In fact I am sending nothing, no sort order. The URl only contains a parameter q with the searchterm. Sortorder is only configured in solconfig.
I agree with Walter, it is not safe that a bot can send values directly to Solr. But how can it be protected. What can I do? What is to configure? Can you help me with an example. Should safety not be business of solr rather than everyone configuring himself? Thanks for all help. Greets Desiree -----Ursprüngliche Nachricht----- Von: Walter Underwood <wun...@wunderwood.org> Gesendet: Dienstag, 28. Mai 2019 17:25 An: solr-user@lucene.apache.org Betreff: Re: SolrException: Can't determine a Sort Order with Solr 6.6 The bigger problem is that a bot can send values directly to Solr. That is not safe. Everything sent to the front end or an API needs to be parsed, checked, then recreated to send to Solr. A bot should never be getting a sort parameter through to Solr. wunder Walter Underwood wun...@wunderwood.org http://observer.wunderwood.org/ (my blog) > On May 28, 2019, at 8:02 AM, Shawn Heisey <apa...@elyograg.org> wrote: > > On 5/28/2019 7:48 AM, Schwank, Désirée wrote: >> At the end of April we realized lots of errors, "SolrException: Can't >> determine a Sort Order (asc or desc) in sort spec 'score+desc,id+asc'" >> first appearance in logs about 2019-04-29, without apparent reason. > > The problem here is that you are sending your "sort" parameter with plus > signs instead of spaces. > > The plus sign is URL encoding for a space, but in this case, you are actually > sending plus signs, which means that what's actually on the URL is probably > "score%2Bdesc,id%2Basc" ... not "score+desc,id+asc". > > I know this is the case because I tried the following URL: > > http://localhost:8983/solr/foo/select?q=*:*&sort=drip+err > > And this is the message I got back: > > Can't determine a Sort Order (asc or desc) in sort spec 'drip err' > > As you can see, the + has been converted to a space. > > You will need to ensure that what your URL encoder is being fed has spaces, > not plus signs. > > Thanks, > Shawn
