From e06ce7562ca568ca9fa8072fbd554da4d20dc779 Mon Sep 17 00:00:00 2001 From: isaacs Date: Thu, 15 Sep 2011 10:38:25 -0700 Subject: [PATCH] Fix #1707 hasOwnProperty usage If hasOwnProperty is overridden, then calling `obj.hasOwnProperty(prop)` can fail. Any time a dictionary of user-generated items is built, we cannot rely on hasOwnProperty being safe, so must call it from the Object.prototype explicitly. --- lib/module.js | 7 +++++-- lib/querystring.js | 7 +++++-- lib/repl.js | 8 +++++--- test/simple/test-querystring.js | 1 + 4 files changed, 16 insertions(+), 7 deletions(-) diff --git a/lib/module.js b/lib/module.js index 650f340cd5b..3d3d1e775c4 100644 --- a/lib/module.js +++ b/lib/module.js @@ -26,7 +26,10 @@ var runInNewContext = Script.runInNewContext; var assert = require('assert').ok; -function hOP(obj, prop) { +// If obj.hasOwnProperty has been overridden, then calling +// obj.hasOwnProperty(prop) will break. +// See: https://github.com/joyent/node/issues/1707 +function hasOwnProperty(obj, prop) { return Object.prototype.hasOwnProperty.call(obj, prop); } @@ -91,7 +94,7 @@ function statPath(path) { var packageCache = {}; function readPackage(requestPath) { - if (hOP(packageCache, requestPath)) { + if (hasOwnProperty(packageCache, requestPath)) { return packageCache[requestPath]; } diff --git a/lib/querystring.js b/lib/querystring.js index e8796e4d741..58b90250c44 100644 --- a/lib/querystring.js +++ b/lib/querystring.js @@ -25,7 +25,10 @@ var QueryString = exports; var urlDecode = process.binding('http_parser').urlDecode; -function hOP(obj, prop) { +// If obj.hasOwnProperty has been overridden, then calling +// obj.hasOwnProperty(prop) will break. +// See: https://github.com/joyent/node/issues/1707 +function hasOwnProperty(obj, prop) { return Object.prototype.hasOwnProperty.call(obj, prop); } @@ -171,7 +174,7 @@ QueryString.parse = QueryString.decode = function(qs, sep, eq) { var k = QueryString.unescape(x[0], true); var v = QueryString.unescape(x.slice(1).join(eq), true); - if (!hOP(obj, k)) { + if (!hasOwnProperty(obj, k)) { obj[k] = v; } else if (!Array.isArray(obj[k])) { obj[k] = [obj[k], v]; diff --git a/lib/repl.js b/lib/repl.js index 3a9cae05d9f..3ae5b4c2c9e 100644 --- a/lib/repl.js +++ b/lib/repl.js @@ -46,8 +46,10 @@ var path = require('path'); var fs = require('fs'); var rl = require('readline'); - -function hOP(obj, prop) { +// If obj.hasOwnProperty has been overridden, then calling +// obj.hasOwnProperty(prop) will break. +// See: https://github.com/joyent/node/issues/1707 +function hasOwnProperty(obj, prop) { return Object.prototype.hasOwnProperty.call(obj, prop); } @@ -452,7 +454,7 @@ REPLServer.prototype.complete = function(line) { group.sort(); for (var j = 0; j < group.length; j++) { c = group[j]; - if (!hOP(uniq, c)) { + if (!hasOwnProperty(uniq, c)) { completions.push(c); uniq[c] = true; } diff --git a/test/simple/test-querystring.js b/test/simple/test-querystring.js index 127fb5931e4..0900c3387a2 100644 --- a/test/simple/test-querystring.js +++ b/test/simple/test-querystring.js @@ -49,6 +49,7 @@ var qsTestCases = [ [' foo = bar ', '%20foo%20=%20bar%20', {' foo ': ' bar '}], ['foo=%zx', 'foo=%25zx', {'foo': '%zx'}], ['foo=%EF%BF%BD', 'foo=%EF%BF%BD', {'foo': '\ufffd' }], + // See: https://github.com/joyent/node/issues/1707 [ 'hasOwnProperty=x&toString=foo&valueOf=bar&__defineGetter__=baz', 'hasOwnProperty=x&toString=foo&valueOf=bar&__defineGetter__=baz', { hasOwnProperty: 'x',