From bb997a78cc87fc15548842251b68c9d30cacecb0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <barisusakli@gmail.com>
Date: Wed, 19 Jul 2023 17:52:42 -0400
Subject: [PATCH] fix: backport prototype vuln. fixes

---
 src/socket.io/index.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/socket.io/index.js b/src/socket.io/index.js
index 58134ae2e2..60c7a8cd27 100644
--- a/src/socket.io/index.js
+++ b/src/socket.io/index.js
@@ -13,7 +13,7 @@ const logger = require('../logger');
 const plugins = require('../plugins');
 const ratelimit = require('../middleware/ratelimit');
 
-const Namespaces = {};
+const Namespaces = Object.create(null);
 
 const Sockets = module.exports;
 
@@ -123,7 +123,7 @@ async function onMessage(socket, payload) {
 	const parts = eventName.toString().split('.');
 	const namespace = parts[0];
 	const methodToCall = parts.reduce((prev, cur) => {
-		if (prev !== null && prev[cur]) {
+		if (prev !== null && prev[cur] && (!prev.hasOwnProperty || prev.hasOwnProperty(cur))) {
 			return prev[cur];
 		}
 		return null;