36
36
html_quote url_quote xml_quote
37
37
css_class_quote html_light_quote url_decode
38
38
i_am_cgi get_netaddr correct_urlbase
39
lsearch ssl_require_redirect use_attachbase
39
lsearch do_ssl_redirect_if_required use_attachbase
41
41
trim wrap_hard wrap_comment find_wrap_point
42
42
format_time format_time_decimal validate_date
264
264
return exists $ENV{'SERVER_SOFTWARE'} ? 1 : 0;
267
sub ssl_require_redirect {
270
# If currently not in a protected SSL
271
# connection, determine if a redirection is
272
# needed based on value in Bugzilla->params->{ssl}.
273
# If we are already in a protected connection or
274
# sslbase is not set then no action is required.
275
if (uc($ENV{'HTTPS'}) ne 'ON'
276
&& $ENV{'SERVER_PORT'} != 443
277
&& Bugzilla->params->{'sslbase'} ne '')
279
# System is configured to never require SSL
280
# so no redirection is needed.
282
if Bugzilla->params->{'ssl'} eq 'never';
284
# System is configured to always require a SSL
285
# connection so we need to redirect.
287
if Bugzilla->params->{'ssl'} eq 'always';
289
# System is configured such that if we are inside
290
# of an authenticated session, then we need to make
291
# sure that all of the connections are over SSL. Non
292
# authenticated sessions SSL is not mandatory.
293
# For XMLRPC requests, if the method is User.login
294
# then we always want the connection to be over SSL
295
# if the system is configured for authenticated
296
# sessions since the user's username and password
297
# will be passed before the user is logged in.
299
if Bugzilla->params->{'ssl'} eq 'authenticated sessions'
300
&& (Bugzilla->user->id
301
|| (defined $method && $method eq 'User.login'));
267
# This exists as a separate function from Bugzilla::CGI::redirect_to_https
268
# because we don't want to create a CGI object during XML-RPC calls
269
# (doing so can mess up XML-RPC).
270
sub do_ssl_redirect_if_required {
271
return if !i_am_cgi();
272
return if !Bugzilla->params->{'ssl_redirect'};
274
my $sslbase = Bugzilla->params->{'sslbase'};
276
# If we're already running under SSL, never redirect.
277
return if uc($ENV{HTTPS} || '') eq 'ON';
278
# Never redirect if there isn't an sslbase.
280
Bugzilla->cgi->redirect_to_https();
307
283
sub correct_urlbase {
308
my $ssl = Bugzilla->params->{'ssl'};
309
return Bugzilla->params->{'urlbase'} if $ssl eq 'never';
284
my $ssl = Bugzilla->params->{'ssl_redirect'};
285
my $urlbase = Bugzilla->params->{'urlbase'};
311
286
my $sslbase = Bugzilla->params->{'sslbase'};
313
return $sslbase if $ssl eq 'always';
314
# Authenticated Sessions
315
return $sslbase if Bugzilla->user->id;
318
# Set to "authenticated sessions" but nobody's logged in, or
320
return Bugzilla->params->{'urlbase'};
288
return ($ssl && $sslbase) ? $sslbase : $urlbase;
323
291
sub use_attachbase {
added
removed
Bugzilla/Util.pm
