diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/network/access/qnetworkcookie.cpp | 13 | ||||
-rw-r--r-- | src/network/access/qnetworkcookiejar.cpp | 20 |
2 files changed, 25 insertions, 8 deletions
diff --git a/src/network/access/qnetworkcookie.cpp b/src/network/access/qnetworkcookie.cpp index 306195addb..5a75dd55e8 100644 --- a/src/network/access/qnetworkcookie.cpp +++ b/src/network/access/qnetworkcookie.cpp @@ -466,7 +466,7 @@ QByteArray QNetworkCookie::toRawForm(RawForm form) const } if (!d->path.isEmpty()) { result += "; path="; - result += QUrl::toPercentEncoding(d->path, "/"); + result += d->path.toUtf8(); } } return result; @@ -954,8 +954,15 @@ QList<QNetworkCookie> QNetworkCookiePrivate::parseSetCookieHeaderLine(const QByt } //if unparsed, ignore the attribute but not the whole cookie (RFC6265 section 5.2.2) } else if (field.first == "path") { - QString path = QUrl::fromPercentEncoding(field.second); - cookie.setPath(path); + if (field.second.startsWith('/')) { + // ### we should treat cookie paths as an octet sequence internally + // However RFC6265 says we should assume UTF-8 for presentation as a string + cookie.setPath(QString::fromUtf8(field.second)); + } else { + // if the path doesn't start with '/' then set the default path (RFC6265 section 5.2.4) + // and also IETF test case path0030 which has valid and empty path in the same cookie + cookie.setPath(QString()); + } } else if (field.first == "secure") { cookie.setSecure(true); } else if (field.first == "httponly") { diff --git a/src/network/access/qnetworkcookiejar.cpp b/src/network/access/qnetworkcookiejar.cpp index 9e5dfe0371..b4cf8ce0bf 100644 --- a/src/network/access/qnetworkcookiejar.cpp +++ b/src/network/access/qnetworkcookiejar.cpp @@ -140,11 +140,21 @@ void QNetworkCookieJar::setAllCookies(const QList<QNetworkCookie> &cookieList) static inline bool isParentPath(QString path, QString reference) { - if (!path.endsWith(QLatin1Char('/'))) - path += QLatin1Char('/'); - if (!reference.endsWith(QLatin1Char('/'))) - reference += QLatin1Char('/'); - return path.startsWith(reference); + if (path.startsWith(reference)) { + //The cookie-path and the request-path are identical. + if (path.length() == reference.length()) + return true; + //The cookie-path is a prefix of the request-path, and the last + //character of the cookie-path is %x2F ("/"). + if (reference.endsWith('/')) + return true; + //The cookie-path is a prefix of the request-path, and the first + //character of the request-path that is not included in the cookie- + //path is a %x2F ("/") character. + if (path.at(reference.length()) == '/') + return true; + } + return false; } static inline bool isParentDomain(QString domain, QString reference) |