fix: bug with [__proto__]

package.json

@@ -1,6 +1,6 @@
 {
   "name": "bmoor",
-  "version": "0.10.0",
+  "version": "0.10.1",
   "author": "Brian Heilman <das.ist.junk@gmail.com>",
   "description": "A basic foundation for other libraries, establishing useful patterbs, and letting them be more.",
   "license": "MIT",
@@ -29,7 +29,8 @@
   },
   "scripts": {
     "lint": "node ./node_modules/eslint/bin/eslint ./src",
-    "test": "npm run prettier && mocha --recursive \"./src/**/*.spec.js\"",
-    "prettier": "npx prettier --write ./src && npm run lint"
+    "test": "mocha --recursive \"./src/**/*.spec.js\"",
+    "prettier": "npx prettier --write ./src",
+    "finalize": "npm run lint && npm run prettier && npm run test"
   }
 }

src/core.js

@@ -182,7 +182,7 @@ function set(root, space, value) {
 	val = space.pop();
 
 	for (i = 0, c = space.length; i < c; i++) {
-		nextSpace = space[i];
+		nextSpace = String(space[i]);
 
 		if (
 			nextSpace === '__proto__' ||
@@ -205,6 +205,8 @@ function set(root, space, value) {
 }
 
 function _makeSetter(property, next) {
+	property = String(property);
+
 	if (
 		property === '__proto__' ||
 		property === 'constructor' ||
@@ -265,7 +267,7 @@ function get(root, path) {
 	space = parse(path);
 	if (space.length) {
 		for (i = 0, c = space.length; i < c; i++) {
-			nextSpace = space[i];
+			nextSpace = String(space[i]);
 
 			if (
 				nextSpace === '__proto__' ||
@@ -287,6 +289,8 @@ function get(root, path) {
 }
 
 function _makeGetter(property, next) {
+	property = String(property);
+
 	if (
 		property === '__proto__' ||
 		property === 'constructor' ||

src/core.spec.js

@@ -92,6 +92,14 @@ describe('Testing object setting/getting', function () {
 
 			expect(t.polluted).to.not.equal(true);
 		});
+
+		it('should not allow __proto__ when in array', function () {
+			var t = {};
+
+			bmoor.set(t, [['__proto__'], 'polluted'], 'polluted');
+
+			expect(t.polluted).to.not.equal('polluted');
+		});
 	});
 
 	describe('::makeSetter', function () {