This is where they are used and it is a reminder that they are meant for CGI scripts.

Signed-off-by: Francois Gouget fgouget@codeweavers.com --- testbot/lib/WineTestBot/CGI/PageBase.pm | 49 ++++++++++++++++++++++++- testbot/lib/WineTestBot/Utils.pm | 49 +------------------------ testbot/web/Login.pl | 3 +- 3 files changed, 51 insertions(+), 50 deletions(-)

diff --git a/testbot/lib/WineTestBot/CGI/PageBase.pm b/testbot/lib/WineTestBot/CGI/PageBase.pm index 3073ac220..55e015d58 100644 --- a/testbot/lib/WineTestBot/CGI/PageBase.pm +++ b/testbot/lib/WineTestBot/CGI/PageBase.pm @@ -36,7 +36,7 @@ providing a common banner, navigation menu and cascading style sheets. =cut

use Exporter 'import'; -our @EXPORT = qw(CreatePageBase); +our @EXPORT = qw(CreatePageBase MakeSecureURL);

use Apache2::Const -compile => qw(REDIRECT); use CGI::Cookie; @@ -120,9 +120,54 @@ sub SetRefreshInterval($$)

# -# Session management +# Session management and security #

+=pod +=over 12 + +=item C<SecureConnection()> + +Returns true if the user accessed the website over a secure connection. + +This relies on the web server setting the $HTTPS environment variable for CGI +scripts. + +=back +=cut + +sub SecureConnection() +{ + return defined($ENV{"HTTPS"}) && $ENV{"HTTPS"} eq "on"; +} + +=pod +=over 12 + +=item C<MakeSecureURL()> + +Builds a URL that accesses this website using https if possible. +The parameter should be an absolute path that includes neither the protocol +nor the hostname. + +This relies on the web server setting the $HTTP_HOST environment variable for +CGI scripts. However $HTTP_HOST which may not match the official website +hostname. As such this should only be used for providing URLs back to the user +accessing the website, not for URLs sent to third-parties. + +See also WineTestBot::Utils::MakeOfficialURL(). + +=back +=cut + +sub MakeSecureURL($) +{ + my ($URL) = @_; + + my $Protocol = ($UseSSL || SecureConnection()) ? "https://" : "http://"; + return $Protocol . ($ENV{"HTTP_HOST"} || $WebHostName) . $URL; +} + sub UnsetCookies($) { my ($self) = @_; diff --git a/testbot/lib/WineTestBot/Utils.pm b/testbot/lib/WineTestBot/Utils.pm index 2ebad4597..f24243e90 100644 --- a/testbot/lib/WineTestBot/Utils.pm +++ b/testbot/lib/WineTestBot/Utils.pm @@ -27,7 +27,7 @@ WineTestBot::Utils - Utility functions =cut

use Exporter 'import'; -our @EXPORT = qw(SecureConnection MakeSecureURL MakeOfficialURL GetTaskURL +our @EXPORT = qw(MakeOfficialURL GetTaskURL GenerateRandomString OpenNewFile CreateNewFile CreateNewLink CreateNewDir GetMTime DurationToString BuildEMailRecipient IsValidFileName @@ -46,51 +46,6 @@ use WineTestBot::Config; =pod =over 12

-=item C<SecureConnection()> - -Returns true if the user accessed the website over a secure connection. - -This relies on the web server setting the $HTTPS environment variable for CGI -scripts. - -=back -=cut - -sub SecureConnection() -{ - return defined($ENV{"HTTPS"}) && $ENV{"HTTPS"} eq "on"; -} - -=pod -=over 12 - -=item C<MakeSecureURL()> - -Builds a URL that accesses this website using https if possible. -The parameter should be an absolute path that includes neither the protocol -nor the hostname. - -This relies on the web server setting the $HTTP_HOST environment variable for -CGI scripts. However $HTTP_HOST which may not match the official website -hostname. As such this should only be used for providing URLs back to the user -accessing the website, not for URLs sent to third-parties. - -See also MakeOfficialURL(). - -=back -=cut - -sub MakeSecureURL($) -{ - my ($URL) = @_; - - my $Protocol = ($UseSSL || SecureConnection()) ? "https://" : "http://"; - return $Protocol . ($ENV{"HTTP_HOST"} || $WebHostName) . $URL; -} - -=pod -=over 12 - =item C<MakeOfficialURL()>

Creates a URL pointing to the official website. @@ -101,7 +56,7 @@ This is the method to use in non-CGI scripts and to build URLs sent to any third-party (e.g. via email); where a third party is any user other than the one currently browsing the website.

-See also MakeSecureURL(). +See also WineTestBot::CGI::PageBase::MakeSecureURL().

=back =cut diff --git a/testbot/web/Login.pl b/testbot/web/Login.pl index b1f82a94b..837617d8d 100644 --- a/testbot/web/Login.pl +++ b/testbot/web/Login.pl @@ -25,9 +25,10 @@ use ObjectModel::CGI::FreeFormPage; our @ISA = qw(ObjectModel::CGI::FreeFormPage);

use ObjectModel::BasicPropertyDescriptor; + use WineTestBot::Config; use WineTestBot::Users; -use WineTestBot::Utils; +use WineTestBot::CGI::PageBase; use WineTestBot::CGI::Sessions;