diff options
author | Peter Hartmann <peter.hartmann@nokia.com> | 2010-05-31 11:08:33 (GMT) |
---|---|---|
committer | Peter Hartmann <peter.hartmann@nokia.com> | 2010-05-31 11:22:05 (GMT) |
commit | 50958288e4493920f18ef9f9b062e01bd4782239 (patch) | |
tree | ae973f751cdcd80fc89c02120e5083a075ee348e | |
parent | c6d82d705e3563a4a97c3c12487026c8df6b571e (diff) | |
download | Qt-50958288e4493920f18ef9f9b062e01bd4782239.zip Qt-50958288e4493920f18ef9f9b062e01bd4782239.tar.gz Qt-50958288e4493920f18ef9f9b062e01bd4782239.tar.bz2 |
QNetworkCookie: do not accept cookies with non-alNum domain
do not accept a cookie whose domain attribute cannot be converted to
an ACE domain.
Reviewed-by: Thiago Macieira
Task-number: QTBUG-11029
-rw-r--r-- | src/network/access/qnetworkcookie.cpp | 2 | ||||
-rw-r--r-- | tests/auto/qnetworkcookie/tst_qnetworkcookie.cpp | 6 |
2 files changed, 8 insertions, 0 deletions
diff --git a/src/network/access/qnetworkcookie.cpp b/src/network/access/qnetworkcookie.cpp index 865d338..d1bdd57 100644 --- a/src/network/access/qnetworkcookie.cpp +++ b/src/network/access/qnetworkcookie.cpp @@ -991,6 +991,8 @@ QList<QNetworkCookie> QNetworkCookiePrivate::parseSetCookieHeaderLine(const QByt } QString normalizedDomain = QUrl::fromAce(QUrl::toAce(QString::fromUtf8(rawDomain))); + if (normalizedDomain.isEmpty() && !rawDomain.isEmpty()) + return result; cookie.setDomain(maybeLeadingDot + normalizedDomain); } else if (field.first == "max-age") { bool ok = false; diff --git a/tests/auto/qnetworkcookie/tst_qnetworkcookie.cpp b/tests/auto/qnetworkcookie/tst_qnetworkcookie.cpp index 5854ae1..72d8eda 100644 --- a/tests/auto/qnetworkcookie/tst_qnetworkcookie.cpp +++ b/tests/auto/qnetworkcookie/tst_qnetworkcookie.cpp @@ -693,6 +693,12 @@ void tst_QNetworkCookie::parseMultipleCookies_data() cookieA.setPath("/foo"); list = QList<QNetworkCookie>() << cookieA << cookieB; QTest::newRow("real-3") << "a=b; expires=Mar 10 07:00:00 2009 GMT, Tue; path=/foo\nc=d; expires=Fri Mar 20 07:00:00 2009 GMT" << list; + + // do not accept cookies with non-alphanumeric characters in domain field (QTBUG-11029) + cookie = QNetworkCookie("NonAlphNumDomName", "NonAlphNumDomValue"); + cookie.setDomain("!@#$%^&*();:."); // the ';' is actually problematic, because it is a separator + list = QList<QNetworkCookie>(); + QTest::newRow("domain-non-alpha-numeric") << "NonAlphNumDomName=NonAlphNumDomValue; domain=!@#$%^&*()" << list; } void tst_QNetworkCookie::parseMultipleCookies() |