File 0001-Fixes-requirejs-prototype-pollution.patch of Package pgadmin4.36129

Overview Repositories Revisions Requests Users Attributes Meta

File 0001-Fixes-requirejs-prototype-pollution.patch of Package pgadmin4.36129

From ecc356a219b79075c562d002c21d18436482e15a Mon Sep 17 00:00:00 2001
From: James Burke <jrburke@gmail.com>
Date: Mon, 15 Jul 2024 22:26:43 -0700
Subject: [PATCH] Fixes requirejs/requirejs#1854, pollution

---
 dist/r.js  | 9 +++++----
 require.js | 5 +++--
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/web/pgadmin/static/vendor/require/require.js b/web/pgadmin/static/vendor/require/require.js
index 46f2864d..ca747184 100644
--- a/web/pgadmin/static/vendor/require/require.js
+++ b/web/pgadmin/static/vendor/require/require.js
@@ -1,5 +1,5 @@
 /** vim: et:ts=4:sw=4:sts=4
- * @license RequireJS 2.3.6 Copyright jQuery Foundation and other contributors.
+ * @license RequireJS 2.3.6+ Tue, 16 Jul 2024 05:19:14 GMT Copyright jQuery Foundation and other contributors.
  * Released under MIT license, https://github.com/requirejs/requirejs/blob/master/LICENSE
  */
 //Not using strict: uneven strict support in browsers, #392, and causes
@@ -19,7 +19,7 @@ var requirejs, require, define, xpcUtil;
 (function (global, setTimeout) {
     var req, s, head, baseElement, dataMain, src,
         interactiveScript, currentlyAddingScript, mainScript, subPath,
-        version = '2.3.6',
+        version = '2.3.6 Tue, 16 Jul 2024 05:19:14 GMT',
         commentRegExp = /\/\*[\s\S]*?\*\/|([^:"'=]|^)\/\/.*$/mg,
         cjsRequireRegExp = /[^.]\s*require\s*$\s*["']([^'"\s]+)["']\s*$/g,
         jsSuffixRegExp = /\.js$/,
@@ -282,7 +282,8 @@ var requirejs, require, define, xpcUtil;
         contexts = {},
         cfg = {},
         globalDefQueue = [],
-        useInteractive = false;
+        useInteractive = false,
+        disallowedProps = ['__proto__', 'constructor'];
 
     //Could match something like ')//comment', do not lose the prefix to comment.
     function commentReplace(match, singlePrefix) {
@@ -343,7 +344,7 @@ var requirejs, require, define, xpcUtil;
     function eachProp(obj, func) {
         var prop;
         for (prop in obj) {
-            if (hasProp(obj, prop)) {
+            if (hasProp(obj, prop) && disallowedProps.indexOf(prop) == -1) {
                 if (func(obj[prop], prop)) {
                     break;
                 }
#diff --git a/web/pgadmin/static/vendor/require/require.js b/web/pgadmin/static/vendor/require/require.js
#index 78490f91..acda0565 100644
#--- a/web/pgadmin/static/vendor/require/require.js
#+++ b/web/pgadmin/static/vendor/require/require.js
#@@ -33,7 +33,8 @@ var requirejs, require, define;
#         contexts = {},
#         cfg = {},
#         globalDefQueue = [],
#-        useInteractive = false;
#+        useInteractive = false,
#+        disallowedProps = ['__proto__', 'constructor'];
# 
#     //Could match something like ')//comment', do not lose the prefix to comment.
#     function commentReplace(match, singlePrefix) {
#@@ -94,7 +95,7 @@ var requirejs, require, define;
#     function eachProp(obj, func) {
#         var prop;
#         for (prop in obj) {
#-            if (hasProp(obj, prop)) {
#+            if (hasProp(obj, prop) && disallowedProps.indexOf(prop) == -1) {
#                 if (func(obj[prop], prop)) {
#                     break;
#                 }

Places

File 0001-Fixes-requirejs-prototype-pollution.patch of Package pgadmin4.36129

Places