On Wed, Nov 26, 2014 at 11:41 AM, Lee Carroll
wrote:
> Just out of interest, what is the use-case for a pseudo-field whose value
> is a repeat of the field name?
Not having to specify a field name for the function query:
fl=add(x,y)
somes back as (for example)
"add(x,y)" : 14.2
And constants
Ok. So for the purposes of documenting the thread the pseudo-fields stuff
is here
https://issues.apache.org/jira/browse/SOLR-2444
The solution is either allow clients to generate queries which use pseudo
field queries and ensure the client uses returned data with care (as if it
is user input)
or
On Wed, Nov 26, 2014 at 10:47 AM, Lee Carroll
wrote:
> The applications using the data may write solr data to the dom. (I doubt
> they do but they could now or in the future. They have an expectation of
> trusting the data back from solr).
>
> As a straight forward attack you are right though. But
The applications using the data may write solr data to the dom. (I doubt
they do but they could now or in the future. They have an expectation of
trusting the data back from solr).
As a straight forward attack you are right though. But it is incorrect
behavior? It should not produce bogus fields a
It would have been helpful if you would have pointed out exactly what
you think the problem is.
I still don't see an issue, since it doesn't look like any
encapsulation has been broken.
-Yonik
http://heliosearch.org - native code faceting, facet functions,
sub-facets, off-heap data
On Wed, Nov 2
I think I saw some JIRAs on various items, but not sure about this specific one.
But are you exposing Solr directly to the web? Because that's a big
no-no for multiple reasons.
Regards,
Alex.
Personal: http://www.outerthoughts.com/ and @arafalov
Solr resources and newsletter: http://www.solr-s
Hi All,
In solr 4.7 this query
/solr/coreName/select/?q=*:*&fl=%27nasty%20value%27&rows=1&wt=json
returns
{"responseHeader":{"status":0,"QTime":2},"response":{"numFound":189796,"start":0,"docs":[{"'nasty
value'":"nasty value"}]}}
This is naughty. Has this been seen before / fixed ?
