lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James Dyer (Commented) (JIRA)" <>
Subject [jira] [Commented] (SOLR-3161) Use of 'qt' should be restricted to searching and should not start with a '/'
Date Mon, 27 Feb 2012 19:14:46 GMT


James Dyer commented on SOLR-3161:

I thinks its nice that you can currently set up various handler with all of the different
parameters, etc set up in your config and then clients don't have to worry about setting.
 (ie...what is the secret sauce for relevance, anyway, and which spelling dictionary goes
with which "qf" list?, etc)  Its just easier to have this all in the configuration.  This
is the beauty of "qt" so whatever solution we find here, I'd really like it if this beauty
doesn't get spoiled.

By the way, when we were converting an app from Endeca, we used "qt" to roughly emulate Endeca's
"search interface" concept, which is basically like a dismax request handler that behaves
as if it were a field.  Imagine having multiple "qt"s (Request Handlers) set up, each with
its own "qf", spelling config, highlighter config, etc, and then being able to do something
like this: q=Handler1:(+this +that) AND Handler2:(something else) .  Someday I would love
to see this kind of enhancement (best I could tell you can't do anything like this even with
local params).  But if we lock down qt too much or eliminate it altogether, we might make
it harder to have this kind of possibility in the future.
> Use of 'qt' should be restricted to searching and should not start with a '/'
> -----------------------------------------------------------------------------
>                 Key: SOLR-3161
>                 URL:
>             Project: Solr
>          Issue Type: Improvement
>          Components: search, web gui
>            Reporter: David Smiley
>            Assignee: David Smiley
>             Fix For: 3.6, 4.0
> I haven't yet looked at the code involved for suggestions here; I'm speaking based on
how I think things should work and not work, based on intuitiveness and security. In general
I feel it is best practice to use '/' leading request handler names and not use "qt", but
I don't hate it enough when used in limited (search-only) circumstances to propose its demise.
But if someone proposes its deprecation that then I am +1 for that.
> Here is my proposal:
> Solr should error if the parameter "qt" is supplied with a leading '/'. (trunk only)
> Solr should only honor "qt" if the target request handler extends solr.SearchHandler.
> The new admin UI should only use 'qt' when it has to. For the query screen, it could
present a little pop-up menu of handlers to choose from, including "/select?qt=mycustom" for
handlers that aren't named with a leading '/'. This choice should be positioned at the top.
> And before I forget, me or someone should investigate if there are any similar security
problems with the shards.qt parameter. Perhaps shards.qt can abide by the same rules outlined
> Does anyone foresee any problems with this proposal?
> On a related subject, I think the notion of a default request handler is bad - the default="true"
thing. Honestly I'm not sure what it does, since I noticed Solr trunk redirects '/solr/' to
the new admin UI at '/solr/#/'. Assuming it doesn't do anything useful anymore, I think it
would be clearer to use <requestHandler name="/select" class="solr.SearchHandler"> instead
of what's there now. The delta is to put the leading '/' on this request handler name, and
remove the "default" attribute.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message