bug 90644, http and ftp sites share cookies, r=mstoltz, sr=darin

git-svn-id: svn://10.0.0.236/trunk@128404 18797224-902f-48f8-a5cc-f745e15eee43
2002-08-29 00:12:26 +00:00 · 2002-08-29 00:12:26 +00:00 · 548c847807
commit 548c847807
parent 30717f5ad9
1 changed files with 10 additions and 0 deletions
--- a/mozilla/extensions/cookie/nsCookies.cpp
+++ b/mozilla/extensions/cookie/nsCookies.cpp
@ -693,6 +693,11 @@ COOKIE_GetCookie(nsIURI * address) {
  if NS_FAILED(address->SchemeIs("https", &isSecure))
      isSecure = PR_TRUE;

+  /* Don't let ftp sites read cookies (could be a security issue) */
+  PRBool isFtp;
+  if (NS_FAILED(address->SchemeIs("ftp", &isFtp)) || isFtp)
+      return nsnull;
+
  /* search for all cookies */
  if (cookie_list == nsnull) {
    return nsnull;
@ -1070,6 +1075,11 @@ cookie_SetCookieString(nsIURI * curURL, nsIPrompt *aPrompter, const char * setCo
    return;
  }

+  /* Don't let ftp sites set cookies (could be a security issue) */
+  PRBool isFtp;
+  if (NS_FAILED(curURL->SchemeIs("ftp", &isFtp)) || isFtp)
+      return;
+
  rv = curURL->GetPath(cur_path);
  if (NS_FAILED(rv)) {
    return;