[ https://issues.apache.org/jira/browse/SOLR-8873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15225178#comment-15225178 ]
Jan Høydahl commented on SOLR-8873: ----------------------------------- If there is no examples of how an arbitrary, legal, file path can harm Solr, I see no reason to restrict our users. The uploaded patch checks for validity *after* {{.toAbsolutePath().toString()}}, meaning it demands that the *full absolute* path conforms. What if someone have installed Solr in {{C:\Program Files (x86)\solr}}, then after an upgrade Solr won't start? Let us not enforce restrictions until we see evidence of actual issues, with SOLR-8725 fresh in mind.. > Enforce dataDir/instanceDir/ulogDir to be paths that contain only a > controlled subset of characters > --------------------------------------------------------------------------------------------------- > > Key: SOLR-8873 > URL: https://issues.apache.org/jira/browse/SOLR-8873 > Project: Solr > Issue Type: Improvement > Reporter: Tomás Fernández Löbbe > Attachments: SOLR-8873.patch > > > We currently support any valid path for dataDir/instanceDir/ulogDir. I think > we should prevent special characters and restrict to a subset that is > commonly used and tested. > My initial proposals it to allow the Java pattern: > {code:java}"^[a-zA-Z0-9\\.\\ \\\\\\-_/\"':]+$"{code} but I'm open to > suggestions. I'm not sure if there can be issues with HDFS paths (this > pattern does pass the tests we currently have), or some other use case I'm > not considering. > I also think our tests should use all those characters randomly. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org