Fix single double quote breaking solr query #10405
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tomrod10
changed the title
|
The following tests are failing:
|
|
Probably will move my test to |
tomrod10
force-pushed
the
10390/fix/sanitize-single-double-quote-in-solr-query
branch
7 times, most recently
from
b4c2ca5 to
8ea478d
Compare
…o_solr_params [ln 484] and edit tests
tomrod10
force-pushed
the
10390/fix/sanitize-single-double-quote-in-solr-query
branch
from
da168bc to
cee2429
Compare
tomrod10
force-pushed
the
10390/fix/sanitize-single-double-quote-in-solr-query
branch
from
be4c806 to
477bae6
Compare
for more information, see https://pre-commit.ci
tomrod10
changed the title
cdrini
reviewed
Feb 21, 2025
There was a problem hiding this comment.
I spent some time researching/debugging this one, and I think I found a better solution.
Escaping the " to embed it in the larger edismax query is potentially a bit of a security risk, since if we don't escape it correctly, a user could effectively run any complicated query on our solr!
We can avoid escaping it to embed in the edismax query entirely, if we take advantage of a solr feature that lets us put edismax parameters in separate url params. E.g.
?q={!edismax v=$someParam}
&someParam=users raw "query
Testing this out on testing now...
cdrini
changed the title
cdrini
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #10390
Searching with an unmatched double quote
", causes the Solr query to be invalid/break.On line 484 in
~/openlibrary/plugins/worksearch/schemes/works.pyit looks like it escapes already escaped". Therefore turning the string:'Compilation Group for the \\"History of Modern China'into'Compilation Group for the \\\\"History of Modern China'.I edited the code on line 484 to only escape
"if\\"is not in theed_qstring. Otherwise, either all"will be escaped ifed_qis not falsy, else the kwargvwill be set to*:*.Technical
Testing
Added tests:
~/openlibrary/plugins/worksearch/schemes/tests/test_works.pyManual testing:
"Screenshot
Stakeholders
@cdrini