[jira] [Commented] (SOLR-11501) Depending on the parser, QParser should not parse local-params

Fri, 27 Oct 2017 06:53:44 -0700 

    [ 
https://issues.apache.org/jira/browse/SOLR-11501?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16222400#comment-16222400
 ] 

David Smiley commented on SOLR-11501:
-------------------------------------



bq. So this issue is more about making certain defTypes non-switchable ...

That characterization suggests I've done a blacklist when it's the reverse 
(whitelist is safer). Kinda nit-picky I know but just want to be clear to 
everyone.  Or maybe you mean you think this issue should flip to a blacklist?  
A blacklist wouldn't help users who have set defType=myCompanyQueryParser that 
we don't know about.

bq. This would break that behavior. The question is... how many people do this 
(or interface with systems that do this)?

I'm guessing few users (but likely _some_ users).  Why set defType to something 
only to change it?  It's depressing that Solr's excessive (in my view) take on 
backwards compatibility leads to slow progress; in this case a back-door that 
we never get around to closing.

> Depending on the parser, QParser should not parse local-params
> --------------------------------------------------------------
>
>                 Key: SOLR-11501
>                 URL: https://issues.apache.org/jira/browse/SOLR-11501
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: query parsers
>            Reporter: David Smiley
>            Assignee: David Smiley
>         Attachments: SOLR_11501_limit_local_params_parsing.patch
>
>
> Solr should not parse local-params (and thus be able to switch the query 
> parser) in certain circumstances.  _Perhaps_ it is when the QParser.getParser 
> is passed "lucene" for the {{defaultParser}}?  This particular approach is 
> just a straw-man; I suspect certain valid embedded queries could no longer 
> work if this is done incorrectly.  Whatever the solution, I don't think we 
> should assume 'q' is special, as it's valid and useful to build up queries 
> containing user input in other ways, e.g. {{q= +field:value +\{!dismax 
> v=$qq\}&qq=user input}}      and we want to protect the user input there 
> similarly from unwelcome query parsing switching.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to