lucene-solr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bill Au <>
Subject Re: handling of Lucene's ParseException inside QueryComponent
Date Mon, 23 Nov 2009 16:45:42 GMT
I dug deeper and discovered that teh exception message is being added to the
HTTP response line by SolrDIspatchFilter.  So there is where the fix should
be made.  I will open a Jira and attach a patch.


On Fri, Nov 20, 2009 at 5:34 PM, Bill Au <> wrote:

> I just noticed that the message of Lucene's ParseException contains the
> user's input that Lucene is failing to parse.  The user input is not
> sanitize in any way.  My appserver is showing the exception message in both
> the body and the HTTP status line of the response.  So even if I set up
> custom error pages the user input are still being send un-sanitized in the
> response.  I don't know if this is the behavior of other appserver or not.
> I don't think I can sanitize the user input before sending it to Solr/Lucene
> since the content of my index contains special characters.
> I am thinking that we can change the behavior of QueryComponent.  Since
> Solr is a webapp, I don't think it is unreasonable to have Solr be
> responsible for sanitizing exception messages.  This is the current
> QueryComponent code:
>     } catch (ParseException e) {
>       throw new SolrException(SolrException.ErrorCode.BAD_REQUEST, e);
>     }
> Instead of wrapping the ParseException in the SolrException, we can simply
> sanitize the message of the ParseException and use that to create the
> SolrException.
> I can submit a patch for this.
> Any comments/suggestions?
> Bill

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message