mirror of https://github.com/apache/lucene.git
SOLR-12417: enforce valid function name for v.json
This commit is contained in:
parent
d27a2e8996
commit
107fd24ec7
|
@ -276,6 +276,8 @@ Bug Fixes
|
|||
* SOLR-12314: Use http timeout's defined in solr.xml for creating ConcurrentUpdateSolrClient during
|
||||
indexing requests between leader and replica ( Mark Miller, Varun Thacker)
|
||||
|
||||
* SOLR-12417: velocity response writer should enforce valid function name for v.json parameter (yonik)
|
||||
|
||||
Optimizations
|
||||
----------------------
|
||||
|
||||
|
|
|
@ -35,6 +35,7 @@ import org.apache.commons.lang.StringUtils;
|
|||
import org.apache.solr.client.solrj.SolrResponse;
|
||||
import org.apache.solr.client.solrj.response.QueryResponse;
|
||||
import org.apache.solr.client.solrj.response.SolrResponseBase;
|
||||
import org.apache.solr.common.SolrException;
|
||||
import org.apache.solr.common.params.CommonParams;
|
||||
import org.apache.solr.common.util.NamedList;
|
||||
import org.apache.solr.core.SolrCore;
|
||||
|
@ -184,6 +185,11 @@ public class VelocityResponseWriter implements QueryResponseWriter, SolrCoreAwar
|
|||
}
|
||||
|
||||
if (jsonWrapper != null) {
|
||||
for (int i=0; i<jsonWrapper.length(); i++) {
|
||||
if (!Character.isJavaIdentifierPart(jsonWrapper.charAt(i))) {
|
||||
throw new SolrException(SolrException.ErrorCode.BAD_REQUEST, "Invalid function name for " + JSON + ": '" + jsonWrapper + "'");
|
||||
}
|
||||
}
|
||||
writer.write(jsonWrapper + "(");
|
||||
writer.write(getJSONWrap(stringWriter.toString()));
|
||||
writer.write(')');
|
||||
|
|
|
@ -17,6 +17,7 @@
|
|||
package org.apache.solr.velocity;
|
||||
|
||||
import org.apache.solr.SolrTestCaseJ4;
|
||||
import org.apache.solr.common.SolrException;
|
||||
import org.apache.solr.common.util.NamedList;
|
||||
import org.apache.solr.response.QueryResponseWriter;
|
||||
import org.apache.solr.response.SolrParamResourceLoader;
|
||||
|
@ -187,6 +188,11 @@ public class VelocityResponseWriterTest extends SolrTestCaseJ4 {
|
|||
VelocityResponseWriter.TEMPLATE, "numFound",
|
||||
VelocityResponseWriter.JSON,"foo",
|
||||
VelocityResponseWriter.LAYOUT,"layout")));
|
||||
|
||||
assertQEx("Bad function name should throw exception", req("q", "*:*", "wt", "velocity",
|
||||
VelocityResponseWriter.TEMPLATE, "numFound",
|
||||
VelocityResponseWriter.JSON,"<foo>"), SolrException.ErrorCode.BAD_REQUEST
|
||||
);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
Loading…
Reference in New Issue