Fix Automattic/mongoose#2313: don't let user accidentally clobber geo…

…Near params (Issue #1223, https://github.com/vkarpov15)
mongodb · Nov 14, 2014 · 55aa40e · 55aa40e
1 parent 8e0304e
commit 55aa40e
Show file tree

Hide file tree

Showing 5 changed files with 53 additions and 5 deletions.
diff --git a/HISTORY b/HISTORY
@@ -1,3 +1,8 @@
+1.4.20 2014-11-14
+-----------------
+- Removed collectionsInfo method as it's incompatible with 2.8 or higher storage engines due to using namespace collections and a cursor.
+- Fix LearnBoost/mongoose#2313: don't let user accidentally clobber geoNear params (Issue #1223, https://github.com/vkarpov15)
+
 1.4.19 2014-10-09
 -----------------
 - Use findOne instead of find followed by nextObject (Issue #1216, https://github.com/sergeyksv).

diff --git a/docs/sphinx-docs/conf.py b/docs/sphinx-docs/conf.py
@@ -50,7 +50,7 @@
 # The short X.Y version.
 version = '1.4'
 # The full version, including alpha/beta/rc tags.
-release = '1.4.19'
+release = '1.4.20'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.

diff --git a/lib/mongodb/collection/geo.js b/lib/mongodb/collection/geo.js
@@ -18,8 +18,15 @@ var geoNear = function geoNear(x, y, options, callback) {
   // Ensure we have the right read preference inheritance
   options.readPreference = shared._getReadConcern(this, options);
 
-  // Remove read preference from hash if it exists
-  commandObject = utils.decorateCommand(commandObject, options, {readPreference: true});
+  // Exclude readPreference and existing options to prevent user from
+  // shooting themselves in the foot
+  var exclude = {
+    readPreference: true,
+    geoNear: true,
+    near: true
+  };
+
+  commandObject = utils.decorateCommand(commandObject, options, exclude);
 
   // Execute the command
   this.db.command(commandObject, options, function (err, res) {

diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 { "name" :            "mongodb"
 , "description" :     "A node.js driver for MongoDB"
 , "keywords" :        ["mongodb", "mongo", "driver", "db"]
-, "version" :         "1.4.19"
+, "version" :         "1.4.20"
 , "author" :          "Christian Amor Kvalheim <[email protected]>"
 , "contributors" :  [ "Aaron Heckmann",
                       "Christoph Pojer",

diff --git a/test/tests/functional/geo_tests.js b/test/tests/functional/geo_tests.js
@@ -66,4 +66,40 @@ exports.shouldCorrectlyPerformSimpleGeoHaystackSearchCommand = function(configur
     });      
   });
   // DOC_END
-}
+}
+
+/**
+ * Make sure user can't clobber geoNear options
+ *
+ * @_class collection
+ * @_function geoNear
+ * @ignore
+ */
+exports.shouldNotAllowUserToClobberGeoNearWithOptions = function(configuration, test) {
+  var db = configuration.newDbInstance({w:0}, {poolSize:1});
+
+  // Establish connection to db
+  db.open(function(err, db) {
+
+    // Fetch the collection
+    var collection = db.collection("simple_geo_near_command");
+
+    // Add a location based index
+    collection.ensureIndex({loc:"2d"}, function(err, result) {
+
+      // Save a new location tagged document
+      collection.insert([{a:1, loc:[50, 30]}, {a:1, loc:[30, 50]}], {w:1}, function(err, result) {
+        // Try to intentionally clobber the underlying geoNear option
+        var options = {query:{a:1}, num:1, geoNear: 'bacon', near: 'butter' };
+
+        // Use geoNear command to find document
+        collection.geoNear(50, 50, options, function(err, docs) {
+          test.equal(1, docs.results.length);
+
+          db.close();
+          test.done();
+        });
+      });
+    });
+  });
+};