[ https://issues.apache.org/jira/browse/SOLR-11501?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16261857#comment-16261857 ]
Yonik Seeley commented on SOLR-11501: ------------------------------------- Thanks for including the upgrade notes before committing - that made it easier to check/review the intended behavior. I like the \_query\_ toggle on "uf" as well, I had missed that on my first scan. +1 overall - it feels pretty unlikely that users will be negatively impacted by the change in behavior given that the vast majority of people will be using lucene / func for advanced stuff with embedded query types. > Depending on the parser, QParser should not parse local-params > -------------------------------------------------------------- > > Key: SOLR-11501 > URL: https://issues.apache.org/jira/browse/SOLR-11501 > Project: Solr > Issue Type: Improvement > Security Level: Public(Default Security Level. Issues are Public) > Components: query parsers > Reporter: David Smiley > Assignee: David Smiley > Attachments: SOLR_11501_limit_local_params_parsing.patch, > SOLR_11501_limit_local_params_parsing.patch > > > Solr should not parse local-params (and thus be able to switch the query > parser) in certain circumstances. _Perhaps_ it is when the QParser.getParser > is passed "lucene" for the {{defaultParser}}? This particular approach is > just a straw-man; I suspect certain valid embedded queries could no longer > work if this is done incorrectly. Whatever the solution, I don't think we > should assume 'q' is special, as it's valid and useful to build up queries > containing user input in other ways, e.g. {{q= +field:value +\{!dismax > v=$qq\}&qq=user input}} and we want to protect the user input there > similarly from unwelcome query parsing switching. -- This message was sent by Atlassian JIRA (v6.4.14#64029) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org