https://issues.apache.org/jira/browse/SOLR-1594
Bill On Mon, Nov 23, 2009 at 11:45 AM, Bill Au <[email protected]> wrote: > I dug deeper and discovered that teh exception message is being added to > the HTTP response line by SolrDIspatchFilter. So there is where the fix > should be made. I will open a Jira and attach a patch. > > Bill > > > On Fri, Nov 20, 2009 at 5:34 PM, Bill Au <[email protected]> wrote: > >> I just noticed that the message of Lucene's ParseException contains the >> user's input that Lucene is failing to parse. The user input is not >> sanitize in any way. My appserver is showing the exception message in both >> the body and the HTTP status line of the response. So even if I set up >> custom error pages the user input are still being send un-sanitized in the >> response. I don't know if this is the behavior of other appserver or not. >> I don't think I can sanitize the user input before sending it to Solr/Lucene >> since the content of my index contains special characters. >> >> I am thinking that we can change the behavior of QueryComponent. Since >> Solr is a webapp, I don't think it is unreasonable to have Solr be >> responsible for sanitizing exception messages. This is the current >> QueryComponent code: >> >> } catch (ParseException e) { >> throw new SolrException(SolrException.ErrorCode.BAD_REQUEST, e); >> } >> >> Instead of wrapping the ParseException in the SolrException, we can simply >> sanitize the message of the ParseException and use that to create the >> SolrException. >> I can submit a patch for this. >> >> Any comments/suggestions? >> >> Bill >> > >
