[go: nahoru, domu]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release 4.18 #4287

Merged
merged 31 commits into from
Apr 24, 2022
Merged

Release 4.18 #4287

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
31 commits
Select commit Hold shift + click to select a range
eb4c930
build: support Node.js 15.x
kkalavantavanich Dec 5, 2021
8bf0720
build: support Node.js 16.x
kkalavantavanich Dec 5, 2021
87279c0
Support proper 205 responses using res.send
tkesgar May 20, 2021
c17fe05
Ignore Object.prototype values in settings through app.set/app.get
EvanHahn Feb 3, 2022
4847d0e
Deprecate string and non-integer arguments to res.status
jonchurch Mar 21, 2020
0def9bb
Add "root" option to res.download
mmito Mar 11, 2022
dd69eed
deps: send@0.18.0
dougwilson Mar 25, 2022
c924206
deps: serve-static@1.15.0
dougwilson Mar 25, 2022
f739b16
deps: finalhandler@1.2.0
dougwilson Mar 25, 2022
03dc367
Allow options without filename in res.download
dougwilson Mar 25, 2022
10b9b50
examples: use updated res.download in example
dougwilson Mar 25, 2022
9482b82
Invoke default with same arguments as types in res.format
shesek Mar 13, 2018
1cc8169
deps: depd@2.0.0
UlisesGascon Feb 5, 2020
5855339
Fix behavior of null/undefined as "maxAge" in res.cookie
cjbarth Apr 18, 2019
a107702
Use http-errors for res.format error
dougwilson Mar 28, 2022
32c558d
deps: body-parser@1.20.0
dougwilson Apr 3, 2022
1df7576
deps: qs@6.10.3
dougwilson Apr 3, 2022
980d881
deps: statuses@2.0.1
3imed-jaberi Jul 3, 2020
2e2d78c
deps: on-finished@2.4.1
dougwilson Apr 3, 2022
04da4aa
build: use supertest@3.4.2 for Node.js 6.x
dougwilson Apr 7, 2022
1b2e097
tests: fix typo in description
Hashen110 Apr 7, 2022
99175c3
docs: fix typo in casing of HTTP
ghousemohamed Mar 26, 2022
ecaf67c
docs: remove Node Security Project from security policy
netcode Apr 11, 2022
b91c7ff
examples: use http-errors to create errors
dougwilson Apr 11, 2022
8880dda
examples: add missing html label associations
Hashen110 Apr 7, 2022
92c5ce5
deps: cookie@0.5.0
dougwilson Apr 12, 2022
708ac4c
Fix handling very large stacks of sync middleware
dougwilson Apr 14, 2022
fd8e45c
tests: mark stack overflow as long running
grisu48 Apr 8, 2022
11a209e
build: support Node.js 17.x
dougwilson Apr 21, 2022
29ea1b2
build: use 64-bit Node.js in AppVeyor
dougwilson Apr 21, 2022
158a170
build: support Node.js 18.x
dougwilson Apr 21, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Ignore Object.prototype values in settings through app.set/app.get 
closes #4802
closes #4803
  • Loading branch information
@EvanHahn @dougwilson
EvanHahn authored and dougwilson committed Mar 24, 2022
commit c17fe058613dc7dfb7779fbe68a9738a108fe408
1 change: 1 addition & 0 deletions History.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
unreleased
==========

* Ignore `Object.prototype` values in settings through `app.set`/`app.get`
* Support proper 205 responses using `res.send`

4.17.3 / 2022-02-16
Expand Down
19 changes: 18 additions & 1 deletion lib/application.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,13 @@ var flatten = require('array-flatten');
var merge = require('utils-merge');
var resolve = require('path').resolve;
var setPrototypeOf = require('setprototypeof')

/**
* Module variables.
* @private
*/

var hasOwnProperty = Object.prototype.hasOwnProperty
var slice = Array.prototype.slice;

/**
Expand Down Expand Up @@ -352,7 +359,17 @@ app.param = function param(name, fn) {
app.set = function set(setting, val) {
if (arguments.length === 1) {
// app.get(setting)
return this.settings[setting];
var settings = this.settings

while (settings && settings !== Object.prototype) {
if (hasOwnProperty.call(settings, setting)) {
return settings[setting]
}

settings = Object.getPrototypeOf(settings)
}

return undefined
}

debug('set "%s" to %o', setting, val);
Expand Down
44 changes: 44 additions & 0 deletions test/config.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,12 @@ describe('config', function () {
assert.equal(app.get('foo'), 'bar');
})

it('should set prototype values', function () {
var app = express()
app.set('hasOwnProperty', 42)
assert.strictEqual(app.get('hasOwnProperty'), 42)
})

it('should return the app', function () {
var app = express();
assert.equal(app.set('foo', 'bar'), app);
Expand All @@ -21,6 +27,17 @@ describe('config', function () {
assert.equal(app.set('foo', undefined), app);
})

it('should return set value', function () {
var app = express()
app.set('foo', 'bar')
assert.strictEqual(app.set('foo'), 'bar')
})

it('should return undefined for prototype values', function () {
var app = express()
assert.strictEqual(app.set('hasOwnProperty'), undefined)
})

describe('"etag"', function(){
it('should throw on bad value', function(){
var app = express();
Expand Down Expand Up @@ -51,6 +68,11 @@ describe('config', function () {
assert.strictEqual(app.get('foo'), undefined);
})

it('should return undefined for prototype values', function () {
var app = express()
assert.strictEqual(app.get('hasOwnProperty'), undefined)
})

it('should otherwise return the value', function(){
var app = express();
app.set('foo', 'bar');
Expand Down Expand Up @@ -125,6 +147,12 @@ describe('config', function () {
assert.equal(app.enable('tobi'), app);
assert.strictEqual(app.get('tobi'), true);
})

it('should set prototype values', function () {
var app = express()
app.enable('hasOwnProperty')
assert.strictEqual(app.get('hasOwnProperty'), true)
})
})

describe('.disable()', function(){
Expand All @@ -133,6 +161,12 @@ describe('config', function () {
assert.equal(app.disable('tobi'), app);
assert.strictEqual(app.get('tobi'), false);
})

it('should set prototype values', function () {
var app = express()
app.disable('hasOwnProperty')
assert.strictEqual(app.get('hasOwnProperty'), false)
})
})

describe('.enabled()', function(){
Expand All @@ -146,6 +180,11 @@ describe('config', function () {
app.set('foo', 'bar');
assert.strictEqual(app.enabled('foo'), true);
})

it('should default to false for prototype values', function () {
var app = express()
assert.strictEqual(app.enabled('hasOwnProperty'), false)
})
})

describe('.disabled()', function(){
Expand All @@ -159,5 +198,10 @@ describe('config', function () {
app.set('foo', 'bar');
assert.strictEqual(app.disabled('foo'), false);
})

it('should default to true for prototype values', function () {
var app = express()
assert.strictEqual(app.disabled('hasOwnProperty'), true)
})
})
})