QString KCookieJar::stripDomain( KHttpCookiePtr cookiePtr) { QString domain; // We file the cookie under this domain. if (cookiePtr->domain().isEmpty()) stripDomain( cookiePtr->host(), domain); else stripDomain (cookiePtr->domain(), domain); return domain; }
// // This function advices whether a single KHttpCookie object should // be added to the cookie jar. // KCookieAdvice KCookieJar::cookieAdvice(KHttpCookiePtr cookiePtr) { if (m_rejectCrossDomainCookies && cookiePtr->isCrossDomain()) return KCookieReject; QStringList domains; extractDomains(cookiePtr->host(), domains); // If the cookie specifies a domain, check whether it is valid. Otherwise, // accept the cookie anyways but remove the domain="" value to prevent // cross-site cookie injection. if (!cookiePtr->domain().isEmpty()) { if (!domains.contains(cookiePtr->domain()) && !cookiePtr->domain().endsWith("."+cookiePtr->host())) cookiePtr->fixDomain(QString::null); } if (m_autoAcceptSessionCookies && (cookiePtr->expireDate() == 0 || m_ignoreCookieExpirationDate)) return KCookieAccept; KCookieAdvice advice = KCookieDunno; bool isFQDN = true; // First is FQDN QStringList::Iterator it = domains.begin(); // Start with FQDN which first in the list. while( (advice == KCookieDunno) && (it != domains.end())) { QString domain = *it; // Check if a policy for the FQDN/domain is set. if ( domain[0] == '.' || isFQDN ) { isFQDN = false; KHttpCookieList *cookieList = m_cookieDomains[domain]; if (cookieList) advice = cookieList->getAdvice(); } domains.remove(it); it = domains.begin(); // Continue from begin of remaining list } if (advice == KCookieDunno) advice = m_globalAdvice; return advice; }
bool KCookieServer::cookieMatches(KHttpCookiePtr c, QString domain, QString fqdn, QString path, QString name) { if(c) { bool hasDomain = !domain.isEmpty(); return ((hasDomain && c->domain() == domain) || fqdn == c->host()) && (c->path() == path) && (c->name() == name) && (!c->isExpired(time(0))); } return false; }