From f35a5c8085d0b78062ba002022576d8909051868 Mon Sep 17 00:00:00 2001 From: Chocobo1 Date: Tue, 23 May 2017 14:23:03 +0800 Subject: [PATCH] [WebUI] Make cookie parsing robust Previously cookie name such as "SID" will be mistakenly accepted as "SID" session ID, this commit fixes it. Use QString::isEmpty() --- src/webui/abstractwebapplication.cpp | 36 ++++++++++++++++++---------- src/webui/abstractwebapplication.h | 2 ++ 2 files changed, 25 insertions(+), 13 deletions(-) diff --git a/src/webui/abstractwebapplication.cpp b/src/webui/abstractwebapplication.cpp index 7f45153d5..77bb3b605 100644 --- a/src/webui/abstractwebapplication.cpp +++ b/src/webui/abstractwebapplication.cpp @@ -40,6 +40,7 @@ #include "base/preferences.h" #include "base/utils/fs.h" #include "base/utils/random.h" +#include "base/utils/string.h" #include "websessiondata.h" // UnbanTimer @@ -147,24 +148,13 @@ void AbstractWebApplication::removeInactiveSessions() bool AbstractWebApplication::sessionInitialize() { - static const QString SID_START = QLatin1String(C_SID) + QLatin1String("="); - if (session_ == 0) { - QString cookie = request_.headers.value("cookie"); - //qDebug() << Q_FUNC_INFO << "cookie: " << cookie; - - QString sessionId; - int pos = cookie.indexOf(SID_START); - if (pos >= 0) { - pos += SID_START.length(); - int end = cookie.indexOf(QRegExp("[,;]"), pos); - sessionId = cookie.mid(pos, end >= 0 ? end - pos : end); - } + const QString sessionId = parseCookie(request_).value(C_SID); // TODO: Additional session check - if (!sessionId.isNull()) { + if (!sessionId.isEmpty()) { if (sessions_.contains(sessionId)) { session_ = sessions_[sessionId]; session_->updateTimestamp(); @@ -386,3 +376,23 @@ const QStringMap AbstractWebApplication::CONTENT_TYPE_BY_EXT = { { "png", Http::CONTENT_TYPE_PNG }, { "js", Http::CONTENT_TYPE_JS } }; + +QStringMap AbstractWebApplication::parseCookie(const Http::Request &request) const +{ + // [rfc6265] 4.2.1. Syntax + QStringMap ret; + const QString cookieStr = request.headers.value(QLatin1String("cookie")); + const QVector cookies = cookieStr.splitRef(';', QString::SkipEmptyParts); + + for (const auto &cookie : cookies) { + const int idx = cookie.indexOf('='); + if (idx < 0) + continue; + + const QString name = cookie.left(idx).trimmed().toString(); + const QString value = Utils::String::unquote(cookie.mid(idx + 1).trimmed()) + .toString(); + ret.insert(name, value); + } + return ret; +} diff --git a/src/webui/abstractwebapplication.h b/src/webui/abstractwebapplication.h index d05ea90ba..0e5577eed 100644 --- a/src/webui/abstractwebapplication.h +++ b/src/webui/abstractwebapplication.h @@ -100,6 +100,8 @@ private: QString generateSid(); bool sessionInitialize(); + QStringMap parseCookie(const Http::Request &request) const; + static void translateDocument(QString &data); static const QStringMap CONTENT_TYPE_BY_EXT;