QString KCookieJar::stripDomain( KHttpCookiePtr cookiePtr)
{
QString domain; // We file the cookie under this domain.
if (cookiePtr->domain().isEmpty())
stripDomain( cookiePtr->host(), domain);
else
stripDomain (cookiePtr->domain(), domain);
return domain;
}
//
// This function advices whether a single KHttpCookie object should
// be added to the cookie jar.
//
KCookieAdvice KCookieJar::cookieAdvice(KHttpCookiePtr cookiePtr)
{
if (m_rejectCrossDomainCookies && cookiePtr->isCrossDomain())
return KCookieReject;
QStringList domains;
extractDomains(cookiePtr->host(), domains);
// If the cookie specifies a domain, check whether it is valid. Otherwise,
// accept the cookie anyways but remove the domain="" value to prevent
// cross-site cookie injection.
if (!cookiePtr->domain().isEmpty())
{
if (!domains.contains(cookiePtr->domain()) &&
!cookiePtr->domain().endsWith("."+cookiePtr->host()))
cookiePtr->fixDomain(QString::null);
}
if (m_autoAcceptSessionCookies && (cookiePtr->expireDate() == 0 ||
m_ignoreCookieExpirationDate))
return KCookieAccept;
KCookieAdvice advice = KCookieDunno;
bool isFQDN = true; // First is FQDN
QStringList::Iterator it = domains.begin(); // Start with FQDN which first in the list.
while( (advice == KCookieDunno) && (it != domains.end()))
{
QString domain = *it;
// Check if a policy for the FQDN/domain is set.
if ( domain[0] == '.' || isFQDN )
{
isFQDN = false;
KHttpCookieList *cookieList = m_cookieDomains[domain];
if (cookieList)
advice = cookieList->getAdvice();
}
domains.remove(it);
it = domains.begin(); // Continue from begin of remaining list
}
if (advice == KCookieDunno)
advice = m_globalAdvice;
return advice;
}
bool KCookieServer::cookieMatches(KHttpCookiePtr c, QString domain, QString fqdn, QString path, QString name)
{
if(c)
{
bool hasDomain = !domain.isEmpty();
return ((hasDomain && c->domain() == domain) || fqdn == c->host()) && (c->path() == path) && (c->name() == name) && (!c->isExpired(time(0)));
}
return false;
}