Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2025-12-18 08:20:12 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Tried to fix possible prototype pollution reported by Deepcode.ai.

Browse source 
Thanks to Deepcode.ai and xet7 !
This commit is contained in:
Lauri Ojansivu 2021-01-22 16:37:42 +02:00
parent 0373da44b3
commit 8f553497e4
1 changed files with 36 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

2
client/components/main/globalSearch.js
View file

@ -247,6 +247,7 @@ BlazeComponent.extendComponent({
} else { } else {
op = m.groups.abbrev; op = m.groups.abbrev;
} }
if (op !== "__proto__") {
if (op in operatorMap) { if (op in operatorMap) {
let value = m.groups.value; let value = m.groups.value;
if (operatorMap[op] === 'labels') { if (operatorMap[op] === 'labels') {
@ -286,6 +287,7 @@ BlazeComponent.extendComponent({
value: op, value: op,
}); });
} }
}
continue; continue;
} }