regression fix because of last prototype pollution fix in v19.8.5

i18next · Feb 1, 2021 · 87a2449 · jamuhl · Feb 2, 2021 · 87a2449
1 parent aeab3ca
commit 87a2449
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,7 @@
+### 19.8.6
+
+- regression fix because of last prototype pollution fix in v19.8.5
+
 ### 19.8.5
 
 - fix potential prototype pollution when backend plugin resolves a malicious language value

diff --git a/i18next.js b/i18next.js
@@ -315,7 +315,12 @@
       if (canNotTraverseDeeper()) return {};
       var key = cleanKey(stack.shift());
       if (!object[key] && Empty) object[key] = new Empty();
-      if (object.hasOwnProperty(key)) object = object[key];
+
+      if (object.hasOwnProperty(key)) {
+        object = object[key];
+      } else {
+        object = {};
+      }
     }
 
     if (canNotTraverseDeeper()) return {};

diff --git a/i18next.min.js b/i18next.min.js
diff --git a/src/utils.js b/src/utils.js
@@ -42,7 +42,11 @@ function getLastOfPath(object, path, Empty) {
     const key = cleanKey(stack.shift());
     if (!object[key] && Empty) object[key] = new Empty();
     // prevent prototype pollution
-    if (object.hasOwnProperty(key)) object = object[key];
+    if (object.hasOwnProperty(key)) {
+      object = object[key];
+    } else {
+      object = {};
+    }
   }
 
   if (canNotTraverseDeeper()) return {};