LibWeb: Fail to parse cookie date when date does not exist

Previously, the cookie date validation did not validate days in the context of the month and year, resulting in dates that do not exist to be successfully parsed (e.g. February 31st). We now validate that the day does not exceed the number of days for the given month and year, taking leap years into account.
2025-07-25 02:17:35 +00:00 · 2024-01-05 09:56:14 -05:00 · 2024-01-05 09:56:14 -05:00 · 242d1d8eba
commit 242d1d8eba
parent 9b7b97b2f6
2 changed files with 5 additions and 1 deletions
--- a/Userland/Libraries/LibWeb/Cookie/ParsedCookie.cpp
+++ b/Userland/Libraries/LibWeb/Cookie/ParsedCookie.cpp
@ -345,7 +345,9 @@ Optional<UnixDateTime> parse_date_time(StringView date_string)
    // 6. Let the parsed-cookie-date be the date whose day-of-month, month, year, hour, minute, and second (in UTC) are the
    //    day-of-month-value, the month-value, the year-value, the hour-value, the minute-value, and the second-value, respectively.
    //    If no such date exists, abort these steps and fail to parse the cookie-date.
-    // FIXME: Fail on dates that do not exist.
+    if (day_of_month > static_cast<unsigned int>(days_in_month(year, month)))
+        return {};
+
    // FIXME: This currently uses UNIX time, which is not equivalent to UTC due to leap seconds.
    auto parsed_cookie_date = UnixDateTime::from_unix_time_parts(year, month, day_of_month, hour, minute, second, 0);