Uploaded image for project: 'Islandora'
  1. Islandora
  2. ISLANDORA-2045

Solr results formatFilter assumes arguments passed are correct and complete

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 7.x-1.9, 7.x-1.10
    • Fix Version/s: 7.x-1.11
    • Component/s: Solr Search
    • Labels:
      None

      Description

      Solr formatFilter assumes query arguments passed are correctly formed into something Solr understands. Happens that since this is passed as a query argument, people could have modified it, or even reached the GET argument length limit getting a cropped query.
      That makes at: https://github.com/Islandora/islandora_solr_search/blob/7.x/includes/results.inc#L530-L533

      $filter_split = preg_split(ISLANDORA_SOLR_QUERY_FIELD_VALUE_SPLIT_REGEX, $filter, 2);
      

      results in no split at all. Subsequent calls to the second element of that array end in warnings like
      "Notice: Undefined offset: 1 in formatFilter()..."

      To test: run something like this (on a real repo)
      localhost:8080/islandora/search?type=edismax&f[0]=-mods_genre_ms%3A%22Admission%5C%20tickets%22&f[1]=-mod
      and look at your Drupal logs.

      Other consequence of this is that you end with an empty element in the query breadcrumb, which makes me wonder if this could be even a security issue? Not filtering, sanitizing that input?

        Attachments

          Activity

            People

            • Assignee:
              rosiel Rosie Le Faive
              Reporter:
              dpinokrayon Diego Pino Navarro
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: