From 5e754e93a9f46cee3b203ef99302d4e77d12a605 Mon Sep 17 00:00:00 2001
From: David Glasser <glasser@meteor.com>
Date: Thu, 4 Oct 2012 14:36:30 -0700
Subject: [PATCH] In _validatedUpdate, make sure that the docs we're updating
 *still* match the original selector.

---
 packages/mongo-livedata/collection.js | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/packages/mongo-livedata/collection.js b/packages/mongo-livedata/collection.js
index 78fde407a4..cb7226d286 100644
--- a/packages/mongo-livedata/collection.js
+++ b/packages/mongo-livedata/collection.js
@@ -449,7 +449,10 @@ Meteor.Collection.prototype._validatedUpdate = function(
     throw new Meteor.Error(403, "Access denied");
   }
 
-  // construct new $in selector to replace the original one
+  // Construct new $in selector to augment the original one. This means we'll
+  // never update any doc we didn't validate. We keep around the original
+  // selector so that we don't mutate any docs that have been updated to no
+  // longer match the original selector.
   var idInClause = {};
   idInClause.$in = _.map(docs, function(doc) {
     return doc._id;
@@ -458,7 +461,7 @@ Meteor.Collection.prototype._validatedUpdate = function(
 
   self._collection.update.call(
     self._collection,
-    idSelector,
+    {$and: [selector, idSelector]},
     mutator,
     options);
 };