Hi Joe, It would probably be cleaner to use a QueryFilter rather than doing the AND. Take a look at http://lucene.apache.org/java/2_0_0/api/org/apache/lucene/search/QueryFilter .html
Also I'm not sure that using the sent to field will work - people may receive email from a list, such as this, where their own email does not appear in that field. They could also have email auto forwarded from another address. Anyway hope this helps .... Damien -----Original Message----- From: Joe [mailto:[EMAIL PROTECTED] Sent: 24 May 2007 14:14 To: java-user@lucene.apache.org Subject: Re: Lucene code injection? Hi, > This sounds good. As for the code injection it is up to you to sanitize > the request before it goes to lucene, probably by filling the email > field yourself and not rely on the user input for the email address I hoped i havent to sanitize the user input cause the email address query is ANDed by the application, after the user finished his input. (user_query) AND (email_query) So is it possible to produce a user_query which will ignore the ANDed (email_query)? --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
