// // This function advices whether a single KHttpCookie object should // be added to the cookie jar. // KCookieAdvice KCookieJar::cookieAdvice(KHttpCookiePtr cookiePtr) { if (m_rejectCrossDomainCookies && cookiePtr->isCrossDomain()) return KCookieReject; QStringList domains; extractDomains(cookiePtr->host(), domains); // If the cookie specifies a domain, check whether it is valid. Otherwise, // accept the cookie anyways but remove the domain="" value to prevent // cross-site cookie injection. if (!cookiePtr->domain().isEmpty()) { if (!domains.contains(cookiePtr->domain()) && !cookiePtr->domain().endsWith("."+cookiePtr->host())) cookiePtr->fixDomain(QString::null); } if (m_autoAcceptSessionCookies && (cookiePtr->expireDate() == 0 || m_ignoreCookieExpirationDate)) return KCookieAccept; KCookieAdvice advice = KCookieDunno; bool isFQDN = true; // First is FQDN QStringList::Iterator it = domains.begin(); // Start with FQDN which first in the list. while( (advice == KCookieDunno) && (it != domains.end())) { QString domain = *it; // Check if a policy for the FQDN/domain is set. if ( domain[0] == '.' || isFQDN ) { isFQDN = false; KHttpCookieList *cookieList = m_cookieDomains[domain]; if (cookieList) advice = cookieList->getAdvice(); } domains.remove(it); it = domains.begin(); // Continue from begin of remaining list } if (advice == KCookieDunno) advice = m_globalAdvice; return advice; }
// // Looks for cookies in the cookie jar which are appropriate for _url. // Returned is a string containing all appropriate cookies in a format // which can be added to a HTTP-header without any additional processing. // QString KCookieJar::findCookies(const QString &_url, bool useDOMFormat, long windowId, KHttpCookieList *pendingCookies) { QString cookieStr; QStringList domains; QString fqdn; QString path; KHttpCookiePtr cookie; KCookieAdvice advice = m_globalAdvice; if (!parseURL(_url, fqdn, path)) return cookieStr; bool secureRequest = (_url.find( L1("https://"), 0, false) == 0 || _url.find( L1("webdavs://"), 0, false) == 0); // kdDebug(7104) << "findCookies: URL= " << _url << ", secure = " << secureRequest << endl; extractDomains(fqdn, domains); KHttpCookieList allCookies; for(QStringList::ConstIterator it = domains.begin(); true; ++it) { KHttpCookieList *cookieList; if (it == domains.end()) { cookieList = pendingCookies; // Add pending cookies pendingCookies = 0; if (!cookieList) break; } else { QString key = (*it).isNull() ? L1("") : (*it); cookieList = m_cookieDomains[key]; if (!cookieList) continue; // No cookies for this domain } if (cookieList->getAdvice() != KCookieDunno) advice = cookieList->getAdvice(); for ( cookie=cookieList->first(); cookie != 0; cookie=cookieList->next() ) { // If the we are setup to automatically accept all session cookies and to // treat all cookies as session cookies or the current cookie is a session // cookie, then send the cookie back regardless of either policy. if (advice == KCookieReject && !(m_autoAcceptSessionCookies && (m_ignoreCookieExpirationDate || cookie->expireDate() == 0))) continue; if (!cookie->match(fqdn, domains, path)) continue; if( cookie->isSecure() && !secureRequest ) continue; if( cookie->isHttpOnly() && useDOMFormat ) continue; // Do not send expired cookies. if ( cookie->isExpired (time(0)) ) { // Note there is no need to actually delete the cookie here // since the cookieserver will invoke ::saveCookieJar because // of the state change below. This will then do the job of // deleting the cookie for us. m_cookiesChanged = true; continue; } if (windowId && (cookie->windowIds().find(windowId) == cookie->windowIds().end())) { cookie->windowIds().append(windowId); } if (it == domains.end()) // Only needed when processing pending cookies removeDuplicateFromList(&allCookies, cookie); allCookies.append(cookie); } if (it == domains.end()) break; // Finished. } int cookieCount = 0; int protVersion=0; for ( cookie=allCookies.first(); cookie != 0; cookie=allCookies.next() ) { if (cookie->protocolVersion() > protVersion) protVersion = cookie->protocolVersion(); } for ( cookie=allCookies.first(); cookie != 0; cookie=allCookies.next() ) { if (useDOMFormat) { if (cookieCount > 0) cookieStr += L1("; "); cookieStr += cookie->cookieStr(true); } else { if (cookieCount == 0) { cookieStr += L1("Cookie: "); if (protVersion > 0) { QString version; version.sprintf("$Version=%d; ", protVersion); // Without quotes cookieStr += version; } } else { cookieStr += L1("; "); } cookieStr += cookie->cookieStr(false); } cookieCount++; } return cookieStr; }