[
https://issues.apache.org/jira/browse/SOLR-14561?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17282303#comment-17282303
]
Thomas Mortagne edited comment on SOLR-14561 at 2/10/21, 8:27 AM:
------------------------------------------------------------------
bq. Did you try allowPaths?
https://lucene.apache.org/solr/guide/8_6/solr-upgrade-notes.html
Yes as I said in the previous message I know about allowed paths but in
https://github.com/apache/lucene-solr/blob/releases/lucene-solr/8.8.0/solr/core/src/java/org/apache/solr/core/SolrPaths.java#L124
{{allowPaths}} is checked after "..".
was (Author: tmortagne):
bq. Did you try allowPaths?
https://lucene.apache.org/solr/guide/8_6/solr-upgrade-notes.html
Yes as I said in the previous message I know about allowed paths but in
https://github.com/apache/lucene-solr/blob/master/solr/core/src/java/org/apache/solr/core/SolrPaths.java#L60
{{allowPaths}} is checked after "..".
> Validate parameters to CoreAdminAPI
> -----------------------------------
>
> Key: SOLR-14561
> URL: https://issues.apache.org/jira/browse/SOLR-14561
> Project: Solr
> Issue Type: Improvement
> Reporter: Jan Høydahl
> Assignee: Jan Høydahl
> Priority: Major
> Fix For: 8.6
>
> Time Spent: 4h 40m
> Remaining Estimate: 0h
>
> CoreAdminAPI does not validate parameter input. We should limit what users
> can specify for at least {{instanceDir and dataDir}} params, perhaps restrict
> them to be relative to SOLR_HOME or SOLR_DATA_HOME.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
