Use more reliable 'own property' checking

openid.js

@@ -41,6 +41,10 @@ var AX_MAX_VALUES_COUNT = 1000;
 
 var openid = exports;
 
+function hasOwnProperty(obj, prop) {
+  return Object.prototype.hasOwnProperty.call(obj, prop);
+}
+
 openid.RelyingParty = function(returnUrl, realm, stateless, strict, extensions)
 {
   this.returnUrl = returnUrl;
@@ -150,7 +154,7 @@ var _buildUrl = function(theUrl, params)
     {
       for(var key in params)
       {
-        if(params.hasOwnProperty(key))
+        if(hasOwnProperty(params, key))
         {
           theUrl.query[key] = params[key];
         }
@@ -810,15 +814,15 @@ var _requestAuthentication = function(provider, assoc_handle, returnUrl, realm,
 
   for (var i in extensions)
   {
-    if(!extensions.hasOwnProperty(i))
+    if(!hasOwnProperty(extensions, i))
     {
       continue;
     }
 
     var extension = extensions[i];
     for (var key in extension.requestParams)
     {
-      if (!extension.requestParams.hasOwnProperty(key)) { continue; }
+      if (!hasOwnProperty(extension.requestParams, key)) { continue; }
       params[key] = extension.requestParams[key];
     }
   }
@@ -938,7 +942,7 @@ var _verifyReturnUrl = function (assertionUrl, originalReturnUrl) {
   // Any query parameters that are present in the "openid.return_to" URL MUST also be present 
   // with the same values in the URL of the HTTP request the RP received
   for (var param in receivedReturnUrl.query) {
-    if (receivedReturnUrl.query.hasOwnProperty(param) && receivedReturnUrl.query[param] !== assertionUrl.query[param]) {
+    if (hasOwnProperty(receivedReturnUrl.query, param) && receivedReturnUrl.query[param] !== assertionUrl.query[param]) {
       return false;
     }
   }
@@ -1036,7 +1040,7 @@ var _checkNonce = function (params) {
 
 var _removeOldNonces = function () {
   for (var nonce in _nonces) {
-    if (_nonces.hasOwnProperty(nonce) && Math.abs(new Date().getTime() - _nonces[nonce].getTime()) > 300000) {
+    if (hasOwnProperty(_nonces, nonce) && Math.abs(new Date().getTime() - _nonces[nonce].getTime()) > 300000) {
       delete _nonces[nonce];
     }
   }
@@ -1139,7 +1143,7 @@ var _verifyAssertionAgainstProviders = function(providers, params, stateless, ex
       {
         for(var ext in extensions)
         {
-          if (!extensions.hasOwnProperty(ext))
+          if (!hasOwnProperty(extensions, ext))
           { 
             continue; 
           }
@@ -1230,7 +1234,7 @@ var _checkSignatureUsingProvider = function(params, provider, callback)
   };
   for(var key in params)
   {
-    if(params.hasOwnProperty(key) && key != 'openid.mode')
+    if(hasOwnProperty(params, key) && key != 'openid.mode')
     {
       requestParams[key] = params[key];
     }
@@ -1387,7 +1391,7 @@ openid.AttributeExchange = function AttributeExchange(options)
   var optional = [];
   for (var ns in options)
   {
-    if (!options.hasOwnProperty(ns)) { continue; }
+    if (!hasOwnProperty(options, ns)) { continue; }
     if (options[ns] == 'required')
     {
       required.push(ns);
@@ -1429,7 +1433,7 @@ openid.AttributeExchange.prototype.fillResult = function(params, result)
   var values = {};
   for (var k in params)
   {
-    if (!params.hasOwnProperty(k)) { continue; }
+    if (!hasOwnProperty(params, k)) { continue; }
     var matches = k.match(regex);
     if (!matches)
     {
@@ -1573,7 +1577,7 @@ openid.PAPE.prototype.fillResult = function(params, result)
   var paramString = 'openid.' + extension + '.';
   var thisParam;
   for (var p in params) {
-    if (params.hasOwnProperty(p)) {
+    if (hasOwnProperty(params, p)) {
       if (p.substr(0, paramString.length) === paramString) {
         thisParam = p.substr(paramString.length);
         if (thisParam === 'auth_policies') {