squidy/qBittorrent
1
0
Fork 0
mirror of https://github.com/qbittorrent/qBittorrent.git synced 2026-01-02 05:38:06 -06:00
Code Issues Packages Projects Releases Wiki Activity

Implement HTTP host header filtering

Browse Source 
This filtering is required to defend against DNS rebinding attack.
This commit is contained in:
Chocobo1
2017-07-02 18:23:10 +08:00
committed by sledgehammer999
parent 18651c8d01
commit 0532d546d7
10 changed files with 109 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/webui/abstractwebapplication.h
View File

@@ -86,6 +86,8 @@ private slots:
void UnbanTimerEvent();
void removeInactiveSessions();
void reloadDomainList();
private:
// Persistent data
QMap<QString, WebSession *> sessions_;
@@ -97,11 +99,14 @@ private:
Http::Request request_;
Http::Environment env_;
QStringList domainList;
QString generateSid();
bool sessionInitialize();
QStringMap parseCookie(const Http::Request &request) const;
bool isCrossSiteRequest(const Http::Request &request) const;
bool validateHostHeader(const Http::Request &request, const Http::Environment &env, const QStringList &domains) const;
static void translateDocument(QString &data);