[WebUI] Make cookie parsing robust

Previously cookie name such as "<any string>SID" will be mistakenly accepted as "SID" session ID, this commit fixes it. Use QString::isEmpty()
2025-01-27 23:14:31 +00:00 · 2017-05-23 14:23:03 +08:00 · 2017-05-23 14:23:03 +08:00 · f35a5c8085
commit f35a5c8085
parent 712e6a0e5c
2 changed files with 25 additions and 13 deletions
--- a/src/webui/abstractwebapplication.cpp
+++ b/src/webui/abstractwebapplication.cpp
@ -40,6 +40,7 @@
 #include "base/preferences.h"
 #include "base/utils/fs.h"
 #include "base/utils/random.h"
+#include "base/utils/string.h"
 #include "websessiondata.h"

 // UnbanTimer
@ -147,24 +148,13 @@ void AbstractWebApplication::removeInactiveSessions()

 bool AbstractWebApplication::sessionInitialize()
 {
-    static const QString SID_START = QLatin1String(C_SID) + QLatin1String("=");
-
    if (session_ == 0)
    {
-        QString cookie = request_.headers.value("cookie");
-        //qDebug() << Q_FUNC_INFO << "cookie: " << cookie;
-
-        QString sessionId;
-        int pos = cookie.indexOf(SID_START);
-        if (pos >= 0) {
-            pos += SID_START.length();
-            int end = cookie.indexOf(QRegExp("[,;]"), pos);
-            sessionId = cookie.mid(pos, end >= 0 ? end - pos : end);
-        }
+        const QString sessionId = parseCookie(request_).value(C_SID);

        // TODO: Additional session check

-        if (!sessionId.isNull()) {
+        if (!sessionId.isEmpty()) {
            if (sessions_.contains(sessionId)) {
                session_ = sessions_[sessionId];
                session_->updateTimestamp();
@ -386,3 +376,23 @@ const QStringMap AbstractWebApplication::CONTENT_TYPE_BY_EXT = {
    { "png", Http::CONTENT_TYPE_PNG },
    { "js", Http::CONTENT_TYPE_JS }
 };
+
+QStringMap AbstractWebApplication::parseCookie(const Http::Request &request) const
+{
+    // [rfc6265] 4.2.1. Syntax
+    QStringMap ret;
+    const QString cookieStr = request.headers.value(QLatin1String("cookie"));
+    const QVector<QStringRef> cookies = cookieStr.splitRef(';', QString::SkipEmptyParts);
+
+    for (const auto &cookie : cookies) {
+        const int idx = cookie.indexOf('=');
+        if (idx < 0)
+            continue;
+
+        const QString name = cookie.left(idx).trimmed().toString();
+        const QString value = Utils::String::unquote(cookie.mid(idx + 1).trimmed())
+                                  .toString();
+        ret.insert(name, value);
+    }
+    return ret;
+}
--- a/src/webui/abstractwebapplication.h
+++ b/src/webui/abstractwebapplication.h
@ -100,6 +100,8 @@ private:
    QString generateSid();
    bool sessionInitialize();

+    QStringMap parseCookie(const Http::Request &request) const;
+
    static void translateDocument(QString &data);

    static const QStringMap CONTENT_TYPE_BY_EXT;