dépôts / lhc / web / wiklou.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: 2aeede8)
SECURITY: resources: Patch jQuery 3.2.1 for CVE-2019-11358
authorJames D. Forrester <jforrester@wikimedia.org>
Thu, 25 Apr 2019 21:12:52 +0000 (16:12 -0500)
committerUmherirrender <umherirrender_de.wp@web.de>
Thu, 6 Jun 2019 21:25:23 +0000 (21:25 +0000)
Patch taken from https://github.com/DanielRuf/snyk-js-jquery-174006?files=1.

Bug: T221739
Change-Id: I99c2be81c74a8f1d35c421f0ee43c75efb30a7d0

resources/lib/jquery/jquery.js patch | blob | history

diff --git a/resources/lib/jquery/jquery.js b/resources/lib/jquery/jquery.js
index d2d8ca4..2cf479d 100644 (file)
--- a/resources/lib/jquery/jquery.js
+++ b/resources/lib/jquery/jquery.js
@@ -229,8 +229,9 @@ jQuery.extend = jQuery.fn.extend = function() {
                                src = target[ name ];
                                copy = options[ name ];
 
+                               // Prevent Object.prototype pollution
                                // Prevent never-ending loop
-                               if ( target === copy ) {
+                               if ( name === "__proto__" || target === copy ) {
                                        continue;
                                }
 
Wiklou, le Wiki du Wiklou