From: lpsolit%gmail.com <>
Date: Mon, 22 Aug 2005 02:30:07 +0000 (+0000)
Subject: Bug 300093: index.cgi remains unsecure when the SSL parameter is set to "authenticate... 
X-Git-Tag: bugzilla-2.20~45
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0e81846b4d07b4abfc5da092e30e19353e6d0bb2;p=thirdparty%2Fbugzilla.git

Bug 300093: index.cgi remains unsecure when the SSL parameter is set to "authenticated sessions" - Patch by Frédéric Buclin <LpSolit@gmail.com> r/a=justdave
---

diff --git a/index.cgi b/index.cgi
index 88393b4178..124c81b7a3 100755
--- a/index.cgi
+++ b/index.cgi
@@ -45,6 +45,12 @@ Bugzilla->login(LOGIN_OPTIONAL);
 ###############################################################################
 
 my $cgi = Bugzilla->cgi;
+# Force to use HTTPS unless Param('ssl') equals 'never'.
+# This is required because the user may want to log in from here.
+if (Param('sslbase') ne '' and Param('ssl') ne 'never') {
+    $cgi->require_https(Param('sslbase'));
+}
+
 my $template = Bugzilla->template;
 
 # Return the appropriate HTTP response headers.
diff --git a/template/en/default/global/useful-links.html.tmpl b/template/en/default/global/useful-links.html.tmpl
index 38b193cf57..63dfe0b048 100644
--- a/template/en/default/global/useful-links.html.tmpl
+++ b/template/en/default/global/useful-links.html.tmpl
@@ -30,7 +30,7 @@
   <div id="links-actions">
     <div class="label">Actions:</div>
     <div class="links">
-        <a href="[% Param('urlbase') %]">Home</a> | 
+        <a href="./">Home</a> | 
         <a href="enter_bug.cgi">New</a> | 
         <a href="query.cgi">Search</a> |