From 548c8478073accbfda7c14111fa44751c7dba17d Mon Sep 17 00:00:00 2001
From: "morse%netscape.com"
 <morse%netscape.com@18797224-902f-48f8-a5cc-f745e15eee43>
Date: Thu, 29 Aug 2002 00:12:26 +0000
Subject: [PATCH] bug 90644, http and ftp sites share cookies, r=mstoltz,
 sr=darin

git-svn-id: svn://10.0.0.236/trunk@128404 18797224-902f-48f8-a5cc-f745e15eee43
---
 mozilla/extensions/cookie/nsCookies.cpp | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/mozilla/extensions/cookie/nsCookies.cpp b/mozilla/extensions/cookie/nsCookies.cpp
index 39d31d41623..9d8390f1a54 100644
--- a/mozilla/extensions/cookie/nsCookies.cpp
+++ b/mozilla/extensions/cookie/nsCookies.cpp
@@ -693,6 +693,11 @@ COOKIE_GetCookie(nsIURI * address) {
   if NS_FAILED(address->SchemeIs("https", &isSecure))
       isSecure = PR_TRUE;
 
+  /* Don't let ftp sites read cookies (could be a security issue) */
+  PRBool isFtp;
+  if (NS_FAILED(address->SchemeIs("ftp", &isFtp)) || isFtp)
+      return nsnull;
+
   /* search for all cookies */
   if (cookie_list == nsnull) {
     return nsnull;
@@ -1070,6 +1075,11 @@ cookie_SetCookieString(nsIURI * curURL, nsIPrompt *aPrompter, const char * setCo
     return;
   }
 
+  /* Don't let ftp sites set cookies (could be a security issue) */
+  PRBool isFtp;
+  if (NS_FAILED(curURL->SchemeIs("ftp", &isFtp)) || isFtp)
+      return;
+
   rv = curURL->GetPath(cur_path);
   if (NS_FAILED(rv)) {
     return;