summaryrefslogtreecommitdiffstats
path: root/src/oauth/qoauthhttpserverreplyhandler.cpp
diff options
context:
space:
mode:
authorThiago Macieira <thiago.macieira@intel.com>2024-05-08 20:50:10 -0700
committerThiago Macieira <thiago.macieira@intel.com>2024-05-13 11:14:52 -0700
commitfd49b7f6543e7b49be7847624c64ee86c4272ccd (patch)
tree04c7a833cd8b69228b21f8dbf3814aee5b72b4c6 /src/oauth/qoauthhttpserverreplyhandler.cpp
parente27798da447279683afb8e97dcf713c904785672 (diff)
QOAuthHttpServerReplyHandler: fix parsing of parsed URIs
Instead of constructing it via strings, just let QUrl parse it because it will do so properly. This fixes the incorrect handling of URIs requested that are a prefix to the URL we want to handle. Pick-to: 6.7 Change-Id: Ie30a3caf09ef4176bb36fffd17cdb59a516441aa Reviewed-by: Jesus Fernandez <jsfdez@gmail.com> Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
Diffstat (limited to 'src/oauth/qoauthhttpserverreplyhandler.cpp')
-rw-r--r--src/oauth/qoauthhttpserverreplyhandler.cpp39
1 files changed, 21 insertions, 18 deletions
diff --git a/src/oauth/qoauthhttpserverreplyhandler.cpp b/src/oauth/qoauthhttpserverreplyhandler.cpp
index 7a63e5f..9d93c62 100644
--- a/src/oauth/qoauthhttpserverreplyhandler.cpp
+++ b/src/oauth/qoauthhttpserverreplyhandler.cpp
@@ -25,9 +25,11 @@
QT_BEGIN_NAMESPACE
+using namespace Qt::StringLiterals;
+
QOAuthHttpServerReplyHandlerPrivate::QOAuthHttpServerReplyHandlerPrivate(
QOAuthHttpServerReplyHandler *p) :
- text(QObject::tr("Callback received. Feel free to close this page.")), q_ptr(p)
+ text(QObject::tr("Callback received. Feel free to close this page.")), path(u'/'), q_ptr(p)
{
QObject::connect(&httpServer, &QTcpServer::newConnection, q_ptr,
[this]() { _q_clientConnected(); });
@@ -85,7 +87,7 @@ void QOAuthHttpServerReplyHandlerPrivate::_q_readData(QTcpSocket *socket)
void QOAuthHttpServerReplyHandlerPrivate::_q_answerClient(QTcpSocket *socket, const QUrl &url)
{
Q_Q(QOAuthHttpServerReplyHandler);
- if (!url.path().startsWith(QLatin1String("/") + path)) {
+ if (url.path() != path) {
qCWarning(lcReplyHandler, "Invalid request: %s", qPrintable(url.toString()));
} else {
QVariantMap receivedData;
@@ -159,15 +161,12 @@ bool QOAuthHttpServerReplyHandlerPrivate::QHttpRequest::readUrl(QTcpSocket *sock
fragment += c;
}
if (finished) {
- if (!fragment.startsWith("/")) {
- qCWarning(lcReplyHandler, "Invalid URL path %s", fragment.constData());
- return false;
- }
- url.setUrl(QStringLiteral("http://127.0.0.1:") + QString::number(port) +
- QString::fromUtf8(fragment));
+ url = QUrl::fromEncoded(fragment);
state = State::ReadingStatus;
- if (!url.isValid()) {
- qCWarning(lcReplyHandler, "Invalid URL %s", fragment.constData());
+
+ if (!fragment.startsWith(u'/') || !url.isValid() || !url.scheme().isNull()
+ || !url.host().isNull()) {
+ qCWarning(lcReplyHandler, "Invalid request: %s", fragment.constData());
return false;
}
fragment.clear();
@@ -253,8 +252,12 @@ QString QOAuthHttpServerReplyHandler::callback() const
Q_D(const QOAuthHttpServerReplyHandler);
Q_ASSERT(d->httpServer.isListening());
- const QUrl url(QString::fromLatin1("http://127.0.0.1:%1/%2")
- .arg(d->httpServer.serverPort()).arg(d->path));
+ QUrl url;
+ url.setScheme(u"http"_s);
+ url.setHost(u"127.0.0.1"_s);
+ url.setPort(d->httpServer.serverPort());
+ url.setPath(d->path);
+
return url.toString(QUrl::EncodeDelimiters);
}
@@ -267,12 +270,12 @@ QString QOAuthHttpServerReplyHandler::callbackPath() const
void QOAuthHttpServerReplyHandler::setCallbackPath(const QString &path)
{
Q_D(QOAuthHttpServerReplyHandler);
-
- QString copy = path;
- while (copy.startsWith(QLatin1Char('/')))
- copy = copy.mid(1);
-
- d->path = copy;
+ // pass through QUrl to ensure normalization
+ QUrl url;
+ url.setPath(path);
+ d->path = url.path(QUrl::FullyEncoded);
+ if (d->path.isEmpty())
+ d->path = u'/';
}
QString QOAuthHttpServerReplyHandler::callbackText() const
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-14 20:50:15 +0000