meteor

mirror of https://github.com/meteor/meteor.git synced 2026-05-02 03:01:46 -04:00

Files

David Glasser 4777e64336 Don't pass server-generated _id to allow/deny

This lets you still use C.insert from the client but reject arbitrary
client-set _id's (as opposed to _id's generated using the Random.id()
algorithm with a client-determined _id).

If you don't want clients to be able to have any control over the _id at
all for inserts, then you'll have to forbid all direct inserts and use
your own methods which explicitly do `C.insert({_id: Random.id(), ...})`

Note that allow/deny rules with transforms still see an _id, because
transforms need to have (and preserve) _id.  This means that if you
really want to see the server-generated _id, you can just specify an
identity transform for your allow/deny rule.

2014-04-24 14:01:39 -07:00

accounts-base

one more comment.

2014-04-23 19:37:03 -07:00

accounts-facebook

Make autopublish into an empty package, detected via weak deps.

2013-07-25 18:54:42 -07:00

accounts-github

Make autopublish into an empty package, detected via weak deps.

2013-07-25 18:54:42 -07:00

accounts-google

Make autopublish into an empty package, detected via weak deps.

2013-07-25 18:54:42 -07:00

accounts-meetup

Make autopublish into an empty package, detected via weak deps.

2013-07-25 18:54:42 -07:00

accounts-meteor-developer

Make accounts-meteor-developer documented, not meteor-developer

2014-02-21 11:39:37 -08:00

accounts-oauth

Encrypt account service configuration and OAuth secrets stored in the

2014-04-08 18:57:58 -04:00

accounts-oauth1-helper

Refactor Oauth packages and extract twitter package from accounts-twitter

2013-05-17 18:00:35 -07:00

accounts-oauth2-helper

Refactor Oauth packages and extract twitter package from accounts-twitter

2013-05-17 18:00:35 -07:00

accounts-oauth-helper

Fixing various bugs that keep seismograph from running tests. Mostly package.js stuff

2013-05-21 15:19:01 -07:00

accounts-password

Allow validate login hook to override error from beginPasswordExchange

2014-04-23 19:37:03 -07:00

accounts-twitter

accounts-twitter doesn't have an HTML file any more

2013-07-30 15:37:06 -07:00

accounts-ui

Fix CSS error in Firefox. default is not a good thing to put here. sans-serif makes it look better.

2014-03-16 22:46:02 -07:00

accounts-ui-unstyled

Handlebars.registerHelper -> UI.registerHelper

2014-03-22 00:47:02 -07:00

accounts-weibo

Make autopublish into an empty package, detected via weak deps.

2013-07-25 18:54:42 -07:00

amplify

Update AmplifyJS from 1.1.0 to 1.1.2

2014-03-03 21:21:39 -08:00

appcache

Move boilerplate HTML from tools to webapp

2014-03-24 20:10:39 -07:00

application-configuration

Update configureService and call sites to new service format.

2013-12-23 17:18:47 -08:00

audit-argument-checks

Make audit-argument-checks into an empty package, detected via weak deps.

2013-07-25 18:54:41 -07:00

autopublish

Shorten some package descriptions

2014-02-21 11:49:36 -08:00

autoupdate

Extract retry package from livedata

2013-12-23 12:53:58 -08:00

backbone

Make backbone use the _ in its scope.

2013-07-25 18:54:43 -07:00

binary-heap

Replace ad-hoc inheritance with Meteor._inherit calls

2014-02-24 23:58:31 -08:00

bootstrap

Add .gitignore to package directories to match linker branch.

2013-05-13 10:57:37 -07:00

browser-policy

Add frame-src to browser-policy-content.

2014-01-11 20:43:36 -08:00

browser-policy-common

Separate browser policy functions into two packages.

2013-10-03 13:56:03 -07:00

browser-policy-content

Use regex to replace trailing slashes from browser-policy URLs.

2014-01-13 18:27:58 -08:00

browser-policy-framing

Separate browser policy functions into two packages.

2013-10-03 13:56:03 -07:00

callback-hook

Ensure that hook.each is called from a Fiber

2014-03-17 15:49:27 -07:00

check

Fix check test failure for FF 3.6

2013-08-12 23:31:26 -07:00

code-prettify

Add .gitignore to package directories to match linker branch.

2013-05-13 10:57:37 -07:00

coffeescript

Merge remote-tracking branch 'origin/devel' into sso

2014-02-12 17:58:56 -08:00

coffeescript-test-helper

Rename api.exportSymbol -> api.export.

2013-07-25 18:54:43 -07:00

ctl

Remove dead code from ctl

2014-02-03 10:36:33 -08:00

ctl-helper

Remove unecessary match failed backcompat error

2014-01-29 13:29:44 -08:00

OCD

2013-10-08 20:03:02 -07:00

deps

Fix Deps's broken _assign (harmless)

2014-04-16 08:01:25 -07:00

dev-bundle-fetcher

Rename api.exportSymbol -> api.export.

2013-07-25 18:54:43 -07:00

disable-oplog

New disable-oplog package

2013-12-04 12:46:47 -08:00

ejson

better error for unknown custom EJSON types

2014-04-17 16:44:42 -07:00

In "dev mode" email, be more explicit.

2013-12-19 15:07:39 -08:00

facebook

Merge remote-tracking branch 'origin/devel' into awwx-oauth-encryption

2014-04-22 11:31:31 -07:00

facts

Make factsByPackage data available to the server environment

2014-03-03 21:11:57 -08:00

follower-livedata

Pass through Follower.connect options to DDP.connect.

2013-12-28 11:39:40 -06:00

force-ssl

Shorten some package descriptions

2014-02-21 11:49:36 -08:00

geojson-utils

Relax tests and remove a dead piece of code

2014-02-25 00:28:23 -08:00

github

Merge remote-tracking branch 'origin/devel' into awwx-oauth-encryption

2014-04-22 11:31:31 -07:00

google

Merge remote-tracking branch 'origin/devel' into awwx-oauth-encryption

2014-04-22 11:31:31 -07:00

handlebars

Handlebars.registerHelper -> UI.registerHelper

2014-03-22 00:47:02 -07:00

html-tools

Make Blaze packages internal

2014-04-02 09:56:33 -07:00

htmljs

Properly clean up autoruns on UI.toHTML.

2014-04-17 03:00:05 -07:00

http

Oops. The test shouldn't throw errors on the server.

2014-04-22 21:39:46 -07:00

id-map

Tweak the description of id-map

2014-02-25 00:45:22 -08:00

insecure

Make insecure into an empty package, detected via weak deps.

2013-07-25 18:54:42 -07:00

jquery

Upgrade jQuery to 0.11.0

2014-02-18 15:47:42 -08:00

jquery-history

Add .gitignore to package directories to match linker branch.

2013-05-13 10:57:37 -07:00

jquery-layout

Add .gitignore to package directories to match linker branch.

2013-05-13 10:57:37 -07:00

jquery-waypoints

Shorten some package descriptions

2014-02-21 11:49:36 -08:00

js-analyze

New NPM keeps shrinkwrap files in alphabetical order.

2014-04-08 01:02:46 -07:00

js-analyze-tests

make a bunch of packages internal.

2013-10-08 19:58:48 -07:00

json

Export JSON from json package.

2013-08-02 11:19:08 -07:00

jsparse

Rename api.exportSymbol -> api.export.

2013-07-25 18:54:43 -07:00

less

Pass the filepath to less parser

2014-04-06 15:36:05 -07:00

livedata

Generalize reproducible inserted ID generation

2014-04-23 16:05:32 -07:00

localstorage

Remove localstorage -> jquery dependency

2014-02-14 17:14:11 -08:00

logging

Do not spend the effort on a stack trace if omitCallerDetails is set

2014-01-16 16:09:58 -08:00

meetup

Merge remote-tracking branch 'origin/devel' into awwx-oauth-encryption

2014-04-22 11:31:31 -07:00

meteor

Provide a better error if ROOT_URL is not an URL

2014-04-22 15:52:52 -07:00

meteor-developer

Merge remote-tracking branch 'origin/devel' into awwx-oauth-encryption

2014-04-22 11:31:31 -07:00

meyerweb-reset

Add .gitignore to package directories to match linker branch.

2013-05-13 10:57:37 -07:00

minifiers

Use unreleased version of css-stringify that fixes #2028

2014-04-15 23:36:01 -07:00

minimongo

make LocalCollection.Cursor easier to read

2014-03-17 02:17:06 -07:00

mongo-livedata

Don't pass server-generated _id to allow/deny

2014-04-24 14:01:39 -07:00

oauth

Handle unexpected keys for pending OAuth credentials.

2014-04-24 10:06:39 -07:00

oauth1

Handle unexpected keys for pending OAuth credentials.

2014-04-24 10:06:39 -07:00

oauth2

oauth-encryption code review items

2014-04-10 14:26:44 -04:00

oauth-encryption

Add a couple more oauth encryption tests

2014-04-22 11:24:06 -07:00

observe-sequence

Don't use _.pick in observe-sequence

2014-04-16 08:01:25 -07:00

ordered-dict

Rename api.exportSymbol -> api.export.

2013-07-25 18:54:43 -07:00

preserve-inputs

Revert "Remove preserve-inputs package -- an upgrader removes it from apps"

2014-03-26 20:57:58 -07:00

random

code review comments from glasser, nim

2014-04-17 16:12:24 -07:00

reactive-dict

Rename api.exportSymbol -> api.export.

2013-07-25 18:54:43 -07:00

reload

Fix hot code reload in Private Browsing mode in Safari. Doesn't actually save the migration data, just log an exception. But better than never reloading.

2014-03-16 21:18:29 -07:00

retry

Use faye-websocket for server-to-server DDP

2014-02-27 15:20:43 -08:00

routepolicy

Rename api.exportSymbol -> api.export.

2013-07-25 18:54:43 -07:00

service-configuration

Improve error message for pre-config login

2014-04-21 13:39:36 -07:00

session

Rename api.exportSymbol -> api.export.

2013-07-25 18:54:43 -07:00

showdown

Upgrade showdown

2014-03-26 23:29:03 -07:00

spacebars

Fix {{#with}} over a data context that is mutated

2014-04-19 00:29:34 -07:00

spacebars-compiler

Add support for block comments in Spacebars

2014-04-15 19:58:10 -04:00

spacebars-tests

Remove unnecessary DOM update in test.

2014-04-21 21:55:59 -07:00

spiderable

Comment: we only partially do AJAX crawling spec

2014-03-03 20:55:37 -08:00

srp

Increase length of security-critical random tokens. Add Random.secret.

2014-04-17 16:12:16 -07:00

standard-app-packages

Merge branch 'devel' into shark

2013-12-02 17:29:35 -08:00

star-translate

Move boilerplate HTML from tools to webapp

2014-03-24 20:10:39 -07:00

startup

Comprehensive namespace cleanup.

2013-07-25 18:54:40 -07:00

stylus

New NPM keeps shrinkwrap files in alphabetical order.

2014-04-08 01:02:46 -07:00

templating

Generalize "load *.html files first" hack

2014-04-01 17:21:24 -07:00

test-helpers

testAsyncMulti: Include block index in failures

2014-04-24 14:01:34 -07:00

test-in-browser

Only look for helpers in the current template

2014-03-24 17:45:05 -07:00

test-in-console

Print when we're listening, for use in automated tests. Fixes #1884 .

2014-03-03 22:17:40 -08:00

tinytest

testAsyncMulti: Include block index in failures

2014-04-24 14:01:34 -07:00

twitter

Merge remote-tracking branch 'origin/devel' into awwx-oauth-encryption

2014-04-22 11:31:31 -07:00

Avoid relying on HTMLAnchorElement.protocol; browser support not clear.

2014-04-21 22:11:02 -07:00

underscore

Shorten some package descriptions

2014-02-21 11:49:36 -08:00

underscore-tests

Make test-only package internal.

2014-03-17 00:05:26 -07:00

webapp

Fixes to app.html-in-webapp

2014-03-27 17:22:18 -07:00

weibo

Merge remote-tracking branch 'origin/devel' into awwx-oauth-encryption

2014-04-22 11:31:31 -07:00

.gitignore

gitignore .meteor directories in packages

2012-04-17 20:02:00 -07:00