From 7b287a3861b2b71a31dfea53b5c93a0cb7d99fcc Mon Sep 17 00:00:00 2001 From: Jocelyn Turcotte Date: Tue, 7 Jun 2011 20:14:13 +0200 Subject: Limit the cookies count per domain to 50. This makes it more difficult for a single server to fill the client's cookie jar. All major browsers currently have a similar limit. This patch also modifies the "find already existing cookie" loop to use indexes instead of iterators to match the newly added loop. Reviewed-by: Peter Hartmann --- src/network/access/qnetworkcookiejar.cpp | 27 ++++++++++---- .../qnetworkcookiejar/tst_qnetworkcookiejar.cpp | 41 ++++++++++++++++++++++ 2 files changed, 61 insertions(+), 7 deletions(-) diff --git a/src/network/access/qnetworkcookiejar.cpp b/src/network/access/qnetworkcookiejar.cpp index 291bdec..e49a8e1 100644 --- a/src/network/access/qnetworkcookiejar.cpp +++ b/src/network/access/qnetworkcookiejar.cpp @@ -220,20 +220,33 @@ bool QNetworkCookieJar::setCookiesFromUrl(const QList &cookieLis continue; // not accepted } - QList::Iterator it = d->allCookies.begin(), - end = d->allCookies.end(); - for ( ; it != end; ++it) + for (int i = 0; i < d->allCookies.size(); ++i) { // does this cookie already exist? - if (cookie.name() == it->name() && - cookie.domain() == it->domain() && - cookie.path() == it->path()) { + const QNetworkCookie ¤t = d->allCookies.at(i); + if (cookie.name() == current.name() && + cookie.domain() == current.domain() && + cookie.path() == current.path()) { // found a match - d->allCookies.erase(it); + d->allCookies.removeAt(i); break; } + } // did not find a match if (!isDeletion) { + int countForDomain = 0; + for (int i = d->allCookies.size() - 1; i >= 0; --i) { + // Start from the end and delete the oldest cookies to keep a maximum count of 50. + const QNetworkCookie ¤t = d->allCookies.at(i); + if (isParentDomain(cookie.domain(), current.domain()) + || isParentDomain(current.domain(), cookie.domain())) { + if (countForDomain >= 49) + d->allCookies.removeAt(i); + else + ++countForDomain; + } + } + d->allCookies += cookie; ++added; } diff --git a/tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp b/tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp index d59a510..ef843f3 100644 --- a/tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp +++ b/tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp @@ -52,6 +52,7 @@ private slots: void getterSetter(); void setCookiesFromUrl_data(); void setCookiesFromUrl(); + void setCookiesFromUrl_50CookiesLimitPerDomain(); void cookiesForUrl_data(); void cookiesForUrl(); void effectiveTLDs_data(); @@ -251,6 +252,46 @@ void tst_QNetworkCookieJar::setCookiesFromUrl() QVERIFY2(result.isEmpty(), QTest::toString(result)); } +static bool findCookieName(const QList &cookieList, const QString &name) +{ + foreach(QNetworkCookie cookie, cookieList) + if (cookie.name() == name) + return true; + return false; +} + +void tst_QNetworkCookieJar::setCookiesFromUrl_50CookiesLimitPerDomain() +{ + QNetworkCookie cookie; + cookie.setValue("value"); + MyCookieJar jar; + QUrl url("http://a.b.c.com"); + + for (int i = 0; i < 20; ++i) { + // Add a list of 3 domain-matched cookies on each iteration for a total of 60 cookies. + QList cookieList; + cookie.setName(QString("CookieNo%1").arg(i*3+1).toAscii()); + cookie.setDomain("a.b.c.com"); + cookieList += cookie; + cookie.setName(QString("CookieNo%1").arg(i*3+2).toAscii()); + cookie.setDomain(".b.c.com"); + cookieList += cookie; + cookie.setName(QString("CookieNo%1").arg(i*3+3).toAscii()); + cookie.setDomain(".c.com"); + cookieList += cookie; + jar.setCookiesFromUrl(cookieList, url); + + int expectedNumCookies = std::min((i+1)*3, 50); + QCOMPARE(jar.allCookies().size(), expectedNumCookies); + } + + // Verify that the oldest cookies were the ones overwritten. + QVERIFY(!findCookieName(jar.allCookies(), "CookieNo1")); + QVERIFY(!findCookieName(jar.allCookies(), "CookieNo10")); + QVERIFY(findCookieName(jar.allCookies(), "CookieNo11")); + QVERIFY(findCookieName(jar.allCookies(), "CookieNo60")); +} + void tst_QNetworkCookieJar::cookiesForUrl_data() { QTest::addColumn >("allCookies"); -- cgit v0.12