mirrors/axios
2
0
Fork 0
mirror of https://github.com/tenrok/axios.git synced 2026-06-17 19:21:29 +03:00
Code Activity

fix(security): guard mergeConfig value reads with hasOwnProp

Browse Source
This commit is contained in:
Jason Saayman
2026-04-18 15:14:06 +02:00
parent 37cf18f2e2
commit 17b90d0be6
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/core/mergeConfig.js
+3 -1
View File
@@ -99,7 +99,9 @@ export default function mergeConfig(config1, config2) {
utils.forEach(Object.keys({ ...config1, ...config2 }), function computeConfigValue(prop) {
if (prop === '__proto__' || prop === 'constructor' || prop === 'prototype') return;
const merge = utils.hasOwnProp(mergeMap, prop) ? mergeMap[prop] : mergeDeepProperties;
const configValue = merge(config1[prop], config2[prop], prop);
const a = utils.hasOwnProp(config1, prop) ? config1[prop] : undefined;
const b = utils.hasOwnProp(config2, prop) ? config2[prop] : undefined;
const configValue = merge(a, b, prop);
(utils.isUndefined(configValue) && merge !== mergeDirectKeys) || (config[prop] = configValue);
});