From 55aa40e886e0e77c6184248de56db704de69dc36 Mon Sep 17 00:00:00 2001 From: Christian Kvalheim Date: Fri, 14 Nov 2014 23:25:52 +0100 Subject: [PATCH] Fix LearnBoost/mongoose#2313: don't let user accidentally clobber geoNear params (Issue #1223, https://github.com/vkarpov15) --- HISTORY | 5 ++++ docs/sphinx-docs/conf.py | 2 +- lib/mongodb/collection/geo.js | 11 +++++++-- package.json | 2 +- test/tests/functional/geo_tests.js | 38 +++++++++++++++++++++++++++++- 5 files changed, 53 insertions(+), 5 deletions(-) diff --git a/HISTORY b/HISTORY index b3cf39cc48..c136543895 100644 --- a/HISTORY +++ b/HISTORY @@ -1,3 +1,8 @@ +1.4.20 2014-11-14 +----------------- +- Removed collectionsInfo method as it's incompatible with 2.8 or higher storage engines due to using namespace collections and a cursor. +- Fix LearnBoost/mongoose#2313: don't let user accidentally clobber geoNear params (Issue #1223, https://github.com/vkarpov15) + 1.4.19 2014-10-09 ----------------- - Use findOne instead of find followed by nextObject (Issue #1216, https://github.com/sergeyksv). diff --git a/docs/sphinx-docs/conf.py b/docs/sphinx-docs/conf.py index 865a72b1c5..30df630bb5 100644 --- a/docs/sphinx-docs/conf.py +++ b/docs/sphinx-docs/conf.py @@ -50,7 +50,7 @@ # The short X.Y version. version = '1.4' # The full version, including alpha/beta/rc tags. -release = '1.4.19' +release = '1.4.20' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. diff --git a/lib/mongodb/collection/geo.js b/lib/mongodb/collection/geo.js index e64f2f5cb5..05d0c597a1 100644 --- a/lib/mongodb/collection/geo.js +++ b/lib/mongodb/collection/geo.js @@ -18,8 +18,15 @@ var geoNear = function geoNear(x, y, options, callback) { // Ensure we have the right read preference inheritance options.readPreference = shared._getReadConcern(this, options); - // Remove read preference from hash if it exists - commandObject = utils.decorateCommand(commandObject, options, {readPreference: true}); + // Exclude readPreference and existing options to prevent user from + // shooting themselves in the foot + var exclude = { + readPreference: true, + geoNear: true, + near: true + }; + + commandObject = utils.decorateCommand(commandObject, options, exclude); // Execute the command this.db.command(commandObject, options, function (err, res) { diff --git a/package.json b/package.json index 358354e5b4..aff5d1d250 100755 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name" : "mongodb" , "description" : "A node.js driver for MongoDB" , "keywords" : ["mongodb", "mongo", "driver", "db"] -, "version" : "1.4.19" +, "version" : "1.4.20" , "author" : "Christian Amor Kvalheim " , "contributors" : [ "Aaron Heckmann", "Christoph Pojer", diff --git a/test/tests/functional/geo_tests.js b/test/tests/functional/geo_tests.js index f44aeabff0..ae276fc53c 100644 --- a/test/tests/functional/geo_tests.js +++ b/test/tests/functional/geo_tests.js @@ -66,4 +66,40 @@ exports.shouldCorrectlyPerformSimpleGeoHaystackSearchCommand = function(configur }); }); // DOC_END -} \ No newline at end of file +} + +/** + * Make sure user can't clobber geoNear options + * + * @_class collection + * @_function geoNear + * @ignore + */ +exports.shouldNotAllowUserToClobberGeoNearWithOptions = function(configuration, test) { + var db = configuration.newDbInstance({w:0}, {poolSize:1}); + + // Establish connection to db + db.open(function(err, db) { + + // Fetch the collection + var collection = db.collection("simple_geo_near_command"); + + // Add a location based index + collection.ensureIndex({loc:"2d"}, function(err, result) { + + // Save a new location tagged document + collection.insert([{a:1, loc:[50, 30]}, {a:1, loc:[30, 50]}], {w:1}, function(err, result) { + // Try to intentionally clobber the underlying geoNear option + var options = {query:{a:1}, num:1, geoNear: 'bacon', near: 'butter' }; + + // Use geoNear command to find document + collection.geoNear(50, 50, options, function(err, docs) { + test.equal(1, docs.results.length); + + db.close(); + test.done(); + }); + }); + }); + }); +}; \ No newline at end of file