Skip to content

Commit

Permalink
v6.3.3
Browse files Browse the repository at this point in the history
  • Loading branch information
ljharb committed Jan 10, 2022
1 parent 4310742 commit ff235b4
Show file tree
Hide file tree
Showing 4 changed files with 63 additions and 33 deletions.
20 changes: 20 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,23 @@
## **6.3.3**
- [Fix] `parse`: ignore `__proto__` keys (#428)
- [Fix] fix for an impossible situation: when the formatter is called with a non-string value
- [Fix] `utils.merge`: avoid a crash with a null target and an array source
- [Fix]` `utils.merge`: avoid a crash with a null target and a truthy non-array source
- [Fix] `stringify`: fix a crash with `strictNullHandling` and a custom `filter`/`serializeDate` (#279)
- [Fix] `utils`: `merge`: fix crash when `source` is a truthy primitive & no options are provided
- [Fix] when `parseArrays` is false, properly handle keys ending in `[]`
- [Robustness] `stringify`: avoid relying on a global `undefined` (#427)
- [Refactor] use cached `Array.isArray`
- [Refactor] `stringify`: Avoid arr = arr.concat(...), push to the existing instance (#269)
- [Docs] Clarify the need for "arrayLimit" option
- [meta] fix README.md (#399)
- [meta] Clean up license text so it’s properly detected as BSD-3-Clause
- [meta] add FUNDING.yml
- [actions] backport actions from main
- [Tests] use `safer-buffer` instead of `Buffer` constructor
- [Tests] remove nonexistent tape option
- [Dev Deps] backport from main

## **6.3.2**
- [Fix] follow `allowPrototypes` option during merge (#201, #200)
- [Dev Deps] update `eslint`
Expand Down
2 changes: 1 addition & 1 deletion component.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"name": "qs",
"repository": "hapijs/qs",
"description": "query-string parser / stringifier with nesting support",
"version": "6.3.2",
"version": "6.3.3",
"keywords": ["querystring", "query", "parser"],
"main": "lib/index.js",
"scripts": [
Expand Down
72 changes: 41 additions & 31 deletions dist/qs.js
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ module.exports = {
return replace.call(value, percentTwenties, '+');
},
RFC3986: function (value) {
return value;
return String(value);
}
},
RFC1738: 'RFC1738',
Expand Down Expand Up @@ -102,7 +102,7 @@ var parseObject = function parseObjectRecursive(chain, val, options) {
) {
obj = [];
obj[index] = parseObject(chain, val, options);
} else {
} else if (cleanRoot !== '__proto__') {
obj[cleanRoot] = parseObject(chain, val, options);
}
}
Expand Down Expand Up @@ -132,8 +132,7 @@ var parseKeys = function parseQueryStringKeys(givenKey, val, options) {

var keys = [];
if (parent) {
// If we aren't using plain objects, optionally prefix keys
// that would overwrite object prototype properties
// If we aren't using plain objects, optionally prefix keys that would overwrite object prototype properties
if (!options.plainObjects && has.call(Object.prototype, parent)) {
if (!options.allowPrototypes) {
return;
Expand Down Expand Up @@ -209,31 +208,37 @@ var utils = require('./utils');
var formats = require('./formats');

var arrayPrefixGenerators = {
brackets: function brackets(prefix) { // eslint-disable-line func-name-matching
brackets: function brackets(prefix) {
return prefix + '[]';
},
indices: function indices(prefix, key) { // eslint-disable-line func-name-matching
indices: function indices(prefix, key) {
return prefix + '[' + key + ']';
},
repeat: function repeat(prefix) { // eslint-disable-line func-name-matching
repeat: function repeat(prefix) {
return prefix;
}
};

var isArray = Array.isArray;
var push = Array.prototype.push;
var pushToArray = function (arr, valueOrArray) {
push.apply(arr, isArray(valueOrArray) ? valueOrArray : [valueOrArray]);
};

var toISO = Date.prototype.toISOString;

var defaults = {
delimiter: '&',
encode: true,
encoder: utils.encode,
serializeDate: function serializeDate(date) { // eslint-disable-line func-name-matching
serializeDate: function serializeDate(date) {
return toISO.call(date);
},
skipNulls: false,
strictNullHandling: false
};

var stringify = function stringify( // eslint-disable-line func-name-matching
var stringify = function stringify(
object,
prefix,
generateArrayPrefix,
Expand All @@ -251,7 +256,9 @@ var stringify = function stringify( // eslint-disable-line func-name-matching
obj = filter(prefix, obj);
} else if (obj instanceof Date) {
obj = serializeDate(obj);
} else if (obj === null) {
}

if (obj === null) {
if (strictNullHandling) {
return encoder ? encoder(prefix) : prefix;
}
Expand All @@ -273,7 +280,7 @@ var stringify = function stringify( // eslint-disable-line func-name-matching
}

var objKeys;
if (Array.isArray(filter)) {
if (isArray(filter)) {
objKeys = filter;
} else {
var keys = Object.keys(obj);
Expand All @@ -287,8 +294,8 @@ var stringify = function stringify( // eslint-disable-line func-name-matching
continue;
}

if (Array.isArray(obj)) {
values = values.concat(stringify(
if (isArray(obj)) {
pushToArray(values, stringify(
obj[key],
generateArrayPrefix(prefix, key),
generateArrayPrefix,
Expand All @@ -302,7 +309,7 @@ var stringify = function stringify( // eslint-disable-line func-name-matching
formatter
));
} else {
values = values.concat(stringify(
pushToArray(values, stringify(
obj[key],
prefix + (allowDots ? '.' + key : '[' + key + ']'),
generateArrayPrefix,
Expand All @@ -325,20 +332,20 @@ module.exports = function (object, opts) {
var obj = object;
var options = opts || {};

if (options.encoder !== null && options.encoder !== undefined && typeof options.encoder !== 'function') {
if (options.encoder !== null && typeof options.encoder !== 'undefined' && typeof options.encoder !== 'function') {
throw new TypeError('Encoder has to be a function.');
}

var delimiter = typeof options.delimiter === 'undefined' ? defaults.delimiter : options.delimiter;
var strictNullHandling = typeof options.strictNullHandling === 'boolean' ? options.strictNullHandling : defaults.strictNullHandling;
var skipNulls = typeof options.skipNulls === 'boolean' ? options.skipNulls : defaults.skipNulls;
var encode = typeof options.encode === 'boolean' ? options.encode : defaults.encode;
var encoder = encode ? (typeof options.encoder === 'function' ? options.encoder : defaults.encoder) : null;
var encoder = encode ? typeof options.encoder === 'function' ? options.encoder : defaults.encoder : null;
var sort = typeof options.sort === 'function' ? options.sort : null;
var allowDots = typeof options.allowDots === 'undefined' ? false : options.allowDots;
var serializeDate = typeof options.serializeDate === 'function' ? options.serializeDate : defaults.serializeDate;
if (typeof options.format === 'undefined') {
options.format = formats.default;
options.format = formats['default'];
} else if (!Object.prototype.hasOwnProperty.call(formats.formatters, options.format)) {
throw new TypeError('Unknown format option provided.');
}
Expand All @@ -349,7 +356,7 @@ module.exports = function (object, opts) {
if (typeof options.filter === 'function') {
filter = options.filter;
obj = filter('', obj);
} else if (Array.isArray(options.filter)) {
} else if (isArray(options.filter)) {
filter = options.filter;
objKeys = filter;
}
Expand Down Expand Up @@ -385,8 +392,7 @@ module.exports = function (object, opts) {
if (skipNulls && obj[key] === null) {
continue;
}

keys = keys.concat(stringify(
pushToArray(keys, stringify(
obj[key],
key,
generateArrayPrefix,
Expand Down Expand Up @@ -437,8 +443,8 @@ exports.merge = function (target, source, options) {
if (typeof source !== 'object') {
if (Array.isArray(target)) {
target.push(source);
} else if (typeof target === 'object') {
if (options.plainObjects || options.allowPrototypes || !has.call(Object.prototype, source)) {
} else if (target && typeof target === 'object') {
if ((options && (options.plainObjects || options.allowPrototypes)) || !has.call(Object.prototype, source)) {
target[source] = true;
}
} else {
Expand All @@ -448,7 +454,7 @@ exports.merge = function (target, source, options) {
return target;
}

if (typeof target !== 'object') {
if (!target || typeof target !== 'object') {
return [target].concat(source);
}

Expand Down Expand Up @@ -506,13 +512,13 @@ exports.encode = function (str) {
var c = string.charCodeAt(i);

if (
c === 0x2D || // -
c === 0x2E || // .
c === 0x5F || // _
c === 0x7E || // ~
(c >= 0x30 && c <= 0x39) || // 0-9
(c >= 0x41 && c <= 0x5A) || // a-z
(c >= 0x61 && c <= 0x7A) // A-Z
c === 0x2D // -
|| c === 0x2E // .
|| c === 0x5F // _
|| c === 0x7E // ~
|| (c >= 0x30 && c <= 0x39) // 0-9
|| (c >= 0x41 && c <= 0x5A) // a-z
|| (c >= 0x61 && c <= 0x7A) // A-Z
) {
out += string.charAt(i);
continue;
Expand All @@ -535,7 +541,11 @@ exports.encode = function (str) {

i += 1;
c = 0x10000 + (((c & 0x3FF) << 10) | (string.charCodeAt(i) & 0x3FF));
out += hexTable[0xF0 | (c >> 18)] + hexTable[0x80 | ((c >> 12) & 0x3F)] + hexTable[0x80 | ((c >> 6) & 0x3F)] + hexTable[0x80 | (c & 0x3F)]; // eslint-disable-line max-len
/* eslint operator-linebreak: [2, "before"] */
out += hexTable[0xF0 | (c >> 18)]
+ hexTable[0x80 | ((c >> 12) & 0x3F)]
+ hexTable[0x80 | ((c >> 6) & 0x3F)]
+ hexTable[0x80 | (c & 0x3F)];
}

return out;
Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"name": "qs",
"description": "A querystring parser that supports nesting and arrays, with a depth limit",
"homepage": "https://github.com/ljharb/qs",
"version": "6.3.2",
"version": "6.3.3",
"repository": {
"type": "git",
"url": "https://github.com/ljharb/qs.git"
Expand Down

0 comments on commit ff235b4

Please sign in to comment.