summaryrefslogtreecommitdiffstats
path: root/src/network/access/qnetworkcookie.cpp
diff options
context:
space:
mode:
authorShane Kearns <ext-shane.2.kearns@nokia.com>2012-06-08 17:04:35 +0100
committerQt by Nokia <qt-info@nokia.com>2012-06-27 00:46:35 +0200
commitcf29b7b967e59f08713d6574b754874a900bf6cd (patch)
treefe0c99bf313f5ee1b34f3945358e80a205c9f785 /src/network/access/qnetworkcookie.cpp
parent058fddd1c01d49ee9fe8b70587a088d73f2c8e3c (diff)
Ignore empty domain attribute in cookies
As recommended by RFC6265. This fixes the optional-domain0042 test case. Task-number: QTBUG-15794 Change-Id: I6dd459797afcb52fa2a78437f8481f5abc6f3105 Reviewed-by: Richard J. Moore <rich@kde.org>
Diffstat (limited to 'src/network/access/qnetworkcookie.cpp')
-rw-r--r--src/network/access/qnetworkcookie.cpp27
1 files changed, 18 insertions, 9 deletions
diff --git a/src/network/access/qnetworkcookie.cpp b/src/network/access/qnetworkcookie.cpp
index 5a75dd55e8..1dd1e25b07 100644
--- a/src/network/access/qnetworkcookie.cpp
+++ b/src/network/access/qnetworkcookie.cpp
@@ -931,16 +931,25 @@ QList<QNetworkCookie> QNetworkCookiePrivate::parseSetCookieHeaderLine(const QByt
cookie.setExpirationDate(dt);
} else if (field.first == "domain") {
QByteArray rawDomain = field.second;
- QString maybeLeadingDot;
- if (rawDomain.startsWith('.')) {
- maybeLeadingDot = QLatin1Char('.');
- rawDomain = rawDomain.mid(1);
- }
+ //empty domain should be ignored (RFC6265 section 5.2.3)
+ if (!rawDomain.isEmpty()) {
+ QString maybeLeadingDot;
+ if (rawDomain.startsWith('.')) {
+ maybeLeadingDot = QLatin1Char('.');
+ rawDomain = rawDomain.mid(1);
+ }
- QString normalizedDomain = QUrl::fromAce(QUrl::toAce(QString::fromUtf8(rawDomain)));
- if (normalizedDomain.isEmpty() && !rawDomain.isEmpty())
- return result;
- cookie.setDomain(maybeLeadingDot + normalizedDomain);
+ //IDN domains are required by RFC6265, accepting utf8 as well doesn't break any test cases.
+ QString normalizedDomain = QUrl::fromAce(QUrl::toAce(QString::fromUtf8(rawDomain)));
+ if (!normalizedDomain.isEmpty()) {
+ cookie.setDomain(maybeLeadingDot + normalizedDomain);
+ } else {
+ //Normalization fails for malformed domains, e.g. "..example.org", reject the cookie now
+ //rather than accepting it but never sending it due to domain match failure, as the
+ //strict reading of RFC6265 would indicate.
+ return result;
+ }
+ }
} else if (field.first == "max-age") {
bool ok = false;
int secs = field.second.toInt(&ok);