[interchange] Add new AlwaysSecureGlob directive

Jon Jensen interchange-cvs at icdevgroup.org
Tue Mar 28 14:34:02 UTC 2017 

commit b498ab78fabd77784f216e7f1dc050e5da5e52a9
Author: Jon Jensen <jon at endpoint.com>
Date:   Sat Mar 25 13:27:43 2017 -0600

    Add new AlwaysSecureGlob directive
    
    It's not possible to enumerate all the admin URLs or ActionMaps that should be
    generated secure-only, so this new directive allows matching.

 dist/strap/catalog.cfg |    6 ++++++
 lib/Vend/Config.pm     |    5 +++--
 lib/Vend/Util.pm       |   10 +++++++---
 3 files changed, 16 insertions(+), 5 deletions(-)
---
diff --git a/dist/strap/catalog.cfg b/dist/strap/catalog.cfg
index 57210fd..8374525 100644
--- a/dist/strap/catalog.cfg
+++ b/dist/strap/catalog.cfg
@@ -364,6 +364,12 @@ AlwaysSecure   <<EOD
 	query/order_detail
 EOD
 
+AlwaysSecureGlob   <<EOD
+	admin*,
+	cert*,
+	ui*,
+EOD
+
 ## Set this if you have a different secure server
 #AlwaysSecure   order ord/basket process
 
diff --git a/lib/Vend/Config.pm b/lib/Vend/Config.pm
index a6375cb..fbba72b 100644
--- a/lib/Vend/Config.pm
+++ b/lib/Vend/Config.pm
@@ -1,6 +1,6 @@
 # Vend::Config - Configure Interchange
 #
-# Copyright (C) 2002-2016 Interchange Development Group
+# Copyright (C) 2002-2017 Interchange Development Group
 # Copyright (C) 1996-2002 Red Hat, Inc.
 #
 # This program was originally based on Vend 0.2 and 0.3
@@ -54,7 +54,7 @@ use Vend::Data;
 use Vend::Cron;
 use Vend::CharSet ();
 
-$VERSION = '2.248';
+$VERSION = '2.249';
 
 my %CDname;
 my %CPname;
@@ -649,6 +649,7 @@ sub catalog_directives {
 	['OptionsAttribute', undef,     	     ''],
 	['Options',			 'locale',     	     ''],
 	['AlwaysSecure',	 'boolean',  	     ''],
+	['AlwaysSecureGlob', 'list_wildcard_full', ''],
 	['Password',         undef,              ''],
 	['AdminSub',		 'boolean',			 ''],
 	['ExtraSecure',		 'yesno',     	     'No'],
diff --git a/lib/Vend/Util.pm b/lib/Vend/Util.pm
index 2523ce7..7610e42 100644
--- a/lib/Vend/Util.pm
+++ b/lib/Vend/Util.pm
@@ -1,6 +1,6 @@
 # Vend::Util - Interchange utility functions
 #
-# Copyright (C) 2002-2016 Interchange Development Group
+# Copyright (C) 2002-2017 Interchange Development Group
 # Copyright (C) 1996-2002 Red Hat, Inc.
 #
 # This program was originally based on Vend 0.2 and 0.3
@@ -102,7 +102,7 @@ use Vend::Safe;
 use Vend::File;
 use subs qw(logError logGlobal);
 use vars qw($VERSION @EXPORT @EXPORT_OK);
-$VERSION = '2.128';
+$VERSION = '2.129';
 
 my $Eval_routine;
 my $Eval_routine_file;
@@ -1382,7 +1382,11 @@ sub vendUrl {
 		$opt->{secure} = $CGI::secure;
 	}
 
-	if($opt->{secure} or exists $Vend::Cfg->{AlwaysSecure}{$path}) {
+	my $asg = $Vend::Cfg->{AlwaysSecureGlob};
+	if ($opt->{secure}
+		or exists $Vend::Cfg->{AlwaysSecure}{$path}
+		or ($asg and $path =~ $asg)
+	) {
 		$r = $Vend::Cfg->{SecureURL};
 	}

More information about the interchange-cvs mailing list