summaryrefslogtreecommitdiffstats
path: root/src/network/access/qnetworkcookie.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/network/access/qnetworkcookie.cpp')
-rw-r--r--src/network/access/qnetworkcookie.cpp491
1 files changed, 424 insertions, 67 deletions
diff --git a/src/network/access/qnetworkcookie.cpp b/src/network/access/qnetworkcookie.cpp
index 54497c3..e31621c 100644
--- a/src/network/access/qnetworkcookie.cpp
+++ b/src/network/access/qnetworkcookie.cpp
@@ -49,6 +49,7 @@
#include "QtCore/qlist.h"
#include "QtCore/qlocale.h"
#include "QtCore/qstring.h"
+#include "QtCore/qstringlist.h"
#include "QtCore/qurl.h"
#include "private/qobject_p.h"
@@ -200,7 +201,7 @@ bool QNetworkCookie::operator==(const QNetworkCookie &other) const
return true;
return d->name == other.d->name &&
d->value == other.d->value &&
- d->expirationDate == other.d->expirationDate &&
+ d->expirationDate.toUTC() == other.d->expirationDate.toUTC() &&
d->domain == other.d->domain &&
d->path == other.d->path &&
d->secure == other.d->secure &&
@@ -550,6 +551,392 @@ QByteArray QNetworkCookie::toRawForm(RawForm form) const
return result;
}
+static const char zones[] =
+ "pst\0" // -8
+ "pdt\0"
+ "mst\0" // -7
+ "mdt\0"
+ "cst\0" // -6
+ "cdt\0"
+ "est\0" // -5
+ "edt\0"
+ "ast\0" // -4
+ "nst\0" // -3
+ "gmt\0" // 0
+ "utc\0"
+ "bst\0"
+ "met\0" // 1
+ "eet\0" // 2
+ "jst\0" // 9
+ "\0";
+static int zoneOffsets[] = {-8, -8, -7, -7, -6, -6, -5, -5, -4, -3, 0, 0, 0, 1, 2, 9 };
+
+static const char months[] =
+ "jan\0"
+ "feb\0"
+ "mar\0"
+ "apr\0"
+ "may\0"
+ "jun\0"
+ "jul\0"
+ "aug\0"
+ "sep\0"
+ "oct\0"
+ "nov\0"
+ "dec\0"
+ "\0";
+
+static inline bool isNumber(char s)
+{ return s >= '0' && s <= '9'; }
+
+static inline bool isTerminator(char c)
+{ return c == '\n' || c == '\r'; }
+
+static inline bool isValueSeparator(char c)
+{ return isTerminator(c) || c == ';'; }
+
+static inline bool isWhitespace(char c)
+{ return c == ' ' || c == '\t'; }
+
+static bool checkStaticArray(int &val, const QByteArray &dateString, int at, const char *array, int size)
+{
+ if (dateString[at] < 'a' || dateString[at] > 'z')
+ return false;
+ if (val == -1 && dateString.length() >= at + 3) {
+ int j = 0;
+ int i = 0;
+ while (i <= size) {
+ const char *str = array + i;
+ if (str[0] == dateString[at]
+ && str[1] == dateString[at + 1]
+ && str[2] == dateString[at + 2]) {
+ val = j;
+ return true;
+ }
+ i += strlen(str) + 1;
+ ++j;
+ }
+ }
+ return false;
+}
+
+//#define PARSEDATESTRINGDEBUG
+
+#define ADAY 1
+#define AMONTH 2
+#define AYEAR 4
+
+/*
+ Parse all the date formats that Firefox can.
+
+ The official format is:
+ expires=ddd(d)?, dd-MMM-yyyy hh:mm:ss GMT
+
+ But browsers have been supporting a very wide range of date
+ strings. To work on many sites we need to support more then
+ just the official date format.
+
+ For reference see Firefox's PR_ParseTimeStringToExplodedTime in
+ prtime.c. The Firefox date parser is coded in a very complex way
+ and is slightly over ~700 lines long. While this implementation
+ will be slightly slower for the non standard dates it is smaller,
+ more readable, and maintainable.
+
+ Or in their own words:
+ "} // else what the hell is this."
+*/
+static QDateTime parseDateString(const QByteArray &dateString)
+{
+ QTime time;
+ // placeholders for values when we are not sure it is a year, month or day
+ int unknown[3] = {-1, -1, -1};
+ int month = -1;
+ int day = -1;
+ int year = -1;
+ int zoneOffset = -1;
+
+ // hour:minute:second.ms pm
+ QRegExp timeRx(QLatin1String("(\\d{1,2}):(\\d{1,2})(:(\\d{1,2})|)(\\.(\\d{1,3})|)((\\s{0,}(am|pm))|)"));
+
+ int at = 0;
+ while (at < dateString.length()) {
+#ifdef PARSEDATESTRINGDEBUG
+ qDebug() << dateString.mid(at);
+#endif
+ bool isNum = isNumber(dateString[at]);
+
+ // Month
+ if (!isNum
+ && checkStaticArray(month, dateString, at, months, sizeof(months)- 1)) {
+ ++month;
+#ifdef PARSEDATESTRINGDEBUG
+ qDebug() << "Month:" << month;
+#endif
+ at += 3;
+ continue;
+ }
+ // Zone
+ if (!isNum
+ && zoneOffset == -1
+ && checkStaticArray(zoneOffset, dateString, at, zones, sizeof(zones)- 1)) {
+ int sign = (at >= 0 && dateString[at - 1] == '-') ? -1 : 1;
+ zoneOffset = sign * zoneOffsets[zoneOffset] * 60 * 60;
+#ifdef PARSEDATESTRINGDEBUG
+ qDebug() << "Zone:" << month;
+#endif
+ at += 3;
+ continue;
+ }
+ // Zone offset
+ if (!isNum
+ && (zoneOffset == -1 || zoneOffset == 0) // Can only go after gmt
+ && (dateString[at] == '+' || dateString[at] == '-')
+ && (at == 0
+ || isWhitespace(dateString[at - 1])
+ || dateString[at - 1] == ','
+ || (at >= 3
+ && (dateString[at - 3] == 'g')
+ && (dateString[at - 2] == 'm')
+ && (dateString[at - 1] == 't')))) {
+
+ int end = 1;
+ while (end < 5 && dateString.length() > at+end
+ && dateString[at + end] >= '0' && dateString[at + end] <= '9')
+ ++end;
+ int minutes = 0;
+ int hours = 0;
+ switch (end - 1) {
+ case 4:
+ minutes = atoi(dateString.mid(at + 3, 2).constData());
+ // fall through
+ case 2:
+ hours = atoi(dateString.mid(at + 1, 2).constData());
+ break;
+ case 1:
+ hours = atoi(dateString.mid(at + 1, 1).constData());
+ break;
+ default:
+ at += end;
+ continue;
+ }
+ if (end != 1) {
+ int sign = dateString[at] == '-' ? -1 : 1;
+ zoneOffset = sign * ((minutes * 60) + (hours * 60 * 60));
+#ifdef PARSEDATESTRINGDEBUG
+ qDebug() << "Zone offset:" << zoneOffset << hours << minutes;
+#endif
+ at += end;
+ continue;
+ }
+ }
+
+ // Time
+ if (isNum && time.isNull()
+ && dateString.length() >= at + 3
+ && (dateString[at + 2] == ':' || dateString[at + 1] == ':')) {
+ // While the date can be found all over the string the format
+ // for the time is set and a nice regexp can be used.
+ int pos = timeRx.indexIn(QLatin1String(dateString), at);
+ if (pos != -1) {
+ QStringList list = timeRx.capturedTexts();
+ int h = atoi(list.at(1).toLatin1().constData());
+ int m = atoi(list.at(2).toLatin1().constData());
+ int s = atoi(list.at(4).toLatin1().constData());
+ int ms = atoi(list.at(6).toLatin1().constData());
+ if (h < 12 && !list.at(9).isEmpty())
+ if (list.at(9) == QLatin1String("pm"))
+ h += 12;
+ time = QTime(h, m, s, ms);
+#ifdef PARSEDATESTRINGDEBUG
+ qDebug() << "Time:" << list << timeRx.matchedLength();
+#endif
+ at += timeRx.matchedLength();
+ continue;
+ }
+ }
+
+ // 4 digit Year
+ if (isNum
+ && year == -1
+ && dateString.length() >= at + 3) {
+ if (isNumber(dateString[at + 1])
+ && isNumber(dateString[at + 2])
+ && isNumber(dateString[at + 3])) {
+ year = atoi(dateString.mid(at, 4).constData());
+ at += 4;
+#ifdef PARSEDATESTRINGDEBUG
+ qDebug() << "Year:" << year;
+#endif
+ continue;
+ }
+ }
+
+ // a one or two digit number
+ // Could be month, day or year
+ if (isNum) {
+ int length = 1;
+ if (dateString.length() > at + 1
+ && isNumber(dateString[at + 1]))
+ ++length;
+ int x = atoi(dateString.mid(at, length).constData());
+ if (year == -1 && (x > 31 || x == 0)) {
+ year = x;
+ } else {
+ if (unknown[0] == -1) unknown[0] = x;
+ else if (unknown[1] == -1) unknown[1] = x;
+ else if (unknown[2] == -1) unknown[2] = x;
+ }
+ at += length;
+#ifdef PARSEDATESTRINGDEBUG
+ qDebug() << "Saving" << x;
+#endif
+ continue;
+ }
+
+ // Unknown character, typically a weekday such as 'Mon'
+ ++at;
+ }
+
+ // Once we are done parsing the string take the digits in unknown
+ // and determine which is the unknown year/month/day
+
+ int couldBe[3] = { 0, 0, 0 };
+ int unknownCount = 3;
+ for (int i = 0; i < unknownCount; ++i) {
+ if (unknown[i] == -1) {
+ couldBe[i] = ADAY | AYEAR | AMONTH;
+ unknownCount = i;
+ continue;
+ }
+
+ if (unknown[i] >= 1)
+ couldBe[i] = ADAY;
+
+ if (month == -1 && unknown[i] >= 1 && unknown[i] <= 12)
+ couldBe[i] |= AMONTH;
+
+ if (year == -1)
+ couldBe[i] |= AYEAR;
+ }
+
+ // For any possible day make sure one of the values that could be a month
+ // can contain that day.
+ // For any possible month make sure one of the values that can be a
+ // day that month can have.
+ // Example: 31 11 06
+ // 31 can't be a day because 11 and 6 don't have 31 days
+ for (int i = 0; i < unknownCount; ++i) {
+ int currentValue = unknown[i];
+ bool findMatchingMonth = couldBe[i] & ADAY && currentValue >= 29;
+ bool findMatchingDay = couldBe[i] & AMONTH;
+ if (!findMatchingMonth || !findMatchingDay)
+ continue;
+ for (int j = 0; j < 3; ++j) {
+ if (j == i)
+ continue;
+ for (int k = 0; k < 2; ++k) {
+ if (k == 0 && !(findMatchingMonth && (couldBe[j] & AMONTH)))
+ continue;
+ else if (k == 1 && !(findMatchingDay && (couldBe[j] & ADAY)))
+ continue;
+ int m = currentValue;
+ int d = unknown[j];
+ if (k == 0)
+ qSwap(m, d);
+ if (m == -1) m = month;
+ bool found = true;
+ switch(m) {
+ case 2:
+ // When we get 29 and the year ends up having only 28
+ // See date.isValid below
+ // Example: 29 23 Feb
+ if (d <= 29)
+ found = false;
+ break;
+ case 4: case 6: case 9: case 11:
+ if (d <= 30)
+ found = false;
+ break;
+ default:
+ if (d > 0 && d <= 31)
+ found = false;
+ }
+ if (k == 0) findMatchingMonth = found;
+ else if (k == 1) findMatchingDay = found;
+ }
+ }
+ if (findMatchingMonth)
+ couldBe[i] &= ~ADAY;
+ if (findMatchingDay)
+ couldBe[i] &= ~AMONTH;
+ }
+
+ // First set the year/month/day that have been deduced
+ // and reduce the set as we go along to deduce more
+ for (int i = 0; i < unknownCount; ++i) {
+ int unset = 0;
+ for (int j = 0; j < 3; ++j) {
+ if (couldBe[j] == ADAY && day == -1) {
+ day = unknown[j];
+ unset |= ADAY;
+ } else if (couldBe[j] == AMONTH && month == -1) {
+ month = unknown[j];
+ unset |= AMONTH;
+ } else if (couldBe[j] == AYEAR && year == -1) {
+ year = unknown[j];
+ unset |= AYEAR;
+ } else {
+ // common case
+ break;
+ }
+ couldBe[j] &= ~unset;
+ }
+ }
+
+ // Now fallback to a standardized order to fill in the rest with
+ for (int i = 0; i < unknownCount; ++i) {
+ if (couldBe[i] & AMONTH && month == -1) month = unknown[i];
+ else if (couldBe[i] & ADAY && day == -1) day = unknown[i];
+ else if (couldBe[i] & AYEAR && year == -1) year = unknown[i];
+ }
+#ifdef PARSEDATESTRINGDEBUG
+ qDebug() << "Final set" << year << month << day;
+#endif
+
+ if (year == -1 || month == -1 || day == -1) {
+#ifdef PARSEDATESTRINGDEBUG
+ qDebug() << "Parser failure" << year << month << day;
+#endif
+ return QDateTime();
+ }
+
+ // Y2k behavior
+ int y2k = 0;
+ if (year < 70)
+ y2k = 2000;
+ else if (year < 100)
+ y2k = 1900;
+
+ QDate date(year + y2k, month, day);
+
+ // When we were given a bad cookie that when parsed
+ // set the day to 29 and the year to one that doesn't
+ // have the 29th of Feb rather then adding the extra
+ // complicated checking earlier just swap here.
+ // Example: 29 23 Feb
+ if (!date.isValid())
+ date = QDate(day + y2k, month, year);
+
+ QDateTime dateTime(date, time, Qt::UTC);
+
+ if (zoneOffset != -1) {
+ dateTime = dateTime.addSecs(zoneOffset);
+ }
+ if (!dateTime.isValid())
+ return QDateTime();
+ return dateTime;
+}
+
/*!
Parses the cookie string \a cookieString as received from a server
response in the "Set-Cookie:" header. If there's a parsing error,
@@ -563,6 +950,17 @@ QByteArray QNetworkCookie::toRawForm(RawForm form) const
*/
QList<QNetworkCookie> QNetworkCookie::parseCookies(const QByteArray &cookieString)
{
+ // cookieString can be a number of set-cookie header strings joined together
+ // by \n, parse each line separately.
+ QList<QNetworkCookie> cookies;
+ QList<QByteArray> list = cookieString.split('\n');
+ for (int a = 0; a < list.size(); a++)
+ cookies += QNetworkCookiePrivate::parseSetCookieHeaderLine(list.at(a));
+ return cookies;
+}
+
+QList<QNetworkCookie> QNetworkCookiePrivate::parseSetCookieHeaderLine(const QByteArray &cookieString)
+{
// According to http://wp.netscape.com/newsref/std/cookie_spec.html,<
// the Set-Cookie response header is of the format:
//
@@ -584,13 +982,13 @@ QList<QNetworkCookie> QNetworkCookie::parseCookies(const QByteArray &cookieStrin
QPair<QByteArray,QByteArray> field = nextField(cookieString, position);
if (field.first.isEmpty() || field.second.isNull())
// parsing error
- return QList<QNetworkCookie>();
+ break;
cookie.setName(field.first);
cookie.setValue(field.second);
position = nextNonWhitespace(cookieString, position);
bool endOfCookie = false;
- while (!endOfCookie && position < length)
+ while (!endOfCookie && position < length) {
switch (cookieString.at(position++)) {
case ',':
// end of the cookie
@@ -603,81 +1001,34 @@ QList<QNetworkCookie> QNetworkCookie::parseCookies(const QByteArray &cookieStrin
field.first = field.first.toLower(); // everything but the NAME=VALUE is case-insensitive
if (field.first == "expires") {
- static const char dateFormats[] =
- "d-MMM-yyyy hh:mm:ss\0"
- "d MMM yyyy hh:mm:ss\0"
- "d-MMM-yy hh:mm:ss\0"
- "\0";
-
- // expires is a special case because it contains a naked comma
- // and naked spaces. The format is:
- // expires=ddd(d)?, dd-MMM-yyyy hh:mm:ss GMT
- // but we also accept standard HTTP dates
-
- // make sure we're at the comma
- if (position >= length || cookieString.at(position) != ',')
- // invalid cookie string
- return QList<QNetworkCookie>();
-
- ++position;
+ position -= field.second.length();
int end;
for (end = position; end < length; ++end)
- if (cookieString.at(end) == ',' || cookieString.at(end) == ';')
+ if (isValueSeparator(cookieString.at(end)))
break;
- QByteArray datestring = cookieString.mid(position, end - position).trimmed();
+ QByteArray dateString = cookieString.mid(position, end - position).trimmed();
position = end;
- if (datestring.endsWith(" GMT") || datestring.endsWith(" UTC"))
- datestring.chop(4);
- else if (datestring.endsWith(" +0000"))
- datestring.chop(6);
-
- size_t i = 0;
- int j = 0;
- QLocale cLocale = QLocale::c();
- QDateTime dt;
- do {
- QLatin1String df(dateFormats + i);
- i += strlen(dateFormats + i) + 1;
-
-#ifndef QT_NO_DATESTRING
- dt = cLocale.toDateTime(QString::fromLatin1(datestring), df);
-
- // some cookies are set with a two-digit year
- // (although this is not allowed); this is interpreted as a year
- // in the 20th century by QDateTime.
- // Work around this case here (assuming 00-69 is 21st century,
- // 70-99 is 20th century)
- QDate date = dt.date();
- if (j == 2 && date.year() >= 1900 && date.year() < 1970)
- dt = dt.addYears(100);
- if (date.year() >= 0 && date.year() < 100)
- dt = dt.addYears(1900);
-#endif
- j++;
- } while (!dt.isValid() && i <= sizeof dateFormats - 1);
- if (!dt.isValid())
- // invalid cookie string
- return QList<QNetworkCookie>();
-
- dt.setTimeSpec(Qt::UTC);
+ QDateTime dt = parseDateString(dateString.toLower());
+ if (!dt.isValid()) {
+ return result;
+ }
cookie.setExpirationDate(dt);
} else if (field.first == "domain") {
QByteArray rawDomain = field.second;
- QString maybeLeadingDot;
if (rawDomain.startsWith('.')) {
- maybeLeadingDot = QLatin1Char('.');
rawDomain = rawDomain.mid(1);
}
-
QString normalizedDomain = QUrl::fromAce(QUrl::toAce(QString::fromUtf8(rawDomain)));
- cookie.setDomain(maybeLeadingDot + normalizedDomain);
+ // always add the dot, there are some servers that forget the
+ // leading dot. This is actually forbidden according to RFC 2109,
+ // but all browsers accept it anyway so we do that as well
+ cookie.setDomain(QLatin1Char('.') + normalizedDomain);
} else if (field.first == "max-age") {
bool ok = false;
int secs = field.second.toInt(&ok);
if (!ok)
- // invalid cookie string
- return QList<QNetworkCookie>();
+ return result;
cookie.setExpirationDate(now.addSecs(secs));
} else if (field.first == "path") {
QString path = QUrl::fromPercentEncoding(field.second);
@@ -691,9 +1042,7 @@ QList<QNetworkCookie> QNetworkCookie::parseCookies(const QByteArray &cookieStrin
} else if (field.first == "version") {
if (field.second != "1") {
// oops, we don't know how to handle this cookie
- cookie = QNetworkCookie();
- endOfCookie = true;
- continue;
+ return result;
}
} else {
// got an unknown field in the cookie
@@ -702,8 +1051,10 @@ QList<QNetworkCookie> QNetworkCookie::parseCookies(const QByteArray &cookieStrin
position = nextNonWhitespace(cookieString, position);
}
+ }
- result += cookie;
+ if (!cookie.name().isEmpty())
+ result += cookie;
}
return result;
@@ -869,7 +1220,6 @@ bool QNetworkCookieJar::setCookiesFromUrl(const QList<QNetworkCookie> &cookieLis
cookie.expirationDate() < now;
// validate the cookie & set the defaults if unset
- // (RFC 2965: "The request-URI MUST path-match the Path attribute of the cookie.")
if (cookie.path().isEmpty())
cookie.setPath(defaultPath);
else if (!isParentPath(pathAndFileName, cookie.path()))
@@ -883,6 +1233,13 @@ bool QNetworkCookieJar::setCookiesFromUrl(const QList<QNetworkCookie> &cookieLis
|| isParentDomain(defaultDomain, domain))) {
continue; // not accepted
}
+
+ // reject if domain is like ".com"
+ // (i.e., reject if domain does not contain embedded dots, see RFC 2109 section 4.3.2)
+ // this is just a rudimentary check and does not cover all cases
+ if (domain.lastIndexOf(QLatin1Char('.')) == 0)
+ continue; // not accepted
+
}
QList<QNetworkCookie>::Iterator it = d->allCookies.begin(),