Closed (fixed)
Project:
Apache Solr Search
Version:
6.x-3.x-dev
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
27 Aug 2012 at 16:46 UTC
Updated:
27 Sep 2012 at 20:41 UTC
Jump to comment: Most recent file
Comments
Comment #1
nick_vhCould you give me an example of values that you are adding there and that cause problems?
I'd like to know if we should kill any other parameter also (such as fq)
Comment #2
nick_vhAlso, we have to do something like this, because otherwise user input might find it's way through the code and possibly do bad things. Can we do this with a little more control perhaps? Which value do you need to pass that is not a facet and can't happen anywhere else?
Comment #3
mkalkbrennerIssue #502976: Other GET parameters ignored by Apache Solr Facet Blocks explains the problem. The issue has already been fixed in earlier versions.
Apache Solr Multilingual for example adds detach-auto-language-filter=1, the same way apachesolr adds retain-filters=1 when required.
Comment #4
mkalkbrennerStuff like paging still works with my patch applied.
Comment #5
nick_vhshould we have some variable that states which variables are allowed? If we don't - people can just add stuff randomly and it will cause problems in the array because it is not filtered out of it
Comment #6
mkalkbrennerI think it has to be the other way round. apachesolr only has to grap and remove it's own stuff, but leave everything else added by users untouched during the form redirect.
If users want to add custom stuff that has to be handled by retain-filters, they have to add this using alter hooks.
Comment #7
nick_vhI just see some problems in a link like this
search/site?a=a&b=b&c=c&d=d&e=e&f=f&...
We won't discard this information, but we won't use it either. It will take up useless space in the memory. Luckily the url can only go 4096 characters and we don't support POST arguments.
Comment #8
mkalkbrennerThis problem is not specific for apachesolr. It's a common problem.
And the get parameters might already exist. The current implementation only deletes them and redirects.
Are there any other arguments against my patch?
Comment #9
nick_vhI'm just seeing three entries in the module that could cause problems when we do this
search for :
array_diff_key($_GETI really think we should have some variable with allowed get parameters for solr. You could, as contrib module, add your param to this list and it would be accepted on all fronts
if we do this, we might want to retain all accepted parameters instead of only discarding 'f'
Comment #10
mkalkbrennerOK, I'll accept this solution. Who will work on this patch?
Comment #11
mkalkbrennerLike discussed in our recent chat:
I inroduced a new variable 'apachesolr_search_protected_query_parameters' holding a list of all get parameters that should not be deleted if retain-filters is not set (see patch attached).
In apachesolr_multilingual.install I register our variable to be protected:
Comment #12
pwolanin commentedi like the original patch better, though we also need to remove 'fq', and need ideally to ask the adpater about the GET parameter, and not assume it's 'f'
Comment #13
pwolanin commentedHere's that with some code comment cleanup.
We should figure out how to actually pull the filter key out of facetapi - it's rather too buried, and in hindsight I'm not sure making that flexible was the right choice.
Comment #14
mkalkbrennerI would like to see the last patch to be committed. That's the solution I prefered when starting the issue and it reduces code in apachesolr_multilingual.
Having this comment in the code is OK for now. From my point view, dealing with FacetapiUrlProcessor::$filterKey is a different issue.
Comment #15
pwolanin commentedYes, there is no easy way to get the value at the point when we need it, so I think we have to leave it hard-coded for now.
Comment #16
cpliakas commentedApache Solr Search Integration should be responsible for setting this path anyways. The only issue will be with Facet API Pretty Paths which overrides the adapter, but maybe that can be tackled later. I believe it defaults to "f" as well for the remaining filters.
Comment #17
pwolanin commentedcommitted - needs backport
Comment #18
pwolanin commentedapplied and commited
Comment #19
pwolanin commentedapplied and commited