Bug 59758 - form submission gives incorrect warning. r=javi,sr=blizzard

2001-08-09 22:26:16 +00:00 · 2001-08-09 22:26:16 +00:00 · ee2c75f35c
--- a/security/manager/ssl/src/nsSecureBrowserUIImpl.cpp
+++ b/security/manager/ssl/src/nsSecureBrowserUIImpl.cpp
@ -239,6 +239,9 @@ nsSecureBrowserUIImpl::Notify(nsIContent* formNode,
  nsCOMPtr<nsIDocument> document;
  formNode->GetDocument(*getter_AddRefs(document));
  if (!document) return NS_OK;
+
+  nsCOMPtr<nsIURI> formURL;
+  document->GetBaseURL(*getter_AddRefs(formURL));
  
  nsCOMPtr<nsIScriptGlobalObject> globalObject;
  document->GetScriptGlobalObject(getter_AddRefs(globalObject));
@ -252,7 +255,7 @@ nsSecureBrowserUIImpl::Notify(nsIContent* formNode,
    return NS_OK;
  
  PRBool okayToPost;
-  nsresult res = CheckPost(actionURL, &okayToPost);
+  nsresult res = CheckPost(formURL, actionURL, &okayToPost);
  
  if (NS_SUCCEEDED(res) && !okayToPost)
    *cancelSubmit = PR_TRUE;
@ -583,26 +586,26 @@ nsSecureBrowserUIImpl::CheckMixedContext(nsISecurityEventSink *eventSink,
 }

 nsresult
-nsSecureBrowserUIImpl::CheckPost(nsIURI *actionURL, PRBool *okayToPost)
+nsSecureBrowserUIImpl::CheckPost(nsIURI *formURL, nsIURI *actionURL, PRBool *okayToPost)
 {
-  PRBool secure;
+  PRBool formSecure,actionSecure;
  *okayToPost = PR_TRUE;

-  nsresult rv = IsURLHTTPS(actionURL, &secure);
+  nsresult rv = IsURLHTTPS(formURL, &formSecure);
+  if (NS_FAILED(rv))
+    return rv;
+
+  rv = IsURLHTTPS(actionURL, &actionSecure);
  if (NS_FAILED(rv))
    return rv;
  
  // if we are posting to a secure link from a secure page, all is okay.
-  if (secure &&
-      (IS_SECURE(mSecurityState) ||
-       mSecurityState == STATE_IS_BROKEN)) {
+  if (actionSecure && formSecure) {
    return NS_OK;
  }
    
  // posting to insecure webpage from a secure webpage.
-  if (!secure && 
-      (IS_SECURE(mSecurityState) ||
-       mSecurityState == STATE_IS_BROKEN)) {
+  if (!actionSecure && formSecure) {
    *okayToPost = ConfirmPostToInsecureFromSecure();
  } else {
    *okayToPost = ConfirmPostToInsecure();
--- a/security/manager/ssl/src/nsSecureBrowserUIImpl.h
+++ b/security/manager/ssl/src/nsSecureBrowserUIImpl.h
@ -88,7 +88,7 @@ protected:
                                      nsIRequest* request, nsIChannel* aChannel);
  nsresult CheckMixedContext(nsISecurityEventSink* sink, nsIRequest* request,
                             nsIChannel* aChannel);
-  nsresult CheckPost(nsIURI *actionURL, PRBool *okayToPost);
+  nsresult CheckPost(nsIURI *formURI, nsIURI *actionURL, PRBool *okayToPost);
  nsresult IsURLHTTPS(nsIURI* aURL, PRBool *value);
  nsresult SetBrokenLockIcon(nsISecurityEventSink* sink, nsIRequest* request,
                             PRBool removeValue = PR_FALSE);