Fix potential security issue by ensuring that idToSessionMap.hasOwnPr…

…operty(sessionId)
MaxNanasy · Nov 18, 2012 · e568357 · e568357
1 parent 181a120
commit e568357
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/pick-a-number-node/server.js b/pick-a-number-node/server.js
@@ -34,7 +34,7 @@ http.createServer(function (request, response) {
     urlParse = url.parse(request.url, true);
   var
     sessionId = cookies.get('sessionId'),
-    session = sessionId && idToSessionMap[sessionId];
+    session = idToSessionMap.hasOwnProperty(sessionId) && idToSessionMap[sessionId];
   switch (urlParse.pathname) {
     case '/':
       response.writeOnlyHead(httpStatus.FOUND, { 'Location': 'game/' });