From f681fa65740d8f7f7fcd32576059fc155f11bc51 Mon Sep 17 00:00:00 2001
From: Christian Kvalheim <christkv@gmail.com>
Date: Fri, 14 Nov 2014 15:20:54 +0100
Subject: [PATCH] Fix LearnBoost/mongoose#2313: don't let user accidentally
 clobber geoNear params

---
 HISTORY.md                              |  2 ++
 lib/collection.js                       | 12 +++++--
 test/functional/readpreference_tests.js | 42 +++++++++++++++++++++++++
 3 files changed, 54 insertions(+), 2 deletions(-)

diff --git a/HISTORY.md b/HISTORY.md
index 42154536ac..9d4cfd95db 100644
--- a/HISTORY.md
+++ b/HISTORY.md
@@ -4,6 +4,8 @@
 - Bumped mongodb-core to 1.1.1 to take advantage of the prototype based refactorings.
 - Implemented missing aspects of the CRUD specification.
 - Fixed documentation issues.
+- Fixed global leak REFERENCE_BY_ID in gridfs grid_store (Issue #1225, https://github.com/j)
+- Fix LearnBoost/mongoose#2313: don't let user accidentally clobber geoNear params (Issue #1223, https://github.com/vkarpov15)
 
 2.0.5 2014-10-29
 ----------------
diff --git a/lib/collection.js b/lib/collection.js
index f1cec4aec3..055dc621fa 100644
--- a/lib/collection.js
+++ b/lib/collection.js
@@ -1559,8 +1559,16 @@ Collection.prototype.geoNear = function(x, y, options, callback) {
   // Ensure we have the right read preference inheritance
   options = getReadPreference(this, options, this.s.db, this);
 
-  // Remove read preference from hash if it exists
-  commandObject = decorateCommand(commandObject, options, {readPreference: true});
+  // Exclude readPreference and existing options to prevent user from
+  // shooting themselves in the foot
+  var exclude = {
+    readPreference: true, 
+    geoNear: true,
+    near: true  
+  };
+
+  // Filter out any excluded objects
+  commandObject = decorateCommand(commandObject, options, exclude);
 
   // Execute the command
   this.s.db.command(commandObject, options, function (err, res) {
diff --git a/test/functional/readpreference_tests.js b/test/functional/readpreference_tests.js
index 6a7c80469f..27f61a7422 100644
--- a/test/functional/readpreference_tests.js
+++ b/test/functional/readpreference_tests.js
@@ -69,6 +69,48 @@ exports['Should correctly apply collection level read Preference to group'] = {
   }
 }
 
+
+/**
+ * Make sure user can't clobber geoNear options
+ *
+ * @_class collection
+ * @_function geoNear
+ * @ignore
+ */
+exports['shouldNotAllowUserToClobberGeoNearWithOptions'] = {
+  metadata: { requires: { topology: ['single', 'ssl'] } },  
+  
+  // The actual test we wish to run
+  test: function(configuration, test) {
+    var db = configuration.newDbInstance({w:1}, {poolSize:1});
+
+    // Establish connection to db
+    db.open(function(err, db) {
+     
+      // Fetch the collection
+      var collection = db.collection("simple_geo_near_command");
+
+      // Add a location based index
+      collection.ensureIndex({loc:"2d"}, function(err, result) {
+
+        // Save a new location tagged document
+        collection.insert([{a:1, loc:[50, 30]}, {a:1, loc:[30, 50]}], {w:1}, function(err, result) {
+          // Try to intentionally clobber the underlying geoNear option
+          var options = {query:{a:1}, num:1, geoNear: 'bacon', near: 'butter' };
+
+          // Use geoNear command to find document
+          collection.geoNear(50, 50, options, function(err, docs) {
+            test.equal(1, docs.results.length);
+
+            db.close();
+            test.done();
+          });
+        });
+      });
+    });
+  }
+};
+
 /**
  * @ignore
  */