File 0001-Fixes-requirejs-prototype-pollution.patch of Package pgadmin4.40052
From ecc356a219b79075c562d002c21d18436482e15a Mon Sep 17 00:00:00 2001
From: James Burke <jrburke@gmail.com>
Date: Mon, 15 Jul 2024 22:26:43 -0700
Subject: [PATCH] Fixes requirejs/requirejs#1854, pollution
---
dist/r.js | 9 +++++----
require.js | 5 +++--
2 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/web/pgadmin/static/vendor/require/require.js b/web/pgadmin/static/vendor/require/require.js
index 46f2864d..ca747184 100644
--- a/web/pgadmin/static/vendor/require/require.js
+++ b/web/pgadmin/static/vendor/require/require.js
@@ -1,5 +1,5 @@
/** vim: et:ts=4:sw=4:sts=4
- * @license RequireJS 2.3.6 Copyright jQuery Foundation and other contributors.
+ * @license RequireJS 2.3.6+ Tue, 16 Jul 2024 05:19:14 GMT Copyright jQuery Foundation and other contributors.
* Released under MIT license, https://github.com/requirejs/requirejs/blob/master/LICENSE
*/
//Not using strict: uneven strict support in browsers, #392, and causes
@@ -19,7 +19,7 @@ var requirejs, require, define, xpcUtil;
(function (global, setTimeout) {
var req, s, head, baseElement, dataMain, src,
interactiveScript, currentlyAddingScript, mainScript, subPath,
- version = '2.3.6',
+ version = '2.3.6 Tue, 16 Jul 2024 05:19:14 GMT',
commentRegExp = /\/\*[\s\S]*?\*\/|([^:"'=]|^)\/\/.*$/mg,
cjsRequireRegExp = /[^.]\s*require\s*\(\s*["']([^'"\s]+)["']\s*\)/g,
jsSuffixRegExp = /\.js$/,
@@ -282,7 +282,8 @@ var requirejs, require, define, xpcUtil;
contexts = {},
cfg = {},
globalDefQueue = [],
- useInteractive = false;
+ useInteractive = false,
+ disallowedProps = ['__proto__', 'constructor'];
//Could match something like ')//comment', do not lose the prefix to comment.
function commentReplace(match, singlePrefix) {
@@ -343,7 +344,7 @@ var requirejs, require, define, xpcUtil;
function eachProp(obj, func) {
var prop;
for (prop in obj) {
- if (hasProp(obj, prop)) {
+ if (hasProp(obj, prop) && disallowedProps.indexOf(prop) == -1) {
if (func(obj[prop], prop)) {
break;
}
#diff --git a/web/pgadmin/static/vendor/require/require.js b/web/pgadmin/static/vendor/require/require.js
#index 78490f91..acda0565 100644
#--- a/web/pgadmin/static/vendor/require/require.js
#+++ b/web/pgadmin/static/vendor/require/require.js
#@@ -33,7 +33,8 @@ var requirejs, require, define;
# contexts = {},
# cfg = {},
# globalDefQueue = [],
#- useInteractive = false;
#+ useInteractive = false,
#+ disallowedProps = ['__proto__', 'constructor'];
#
# //Could match something like ')//comment', do not lose the prefix to comment.
# function commentReplace(match, singlePrefix) {
#@@ -94,7 +95,7 @@ var requirejs, require, define;
# function eachProp(obj, func) {
# var prop;
# for (prop in obj) {
#- if (hasProp(obj, prop)) {
#+ if (hasProp(obj, prop) && disallowedProps.indexOf(prop) == -1) {
# if (func(obj[prop], prop)) {
# break;
# }
