Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Escape lucene query string input to prevent 500 #21

Open
grmpfhmbl opened this issue Nov 18, 2016 · 1 comment
Open

Escape lucene query string input to prevent 500 #21

grmpfhmbl opened this issue Nov 18, 2016 · 1 comment
Assignees
@grmpfhmbl
Labels
code hygiene postponed
Milestone
Future

Comments

@grmpfhmbl
Copy link
Member

grmpfhmbl commented Nov 18, 2016
edited
Loading

At some point we need to escape the LuceneQuery String. Or at least check for parsing errors.

Example:
fileIdentifier:https://data.mfe.govt.nz/table/2508-water-quality-parameters-in-coastal-and-estuarine-environments-2013/
does not parse.
Correctly escaped version:
fileIdentifier:"https\://data.mfe.govt.nz/table/2508\-water\-quality\-parameters\-in\-coastal\-and\-estuarine\-environments\-2013/"

Any ideas on how we want to handle that? Do we want the user to be able to use the full lucene syntax in the web interface / the api?
@grmpfhmbl grmpfhmbl added the bug label Nov 18, 2016
@grmpfhmbl grmpfhmbl added this to the Release Candidate milestone Nov 18, 2016
@allixender allixender removed their assignment Nov 21, 2016
@allixender allixender modified the milestones: Public Release, Release Candidate 2 Feb 16, 2017
@allixender allixender modified the milestones: Version 1.1, Release Mar 9, 2017
@allixender
Copy link
Member

In double quotes most "exotic" query strings will be handled accordingly. For now a matter of users "escaping/formulting" lucene queries properly, e.g.:

fileIdentifier:"https://data.mfe.govt.nz/"

@allixender allixender modified the milestones: Future, Version 1.1 Mar 22, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@grmpfhmbl grmpfhmbl

Labels
code hygiene postponed
Projects
None yet
Milestone
Future
Development

No branches or pull requests
2 participants
@allixender @grmpfhmbl