From: Dylan William Hardison <dylan@hardison.net>
Date: Mon, 6 Mar 2017 00:50:01 +0000 (-0500)
Subject: Bug 1342795 - When urlbase is https, force the secure flag to be set on cookies.
X-Git-Tag: release-5.1.2~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dfb688869062b955488057144eaa99f5c91cea28;p=thirdparty%2Fbugzilla.git

Bug 1342795 - When urlbase is https, force the secure flag to be set on cookies.
---

diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index 14a9a5720f..edfc7ba70f 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -332,7 +332,10 @@ sub header {
         && !$self->cookie('Bugzilla_login_request_cookie'))
     {
         my %args;
-        $args{'-secure'} = 1 if Bugzilla->params->{ssl_redirect};
+        my $params = Bugzilla->params;
+        if ($params->{ssl_redirect} || $params->{urlbase} =~ /^https/i) {
+            $args{'-secure'} = 1;
+        }
 
         $self->send_cookie(-name => 'Bugzilla_login_request_cookie',
                            -value => generate_random_password(),
diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm
index d2be18431b..fcd4aff918 100644
--- a/Bugzilla/Util.pm
+++ b/Bugzilla/Util.pm
@@ -272,6 +272,7 @@ sub i_am_webservice {
 # (doing so can mess up XML-RPC).
 sub do_ssl_redirect_if_required {
     return if !i_am_cgi();
+    return if Bugzilla->params->{urlbase} =~ /^https/i;
     return if !Bugzilla->params->{'ssl_redirect'};
     return if !Bugzilla->params->{'sslbase'};