| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cookies/cookie_util.h" | 5 #include "net/cookies/cookie_util.h" |
| 6 | 6 |
| 7 #include <cstdio> |
| 8 #include <cstdlib> |
| 9 |
| 7 #include "base/logging.h" | 10 #include "base/logging.h" |
| 11 #include "base/string_tokenizer.h" |
| 12 #include "base/string_util.h" |
| 13 #include "build/build_config.h" |
| 8 #include "googleurl/src/gurl.h" | 14 #include "googleurl/src/gurl.h" |
| 9 #include "net/base/net_util.h" | 15 #include "net/base/net_util.h" |
| 10 #include "net/base/registry_controlled_domain.h" | 16 #include "net/base/registry_controlled_domain.h" |
| 11 | 17 |
| 12 namespace net { | 18 namespace net { |
| 13 namespace cookie_util { | 19 namespace cookie_util { |
| 14 | 20 |
| 15 bool DomainIsHostOnly(const std::string& domain_string) { | 21 bool DomainIsHostOnly(const std::string& domain_string) { |
| 16 return (domain_string.empty() || domain_string[0] != '.'); | 22 return (domain_string.empty() || domain_string[0] != '.'); |
| 17 } | 23 } |
| (...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 67 (cookie_domain != ("." + url_host)) : | 73 (cookie_domain != ("." + url_host)) : |
| 68 (url_host.compare(url_host.length() - cookie_domain.length(), | 74 (url_host.compare(url_host.length() - cookie_domain.length(), |
| 69 cookie_domain.length(), cookie_domain) != 0); | 75 cookie_domain.length(), cookie_domain) != 0); |
| 70 if (is_suffix) | 76 if (is_suffix) |
| 71 return false; | 77 return false; |
| 72 | 78 |
| 73 *result = cookie_domain; | 79 *result = cookie_domain; |
| 74 return true; | 80 return true; |
| 75 } | 81 } |
| 76 | 82 |
| 83 // Parse a cookie expiration time. We try to be lenient, but we need to |
| 84 // assume some order to distinguish the fields. The basic rules: |
| 85 // - The month name must be present and prefix the first 3 letters of the |
| 86 // full month name (jan for January, jun for June). |
| 87 // - If the year is <= 2 digits, it must occur after the day of month. |
| 88 // - The time must be of the format hh:mm:ss. |
| 89 // An average cookie expiration will look something like this: |
| 90 // Sat, 15-Apr-17 21:01:22 GMT |
| 91 base::Time ParseCookieTime(const std::string& time_string) { |
| 92 static const char* kMonths[] = { "jan", "feb", "mar", "apr", "may", "jun", |
| 93 "jul", "aug", "sep", "oct", "nov", "dec" }; |
| 94 static const int kMonthsLen = arraysize(kMonths); |
| 95 // We want to be pretty liberal, and support most non-ascii and non-digit |
| 96 // characters as a delimiter. We can't treat : as a delimiter, because it |
| 97 // is the delimiter for hh:mm:ss, and we want to keep this field together. |
| 98 // We make sure to include - and +, since they could prefix numbers. |
| 99 // If the cookie attribute came in in quotes (ex expires="XXX"), the quotes |
| 100 // will be preserved, and we will get them here. So we make sure to include |
| 101 // quote characters, and also \ for anything that was internally escaped. |
| 102 static const char* kDelimiters = "\t !\"#$%&'()*+,-./;<=>?@[\\]^_`{|}~"; |
| 103 |
| 104 base::Time::Exploded exploded = {0}; |
| 105 |
| 106 StringTokenizer tokenizer(time_string, kDelimiters); |
| 107 |
| 108 bool found_day_of_month = false; |
| 109 bool found_month = false; |
| 110 bool found_time = false; |
| 111 bool found_year = false; |
| 112 |
| 113 while (tokenizer.GetNext()) { |
| 114 const std::string token = tokenizer.token(); |
| 115 DCHECK(!token.empty()); |
| 116 bool numerical = IsAsciiDigit(token[0]); |
| 117 |
| 118 // String field |
| 119 if (!numerical) { |
| 120 if (!found_month) { |
| 121 for (int i = 0; i < kMonthsLen; ++i) { |
| 122 // Match prefix, so we could match January, etc |
| 123 if (base::strncasecmp(token.c_str(), kMonths[i], 3) == 0) { |
| 124 exploded.month = i + 1; |
| 125 found_month = true; |
| 126 break; |
| 127 } |
| 128 } |
| 129 } else { |
| 130 // If we've gotten here, it means we've already found and parsed our |
| 131 // month, and we have another string, which we would expect to be the |
| 132 // the time zone name. According to the RFC and my experiments with |
| 133 // how sites format their expirations, we don't have much of a reason |
| 134 // to support timezones. We don't want to ever barf on user input, |
| 135 // but this DCHECK should pass for well-formed data. |
| 136 // DCHECK(token == "GMT"); |
| 137 } |
| 138 // Numeric field w/ a colon |
| 139 } else if (token.find(':') != std::string::npos) { |
| 140 if (!found_time && |
| 141 #ifdef COMPILER_MSVC |
| 142 sscanf_s( |
| 143 #else |
| 144 sscanf( |
| 145 #endif |
| 146 token.c_str(), "%2u:%2u:%2u", &exploded.hour, |
| 147 &exploded.minute, &exploded.second) == 3) { |
| 148 found_time = true; |
| 149 } else { |
| 150 // We should only ever encounter one time-like thing. If we're here, |
| 151 // it means we've found a second, which shouldn't happen. We keep |
| 152 // the first. This check should be ok for well-formed input: |
| 153 // NOTREACHED(); |
| 154 } |
| 155 // Numeric field |
| 156 } else { |
| 157 // Overflow with atoi() is unspecified, so we enforce a max length. |
| 158 if (!found_day_of_month && token.length() <= 2) { |
| 159 exploded.day_of_month = atoi(token.c_str()); |
| 160 found_day_of_month = true; |
| 161 } else if (!found_year && token.length() <= 5) { |
| 162 exploded.year = atoi(token.c_str()); |
| 163 found_year = true; |
| 164 } else { |
| 165 // If we're here, it means we've either found an extra numeric field, |
| 166 // or a numeric field which was too long. For well-formed input, the |
| 167 // following check would be reasonable: |
| 168 // NOTREACHED(); |
| 169 } |
| 170 } |
| 171 } |
| 172 |
| 173 if (!found_day_of_month || !found_month || !found_time || !found_year) { |
| 174 // We didn't find all of the fields we need. For well-formed input, the |
| 175 // following check would be reasonable: |
| 176 // NOTREACHED() << "Cookie parse expiration failed: " << time_string; |
| 177 return base::Time(); |
| 178 } |
| 179 |
| 180 // Normalize the year to expand abbreviated years to the full year. |
| 181 if (exploded.year >= 69 && exploded.year <= 99) |
| 182 exploded.year += 1900; |
| 183 if (exploded.year >= 0 && exploded.year <= 68) |
| 184 exploded.year += 2000; |
| 185 |
| 186 // If our values are within their correct ranges, we got our time. |
| 187 if (exploded.day_of_month >= 1 && exploded.day_of_month <= 31 && |
| 188 exploded.month >= 1 && exploded.month <= 12 && |
| 189 exploded.year >= 1601 && exploded.year <= 30827 && |
| 190 exploded.hour <= 23 && exploded.minute <= 59 && exploded.second <= 59) { |
| 191 return base::Time::FromUTCExploded(exploded); |
| 192 } |
| 193 |
| 194 // One of our values was out of expected range. For well-formed input, |
| 195 // the following check would be reasonable: |
| 196 // NOTREACHED() << "Cookie exploded expiration failed: " << time_string; |
| 197 |
| 198 return base::Time(); |
| 199 } |
| 200 |
| 77 } // namespace cookie_utils | 201 } // namespace cookie_utils |
| 78 } // namespace net | 202 } // namespace net |
| 79 | 203 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10785017:
Move CanonicalCookie into separate files (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src