[
https://issues.apache.org/jira/browse/SOLR-14561?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17283071#comment-17283071
]
Jan Høydahl commented on SOLR-14561:
------------------------------------
Ah, I see - you'd like to allow path traversal explicitly. Please file a new
Jira suggesting that, and include a PR if you can. I suppose we could make it
so that {{allowPaths=*}} is checked early and means allow anything, like
before? We could also add a few explicit keywords such as {{allowPaths=..}} and
{{allowPaths=_UNC_}} which would allow parent traversal and UNC paths
respectively?
> Validate parameters to CoreAdminAPI
> -----------------------------------
>
> Key: SOLR-14561
> URL: https://issues.apache.org/jira/browse/SOLR-14561
> Project: Solr
> Issue Type: Improvement
> Reporter: Jan Høydahl
> Assignee: Jan Høydahl
> Priority: Major
> Fix For: 8.6
>
> Time Spent: 4h 40m
> Remaining Estimate: 0h
>
> CoreAdminAPI does not validate parameter input. We should limit what users
> can specify for at least {{instanceDir and dataDir}} params, perhaps restrict
> them to be relative to SOLR_HOME or SOLR_DATA_HOME.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
