From 058fddd1c01d49ee9fe8b70587a088d73f2c8e3c Mon Sep 17 00:00:00 2001
From: Shane Kearns <ext-shane.2.kearns@nokia.com>
Date: Fri, 8 Jun 2012 14:56:11 +0100
Subject: Use RFC6265 rules for cookie path & path matching

Url encoding of paths is no longer used. This matches the
current release behaviour of Firefox, Chrome and MSIE browsers.
RFC6265 does not allow this type of encoding.

This fixes remaining path test cases in the IETF test suite.
Currently the path0027 test is passed by Firefox but failed by
Chrome and MSIE, so there is a potential compatibility issue.
However it is a corner case with a malformed cookie.

Task-number: QTBUG-15794
Change-Id: I9b02bb5adc32d614f512d314d06f2c60894aa2b0
Reviewed-by: Richard J. Moore <rich@kde.org>
---
 src/network/access/qnetworkcookie.cpp | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

(limited to 'src/network/access/qnetworkcookie.cpp')

diff --git a/src/network/access/qnetworkcookie.cpp b/src/network/access/qnetworkcookie.cpp
index 306195addb..5a75dd55e8 100644
--- a/src/network/access/qnetworkcookie.cpp
+++ b/src/network/access/qnetworkcookie.cpp
@@ -466,7 +466,7 @@ QByteArray QNetworkCookie::toRawForm(RawForm form) const
         }
         if (!d->path.isEmpty()) {
             result += "; path=";
-            result += QUrl::toPercentEncoding(d->path, "/");
+            result += d->path.toUtf8();
         }
     }
     return result;
@@ -954,8 +954,15 @@ QList<QNetworkCookie> QNetworkCookiePrivate::parseSetCookieHeaderLine(const QByt
                     }
                     //if unparsed, ignore the attribute but not the whole cookie (RFC6265 section 5.2.2)
                 } else if (field.first == "path") {
-                    QString path = QUrl::fromPercentEncoding(field.second);
-                    cookie.setPath(path);
+                    if (field.second.startsWith('/')) {
+                        // ### we should treat cookie paths as an octet sequence internally
+                        // However RFC6265 says we should assume UTF-8 for presentation as a string
+                        cookie.setPath(QString::fromUtf8(field.second));
+                    } else {
+                        // if the path doesn't start with '/' then set the default path (RFC6265 section 5.2.4)
+                        // and also IETF test case path0030 which has valid and empty path in the same cookie
+                        cookie.setPath(QString());
+                    }
                 } else if (field.first == "secure") {
                     cookie.setSecure(true);
                 } else if (field.first == "httponly") {
-- 
cgit v1.2.3