jshimko
commented
9 years ago Well first thing, allowing users to set their own role with a query string from the client side is a fairly big security issue. What would stop any user from setting their role to something you don't want? (like perhaps /sign-up?role=admin).
Aside from that, it looks like the issue with filling form fields via query strings is because the useraccounts templates package you are using is calling the rendered callback for the input field, but that callback is defined in the routing package (which appears to not be available to it yet). That said, moving the Template.atInput.onRendered to the individual routing packages solves this issue.
I'll work on fixing this. Thank you for reporting the issue. Now go fix that security hole! ;)
On a side note, you should try to format your sample code blocks and surround them with triple backticks (```) when filing a Github issue. It's much easier for everyone to read formatted code with proper syntax highlighting. For example, your sample above ideally should look like this:
AccountsTemplates.addFields[{
_id: "username"
type: "text"
displayName: "Username"
required: true
minLength: 5
},
{
_id: "role"
type: "hidden"
}
]See https://help.github.com/articles/markdown-basics/#code-formatting
ndarilek
When I access a URL of the form http://localhost:3000/sign-up?role=client with the following:
AccountsTemplates.addFields [ { _id: "username" type: "text" displayName: "Username" required: true minLength: 5 } email password { _id: "role" type: "hidden" } ]
When I view the form's source, I see my role field but no value, despite passing one in the query. Further, no value is populated in the profile field. When I add console.log statements in the call to atInputRendered, e.g.:
var queryKey = this.data.options && this.data.options.queryKey || fieldId; console.log("queryKey", queryKey);
I don't see anything printed.
Thanks.