[
https://issues.apache.org/jira/browse/SOLR-8873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15225178#comment-15225178
]
Jan Høydahl commented on SOLR-8873:
-----------------------------------
If there is no examples of how an arbitrary, legal, file path can harm Solr, I
see no reason to restrict our users.
The uploaded patch checks for validity *after*
{{.toAbsolutePath().toString()}}, meaning it demands that the *full absolute*
path conforms. What if someone have installed Solr in {{C:\Program Files
(x86)\solr}}, then after an upgrade Solr won't start?
Let us not enforce restrictions until we see evidence of actual issues, with
SOLR-8725 fresh in mind..
> Enforce dataDir/instanceDir/ulogDir to be paths that contain only a
> controlled subset of characters
> ---------------------------------------------------------------------------------------------------
>
> Key: SOLR-8873
> URL: https://issues.apache.org/jira/browse/SOLR-8873
> Project: Solr
> Issue Type: Improvement
> Reporter: Tomás Fernández Löbbe
> Attachments: SOLR-8873.patch
>
>
> We currently support any valid path for dataDir/instanceDir/ulogDir. I think
> we should prevent special characters and restrict to a subset that is
> commonly used and tested.
> My initial proposals it to allow the Java pattern:
> {code:java}"^[a-zA-Z0-9\\.\\ \\\\\\-_/\"':]+$"{code} but I'm open to
> suggestions. I'm not sure if there can be issues with HDFS paths (this
> pattern does pass the tests we currently have), or some other use case I'm
> not considering.
> I also think our tests should use all those characters randomly.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
