[jira] [Commented] (SOLR-4197) EDismax allows end users to use local params in q= to override global params

Mon, 17 Dec 2012 14:04:15 -0800 

    [ 
https://issues.apache.org/jira/browse/SOLR-4197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13534350#comment-13534350
 ] 

Markus Jelsma commented on SOLR-4197:
-------------------------------------

I think it's more graceful to ignore or strip local params per configuration 
instead of throwing an error, even for the user that for some crazy reason 
inputs a series of characters that is recognized as local params.

If edismax is to be advertized as be able to handle direct end-user input it 
should never throw an error, but to do so developers must either strip it from 
the input before sending it to Solr or configure Solr to ignore or strip it.

I would opt for an option to strip it completely. Right now we have to 
externally strip everything that looks like \{!.*\}
                
> EDismax allows end users to use local params in q= to override global params
> ----------------------------------------------------------------------------
>
>                 Key: SOLR-4197
>                 URL: https://issues.apache.org/jira/browse/SOLR-4197
>             Project: Solr
>          Issue Type: Bug
>    Affects Versions: 3.5, 3.6, 4.0
>            Reporter: Peter Wolanin
>
> Edismax is advertised as suitable to be used to "process advanced user input 
> directly".  Thus, it would seem reasonable to have an application directly 
> pass user input in the q= parameter to a back-end Solr server.
> However, it seems that users can enter local params at the start of q= which 
> override the global params that the application (e.g. website) may have set 
> on the query string.  Confirmed with Erik Hatcher that this is somewhat 
> unexpected behavior (though one could argue it's an expected feature of any 
> query parser)
> Proposed fix - add a parameter (e.g. that can be used as an invariant) that 
> can be passed to inhibit Solr from using local params from the q= parameter.
> This is somewhat related to SOLR-1687

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Reply via email to