[SOLVED] CollectionFS security issues?


#1

Hi,

I tried the following code

Images = new FS.Collection("images", {
    stores: [
        new FS.Store.FileSystem("original"),
    ],
    filter: filter
});

Images.allow({
    insert:function(userId,project){
        return false;
    },
    update:function(userId,project,fields,modifier){
        return false;
    },
    remove:function(userId,project){
        return false;
    },
    download:function(){
        return false;
    }
});

and did an insert on client side:

Images.insert(event.target.files[0], function (err, fileObj) {
});

The image is saved on the server and displayed correctly. Shouldn’t the image be rejected because of the insert rule?


#2

Did you remove the insecure package?


#3

Of course not. Sorry, I don’t know how I could forget this. Maybe because I haven’t started a new project for a long time.
Thank you!