diff options
author | Peter Hartmann <peter.hartmann@trolltech.com> | 2009-04-30 16:59:37 +0200 |
---|---|---|
committer | Peter Hartmann <peter.hartmann@trolltech.com> | 2009-05-04 16:26:09 +0200 |
commit | a5c1161fb6bb2a24cebc104bc2a9b8def0a6e466 (patch) | |
tree | 2f38ef2b85d0c4d2a4436e9f9660cb1c3731e3b8 /src/network/access/qnetworkcookie.cpp | |
parent | 0820be4a16f8213ba02e2a2f9fe5df4d1ec6a818 (diff) | |
download | qt4-tools-a5c1161fb6bb2a24cebc104bc2a9b8def0a6e466.tar.gz |
QNetworkCookieJar: do not allow cookies for domains like ".com"
the domain attribute in cookies must always contain one embedded dot,
according to RFC 2109 section 4.3.2
Reviewed-by: Thiago
Task-number: 251467
Diffstat (limited to 'src/network/access/qnetworkcookie.cpp')
-rw-r--r-- | src/network/access/qnetworkcookie.cpp | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/network/access/qnetworkcookie.cpp b/src/network/access/qnetworkcookie.cpp index aaa5075c5a..82c9344ae9 100644 --- a/src/network/access/qnetworkcookie.cpp +++ b/src/network/access/qnetworkcookie.cpp @@ -1197,6 +1197,13 @@ bool QNetworkCookieJar::setCookiesFromUrl(const QList<QNetworkCookie> &cookieLis || isParentDomain(defaultDomain, domain))) { continue; // not accepted } + + // reject if domain is like ".com" + // (i.e., reject if domain does not contain embedded dots, see RFC 2109 section 4.3.2) + // this is just a rudimentary check and does not cover all cases + if (domain.lastIndexOf(QLatin1Char('.')) == 0) + continue; // not accepted + } QList<QNetworkCookie>::Iterator it = d->allCookies.begin(), |