Permalink
Browse files

Fix potential security issue by ensuring that idToSessionMap.hasOwnPr…

…operty(sessionId)
  • Loading branch information...
1 parent 181a120 commit e56835703e26818d854e4e1a7ad75c9ca3858227 @MaxNanasy committed Nov 18, 2012
Showing with 1 addition and 1 deletion.
  1. +1 −1 pick-a-number-node/server.js
@@ -34,7 +34,7 @@ http.createServer(function (request, response) {
urlParse = url.parse(request.url, true);
var
sessionId = cookies.get('sessionId'),
- session = sessionId && idToSessionMap[sessionId];
+ session = idToSessionMap.hasOwnProperty(sessionId) && idToSessionMap[sessionId];
switch (urlParse.pathname) {
case '/':
response.writeOnlyHead(httpStatus.FOUND, { 'Location': 'game/' });

0 comments on commit e568357

Please sign in to comment.