qbittorrent/qBittorrent
1
0
Fork 0
mirror of https://github.com/qbittorrent/qBittorrent.git synced 2025-12-12 00:06:34 -06:00
Code Issues Packages Projects Releases Wiki Activity

WebAPI: Append port to session cookie name

Browse Source 
PR #23228.
Closes #21651.
This commit is contained in:
Tom Piccirello 2025-09-18 22:29:46 -07:00 committed by GitHub
parent c075097acd
commit 753fb80e9b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 2 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/base/preferences.cpp
View File

@ -924,19 +924,6 @@ void Preferences::setWebUISessionTimeout(const int timeout)
setValue(u"Preferences/WebUI/SessionTimeout"_s, timeout); setValue(u"Preferences/WebUI/SessionTimeout"_s, timeout);
} }
QString Preferences::getWebAPISessionCookieName() const
{
return value<QString>(u"WebAPI/SessionCookieName"_s);
}
void Preferences::setWebAPISessionCookieName(const QString &cookieName)
{
if (cookieName == getWebAPISessionCookieName())
return;
setValue(u"WebAPI/SessionCookieName"_s, cookieName);
}
bool Preferences::isWebUIClickjackingProtectionEnabled() const bool Preferences::isWebUIClickjackingProtectionEnabled() const
{ {
return value(u"Preferences/WebUI/ClickjackingProtection"_s, true); return value(u"Preferences/WebUI/ClickjackingProtection"_s, true);

2
src/base/preferences.h
View File

@ -215,8 +215,6 @@ public:
void setWebUIBanDuration(std::chrono::seconds duration); void setWebUIBanDuration(std::chrono::seconds duration);
int getWebUISessionTimeout() const; int getWebUISessionTimeout() const;
void setWebUISessionTimeout(int timeout); void setWebUISessionTimeout(int timeout);
QString getWebAPISessionCookieName() const;
void setWebAPISessionCookieName(const QString &cookieName);
// WebUI security // WebUI security
bool isWebUIClickjackingProtectionEnabled() const; bool isWebUIClickjackingProtectionEnabled() const;

26
src/webui/webapplication.cpp
View File

@ -71,7 +71,7 @@
#include "clientdatastorage.h" #include "clientdatastorage.h"
const int MAX_ALLOWED_FILESIZE = 10 * 1024 * 1024; const int MAX_ALLOWED_FILESIZE = 10 * 1024 * 1024;
const QString DEFAULT_SESSION_COOKIE_NAME = u"SID"_s; const QString SESSION_COOKIE_NAME_PREFIX = u"QBT_SID_"_s;
const QString WWW_FOLDER = u":/www"_s; const QString WWW_FOLDER = u":/www"_s;
const QString PUBLIC_FOLDER = u"/public"_s; const QString PUBLIC_FOLDER = u"/public"_s;
@ -141,18 +141,6 @@ namespace
return languages.join(u'\n'); return languages.join(u'\n');
} }
bool isValidCookieName(const QString &cookieName)
{
if (cookieName.isEmpty() || (cookieName.size() > 128))
return false;
const QRegularExpression invalidNameRegex {u"[^a-zA-Z0-9_\\-]"_s};
if (invalidNameRegex.match(cookieName).hasMatch())
return false;
return true;
}
} }
WebApplication::WebApplication(IApplication *app, QObject *parent) WebApplication::WebApplication(IApplication *app, QObject *parent)
@ -166,17 +154,6 @@ WebApplication::WebApplication(IApplication *app, QObject *parent)
configure(); configure();
connect(Preferences::instance(), &Preferences::changed, this, &WebApplication::configure); connect(Preferences::instance(), &Preferences::changed, this, &WebApplication::configure);
m_sessionCookieName = Preferences::instance()->getWebAPISessionCookieName();
if (!isValidCookieName(m_sessionCookieName))
{
if (!m_sessionCookieName.isEmpty())
{
LogMsg(tr("Unacceptable session cookie name is specified: '%1'. Default one is used.")
.arg(m_sessionCookieName), Log::WARNING);
}
m_sessionCookieName = DEFAULT_SESSION_COOKIE_NAME;
}
} }
WebApplication::~WebApplication() WebApplication::~WebApplication()
@ -466,6 +443,7 @@ void WebApplication::configure()
m_isAuthSubnetWhitelistEnabled = pref->isWebUIAuthSubnetWhitelistEnabled(); m_isAuthSubnetWhitelistEnabled = pref->isWebUIAuthSubnetWhitelistEnabled();
m_authSubnetWhitelist = pref->getWebUIAuthSubnetWhitelist(); m_authSubnetWhitelist = pref->getWebUIAuthSubnetWhitelist();
m_sessionTimeout = pref->getWebUISessionTimeout(); m_sessionTimeout = pref->getWebUISessionTimeout();
m_sessionCookieName = SESSION_COOKIE_NAME_PREFIX + QString::number(pref->getWebUIPort());
m_domainList = pref->getServerDomains().split(u';', Qt::SkipEmptyParts); m_domainList = pref->getServerDomains().split(u';', Qt::SkipEmptyParts);
std::for_each(m_domainList.begin(), m_domainList.end(), [](QString &entry) { entry = entry.trimmed(); }); std::for_each(m_domainList.begin(), m_domainList.end(), [](QString &entry) { entry = entry.trimmed(); });