Closed (cannot reproduce)
Project:
Apache Solr Search
Version:
7.x-1.x-dev
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
17 Sep 2009 at 21:31 UTC
Updated:
9 Jan 2012 at 10:29 UTC
Jump to comment: Most recent file
Comments
Comment #1
robertdouglass commentedThe "deep linking" permalinks for comments don't always work. Maybe it's something wrong the the devel generated comments I'm testing with. Have to try with a real data set later. They work most of the time, though, which is better than D5 or D6 were able to do, afaik.
Comment #2
robertdouglass commentedSome bugfixes.
Comment #3
robertdouglass commentedComment access isn't respected by the current code. Something like this needs to happen, but this doesn't work. A refactoring of the query object is needed :(
Comment #4
robertdouglass commentedBetter handling of status and reindexing when comment is changed.
Comment #5
robertdouglass commented#4 has been committed to 6.2. #3 hasn't been.
Comment #6
robertdouglass commentedComment #8
jpmckinney commented#3 has not been committed, but we need something like the commented-out section to respect access permissions. Follow #680992: comments are added to search index without checking access in core.
Comment #9
pwolanin commentedI confirmed with the rest of the Drupal Security Team that given the existing public disclosures around this access-bypass bug, we should fix in public.
Likely we will want to try to use the same approach that's picked for the Drupal 6 backport in #680992: comments are added to search index without checking access
Comment #10
jpmckinney commentedComment #11
nick_vhSince we don't have a commentsearch contrib module in D7 and we are using the comments from the node itself using the core update_index hooks I am quite certain this bug does not exists in the D7 branch.
If a separate indexer would be made for the comments (in contrib) this might be interesting as a reference. Closing it for now