Controls when Bugzilla should enforce sessions to use HTTPS by ' .
+ 'using <tt>sslbase</tt>.',
+ type => 's',
+ choices => ['never', 'authenticated sessions', 'always'],
+ default => 'never'
+ },
+
{
name => 'languages' ,
desc => 'A comma-separated list of RFC 1766 language tags. These ' .
projects / thirdparty / bugzilla.git / commitdiff
