Can easily bypass admin approval for posting new jobs

nate-strauser / wework

We Work Meteor, a job board and developer directory for Meteor specific work

https://www.weworkmeteor.com

MIT License

288 stars 145 forks source link

Can easily bypass admin approval for posting new jobs #60

Closed manusajith closed 9 years ago

manusajith commented 9 years ago

Status attribute can be set from the client side and hence can easily override the admin approval for posting new jobs

ralyodio commented 9 years ago

ruh-roh

milezzz commented 9 years ago

...brace for h4m.

jorisbontje commented 9 years ago

How to reproduce:

Jobs.insert({title: 'bypass admin approval', contact: 'me@example.com', jobtype: 'Other',
remote: true, description: 'bypass admin approval', status: 'active'});

nate-strauser commented 9 years ago

thanks for the fix @jorisbontje

manusajith commented 9 years ago

:+1: