summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPeter Hartmann <peter.hartmann@nokia.com>2010-05-31 11:08:33 (GMT)
committerPeter Hartmann <peter.hartmann@nokia.com>2010-05-31 11:22:05 (GMT)
commit50958288e4493920f18ef9f9b062e01bd4782239 (patch)
treeae973f751cdcd80fc89c02120e5083a075ee348e
parentc6d82d705e3563a4a97c3c12487026c8df6b571e (diff)
downloadQt-50958288e4493920f18ef9f9b062e01bd4782239.zip
Qt-50958288e4493920f18ef9f9b062e01bd4782239.tar.gz
Qt-50958288e4493920f18ef9f9b062e01bd4782239.tar.bz2
QNetworkCookie: do not accept cookies with non-alNum domain
do not accept a cookie whose domain attribute cannot be converted to an ACE domain. Reviewed-by: Thiago Macieira Task-number: QTBUG-11029
-rw-r--r--src/network/access/qnetworkcookie.cpp2
-rw-r--r--tests/auto/qnetworkcookie/tst_qnetworkcookie.cpp6
2 files changed, 8 insertions, 0 deletions
diff --git a/src/network/access/qnetworkcookie.cpp b/src/network/access/qnetworkcookie.cpp
index 865d338..d1bdd57 100644
--- a/src/network/access/qnetworkcookie.cpp
+++ b/src/network/access/qnetworkcookie.cpp
@@ -991,6 +991,8 @@ QList<QNetworkCookie> QNetworkCookiePrivate::parseSetCookieHeaderLine(const QByt
}
QString normalizedDomain = QUrl::fromAce(QUrl::toAce(QString::fromUtf8(rawDomain)));
+ if (normalizedDomain.isEmpty() && !rawDomain.isEmpty())
+ return result;
cookie.setDomain(maybeLeadingDot + normalizedDomain);
} else if (field.first == "max-age") {
bool ok = false;
diff --git a/tests/auto/qnetworkcookie/tst_qnetworkcookie.cpp b/tests/auto/qnetworkcookie/tst_qnetworkcookie.cpp
index 5854ae1..72d8eda 100644
--- a/tests/auto/qnetworkcookie/tst_qnetworkcookie.cpp
+++ b/tests/auto/qnetworkcookie/tst_qnetworkcookie.cpp
@@ -693,6 +693,12 @@ void tst_QNetworkCookie::parseMultipleCookies_data()
cookieA.setPath("/foo");
list = QList<QNetworkCookie>() << cookieA << cookieB;
QTest::newRow("real-3") << "a=b; expires=Mar 10 07:00:00 2009 GMT, Tue; path=/foo\nc=d; expires=Fri Mar 20 07:00:00 2009 GMT" << list;
+
+ // do not accept cookies with non-alphanumeric characters in domain field (QTBUG-11029)
+ cookie = QNetworkCookie("NonAlphNumDomName", "NonAlphNumDomValue");
+ cookie.setDomain("!@#$%^&*();:."); // the ';' is actually problematic, because it is a separator
+ list = QList<QNetworkCookie>();
+ QTest::newRow("domain-non-alpha-numeric") << "NonAlphNumDomName=NonAlphNumDomValue; domain=!@#$%^&*()" << list;
}
void tst_QNetworkCookie::parseMultipleCookies()