From 4454669fc238171239f8a2f202ec7e26e7409776 Mon Sep 17 00:00:00 2001
From: Jocelyn Turcotte <jocelyn.turcotte@nokia.com>
Date: Fri, 6 Nov 2009 13:35:46 +0100
Subject: QNetworkCookie: Add the dot prefix of the domain while adding to the
 jar instead than when parsing the cookie header.

This corrects the bug QT-2379, happening in the following sequence:
parseCookie -> setCookieUrl -> toRawForm -> parseCookie
where a default domain would now also have a dot prefix, and shouldn't.
QT-2379

Reviewed-by: Peter Hartmann
---
 src/network/access/qnetworkcookie.cpp              |  8 ++---
 src/network/access/qnetworkcookiejar.cpp           |  7 ++++
 tests/auto/qnetworkcookie/tst_qnetworkcookie.cpp   | 39 +++++++++-------------
 .../qnetworkcookiejar/tst_qnetworkcookiejar.cpp    | 18 ++++++++--
 4 files changed, 43 insertions(+), 29 deletions(-)

diff --git a/src/network/access/qnetworkcookie.cpp b/src/network/access/qnetworkcookie.cpp
index 73a8703..7dfb7af 100644
--- a/src/network/access/qnetworkcookie.cpp
+++ b/src/network/access/qnetworkcookie.cpp
@@ -984,14 +984,14 @@ QList<QNetworkCookie> QNetworkCookiePrivate::parseSetCookieHeaderLine(const QByt
                     cookie.setExpirationDate(dt);
                 } else if (field.first == "domain") {
                     QByteArray rawDomain = field.second;
+                    QString maybeLeadingDot;
                     if (rawDomain.startsWith('.')) {
+                        maybeLeadingDot = QLatin1Char('.');
                         rawDomain = rawDomain.mid(1);
                     }
+
                     QString normalizedDomain = QUrl::fromAce(QUrl::toAce(QString::fromUtf8(rawDomain)));
-                    // always add the dot, there are some servers that forget the
-                    // leading dot. This is actually forbidden according to RFC 2109,
-                    // but all browsers accept it anyway so we do that as well
-                    cookie.setDomain(QLatin1Char('.') + normalizedDomain);
+                    cookie.setDomain(maybeLeadingDot + normalizedDomain);
                 } else if (field.first == "max-age") {
                     bool ok = false;
                     int secs = field.second.toInt(&ok);
diff --git a/src/network/access/qnetworkcookiejar.cpp b/src/network/access/qnetworkcookiejar.cpp
index 8430966..19f7217 100644
--- a/src/network/access/qnetworkcookiejar.cpp
+++ b/src/network/access/qnetworkcookiejar.cpp
@@ -198,6 +198,13 @@ bool QNetworkCookieJar::setCookiesFromUrl(const QList<QNetworkCookie> &cookieLis
         if (cookie.domain().isEmpty()) {
             cookie.setDomain(defaultDomain);
         } else {
+            // Ensure the domain starts with a dot if its field was not empty
+            // in the HTTP header. There are some servers that forget the
+            // leading dot and this is actually forbidden according to RFC 2109,
+            // but all browsers accept it anyway so we do that as well.
+            if (!cookie.domain().startsWith(QLatin1Char('.')))
+                cookie.setDomain(QLatin1Char('.') + cookie.domain());
+
             QString domain = cookie.domain();
             if (!(isParentDomain(domain, defaultDomain)
                 || isParentDomain(defaultDomain, domain))) {
diff --git a/tests/auto/qnetworkcookie/tst_qnetworkcookie.cpp b/tests/auto/qnetworkcookie/tst_qnetworkcookie.cpp
index 3c4ddd4..94857d7 100644
--- a/tests/auto/qnetworkcookie/tst_qnetworkcookie.cpp
+++ b/tests/auto/qnetworkcookie/tst_qnetworkcookie.cpp
@@ -234,7 +234,7 @@ void tst_QNetworkCookie::parseSingleCookie_data()
     QTest::newRow("path-with-utf8-2") << "a=b;path=/R%C3%A9sum%C3%A9" << cookie;
 
     cookie.setPath(QString());
-    cookie.setDomain(".qt.nokia.com");
+    cookie.setDomain("qt.nokia.com");
     QTest::newRow("plain-domain1") << "a=b;domain=qt.nokia.com" << cookie;
     QTest::newRow("plain-domain2") << "a=b; domain=qt.nokia.com " << cookie;
     QTest::newRow("plain-domain3") << "a=b;domain=QT.NOKIA.COM" << cookie;
@@ -247,32 +247,25 @@ void tst_QNetworkCookie::parseSingleCookie_data()
     QTest::newRow("dot-domain4") << "a=b; Domain = .QT.NOKIA.COM" << cookie;
 
     cookie.setDomain(QString::fromUtf8(".d\303\270gn\303\245pent.troll.no"));
-    QTest::newRow("idn-domain1") << "a=b;domain=xn--dgnpent-gxa2o.troll.no" << cookie;
-    QTest::newRow("idn-domain2") << "a=b;domain=d\303\270gn\303\245pent.troll.no" << cookie;
-    QTest::newRow("idn-domain3") << "a=b;domain=XN--DGNPENT-GXA2O.TROLL.NO" << cookie;
-    QTest::newRow("idn-domain4") << "a=b;domain=D\303\230GN\303\205PENT.troll.NO" << cookie;
-    QTest::newRow("idn-domain5") << "a=b;domain = D\303\230GN\303\205PENT.troll.NO" << cookie;
-
-    cookie.setDomain(QString::fromUtf8(".d\303\270gn\303\245pent.troll.no"));
-    QTest::newRow("dot-idn-domain1") << "a=b;domain=.xn--dgnpent-gxa2o.troll.no" << cookie;
-    QTest::newRow("dot-idn-domain2") << "a=b;domain=.d\303\270gn\303\245pent.troll.no" << cookie;
-    QTest::newRow("dot-idn-domain3") << "a=b;domain=.XN--DGNPENT-GXA2O.TROLL.NO" << cookie;
-    QTest::newRow("dot-idn-domain4") << "a=b;domain=.D\303\230GN\303\205PENT.troll.NO" << cookie;
+    QTest::newRow("idn-domain1") << "a=b;domain=.xn--dgnpent-gxa2o.troll.no" << cookie;
+    QTest::newRow("idn-domain2") << "a=b;domain=.d\303\270gn\303\245pent.troll.no" << cookie;
+    QTest::newRow("idn-domain3") << "a=b;domain=.XN--DGNPENT-GXA2O.TROLL.NO" << cookie;
+    QTest::newRow("idn-domain4") << "a=b;domain=.D\303\230GN\303\205PENT.troll.NO" << cookie;
 
     cookie.setDomain(".qt.nokia.com");
     cookie.setPath("/");
-    QTest::newRow("two-fields") << "a=b;domain=qt.nokia.com;path=/" << cookie;
-    QTest::newRow("two-fields2") << "a=b; domain=qt.nokia.com; path=/" << cookie;
-    QTest::newRow("two-fields3") << "a=b;   domain=qt.nokia.com ; path=/ " << cookie;
-    QTest::newRow("two-fields4") << "a=b;path=/; domain=qt.nokia.com" << cookie;
-    QTest::newRow("two-fields5") << "a=b; path=/  ;   domain=qt.nokia.com" << cookie;
-    QTest::newRow("two-fields6") << "a=b; path= /  ;   domain =qt.nokia.com" << cookie;
+    QTest::newRow("two-fields") << "a=b;domain=.qt.nokia.com;path=/" << cookie;
+    QTest::newRow("two-fields2") << "a=b; domain=.qt.nokia.com; path=/" << cookie;
+    QTest::newRow("two-fields3") << "a=b;   domain=.qt.nokia.com ; path=/ " << cookie;
+    QTest::newRow("two-fields4") << "a=b;path=/; domain=.qt.nokia.com" << cookie;
+    QTest::newRow("two-fields5") << "a=b; path=/  ;   domain=.qt.nokia.com" << cookie;
+    QTest::newRow("two-fields6") << "a=b; path= /  ;   domain =.qt.nokia.com" << cookie;
 
     cookie.setSecure(true);
-    QTest::newRow("three-fields") << "a=b;domain=qt.nokia.com;path=/;secure" << cookie;
-    QTest::newRow("three-fields2") << "a=b;secure;path=/;domain=qt.nokia.com" << cookie;
-    QTest::newRow("three-fields3") << "a=b;secure;domain=qt.nokia.com; path=/" << cookie;
-    QTest::newRow("three-fields4") << "a = b;secure;domain=qt.nokia.com; path=/" << cookie;
+    QTest::newRow("three-fields") << "a=b;domain=.qt.nokia.com;path=/;secure" << cookie;
+    QTest::newRow("three-fields2") << "a=b;secure;path=/;domain=.qt.nokia.com" << cookie;
+    QTest::newRow("three-fields3") << "a=b;secure;domain=.qt.nokia.com; path=/" << cookie;
+    QTest::newRow("three-fields4") << "a = b;secure;domain=.qt.nokia.com; path=/" << cookie;
 
     cookie = QNetworkCookie();
     cookie.setName("a");
@@ -664,7 +657,7 @@ void tst_QNetworkCookie::parseMultipleCookies_data()
     cookie.setName("baz");
     cookie.setDomain(".qt.nokia.com");
     list.prepend(cookie);
-    QTest::newRow("complex-2") << "baz=bar; path=/; domain=qt.nokia.com, c=d,a=,foo=bar; path=/" << list;
+    QTest::newRow("complex-2") << "baz=bar; path=/; domain=.qt.nokia.com, c=d,a=,foo=bar; path=/" << list;
 
     // cookies obtained from the network:
     cookie = QNetworkCookie("id", "51706646077999719");
diff --git a/tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp b/tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp
index 9b9c56a..ff7e78e 100644
--- a/tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp
+++ b/tests/auto/qnetworkcookiejar/tst_qnetworkcookiejar.cpp
@@ -120,7 +120,7 @@ void tst_QNetworkCookieJar::setCookiesFromUrl_data()
 
     cookie.setName("a");
     cookie.setPath("/");
-    cookie.setDomain("www.foo.tld");
+    cookie.setDomain(".foo.tld");
     result += cookie;
     QTest::newRow("just-add") << preset << cookie << "http://www.foo.tld" << result << true;
 
@@ -148,6 +148,20 @@ void tst_QNetworkCookieJar::setCookiesFromUrl_data()
     cookie.setPath("/");
     QTest::newRow("diff-path-order") << preset << cookie << "http://www.foo.tld" << result << true;
 
+    preset.clear();
+    result.clear();
+    QNetworkCookie finalCookie = cookie;
+    cookie.setDomain("foo.tld");
+    finalCookie.setDomain(".foo.tld");
+    result += finalCookie;
+    QTest::newRow("should-add-dot-prefix") << preset << cookie << "http://www.foo.tld" << result << true;
+
+    result.clear();
+    cookie.setDomain("");
+    finalCookie.setDomain("www.foo.tld");
+    result += finalCookie;
+    QTest::newRow("should-set-default-domain") << preset << cookie << "http://www.foo.tld" << result << true;
+
     // security test:
     result.clear();
     preset.clear();
@@ -159,7 +173,7 @@ void tst_QNetworkCookieJar::setCookiesFromUrl_data()
     QTest::newRow("security-path-1") << preset << cookie << "http://www.foo.tld" << result << false;
 
     // setting the defaults:
-    QNetworkCookie finalCookie = cookie;
+    finalCookie = cookie;
     finalCookie.setPath("/something/");
     cookie.setPath("");
     cookie.setDomain("");
-- 
cgit v0.12