diff options
author | Shane Kearns <ext-shane.2.kearns@nokia.com> | 2012-06-08 17:04:35 +0100 |
---|---|---|
committer | Qt by Nokia <qt-info@nokia.com> | 2012-06-27 00:46:35 +0200 |
commit | cf29b7b967e59f08713d6574b754874a900bf6cd (patch) | |
tree | fe0c99bf313f5ee1b34f3945358e80a205c9f785 /src/network | |
parent | 058fddd1c01d49ee9fe8b70587a088d73f2c8e3c (diff) |
Ignore empty domain attribute in cookies
As recommended by RFC6265.
This fixes the optional-domain0042 test case.
Task-number: QTBUG-15794
Change-Id: I6dd459797afcb52fa2a78437f8481f5abc6f3105
Reviewed-by: Richard J. Moore <rich@kde.org>
Diffstat (limited to 'src/network')
-rw-r--r-- | src/network/access/qnetworkcookie.cpp | 27 |
1 files changed, 18 insertions, 9 deletions
diff --git a/src/network/access/qnetworkcookie.cpp b/src/network/access/qnetworkcookie.cpp index 5a75dd55e8..1dd1e25b07 100644 --- a/src/network/access/qnetworkcookie.cpp +++ b/src/network/access/qnetworkcookie.cpp @@ -931,16 +931,25 @@ QList<QNetworkCookie> QNetworkCookiePrivate::parseSetCookieHeaderLine(const QByt cookie.setExpirationDate(dt); } else if (field.first == "domain") { QByteArray rawDomain = field.second; - QString maybeLeadingDot; - if (rawDomain.startsWith('.')) { - maybeLeadingDot = QLatin1Char('.'); - rawDomain = rawDomain.mid(1); - } + //empty domain should be ignored (RFC6265 section 5.2.3) + if (!rawDomain.isEmpty()) { + QString maybeLeadingDot; + if (rawDomain.startsWith('.')) { + maybeLeadingDot = QLatin1Char('.'); + rawDomain = rawDomain.mid(1); + } - QString normalizedDomain = QUrl::fromAce(QUrl::toAce(QString::fromUtf8(rawDomain))); - if (normalizedDomain.isEmpty() && !rawDomain.isEmpty()) - return result; - cookie.setDomain(maybeLeadingDot + normalizedDomain); + //IDN domains are required by RFC6265, accepting utf8 as well doesn't break any test cases. + QString normalizedDomain = QUrl::fromAce(QUrl::toAce(QString::fromUtf8(rawDomain))); + if (!normalizedDomain.isEmpty()) { + cookie.setDomain(maybeLeadingDot + normalizedDomain); + } else { + //Normalization fails for malformed domains, e.g. "..example.org", reject the cookie now + //rather than accepting it but never sending it due to domain match failure, as the + //strict reading of RFC6265 would indicate. + return result; + } + } } else if (field.first == "max-age") { bool ok = false; int secs = field.second.toInt(&ok); |