You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@solr.apache.org by th...@apache.org on 2022/05/26 15:16:11 UTC

[solr] branch branch_9x updated: SOLR-16215 Escape query characters in Solr SQL Array UDF functions (#880)

This is an automated email from the ASF dual-hosted git repository.

thelabdude pushed a commit to branch branch_9x
in repository https://gitbox.apache.org/repos/asf/solr.git


The following commit(s) were added to refs/heads/branch_9x by this push:
     new 1f8969e0fed SOLR-16215 Escape query characters in Solr SQL Array UDF functions (#880)
1f8969e0fed is described below

commit 1f8969e0fed4cbd5d650881f6d689b20e16d0fdc
Author: Kiran Chitturi <ch...@gmail.com>
AuthorDate: Thu May 26 08:16:03 2022 -0700

    SOLR-16215 Escape query characters in Solr SQL Array UDF functions (#880)
    
    * SOLR-16215 Escape query characters in Solr SQL Array UDF functions
    
    * Add to CHANGES.txt
---
 solr/CHANGES.txt                                      |  2 ++
 .../java/org/apache/solr/handler/sql/SolrFilter.java  |  4 ++--
 .../org/apache/solr/handler/sql/TestSQLHandler.java   | 19 ++++++++++++++++---
 3 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index 7b166bcfe6f..5b12b0f0413 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -797,6 +797,8 @@ Bug Fixes
 * SOLR-16199: Improve query syntax construction for SQL LIKE clause with phrases and wildcards
   (Kiran Chitturi, Aroop Ganguly, Amrit Sarkar via Timothy Potter)
 
+* SOLR-16215: Escape query characters in Solr SQL Array UDF functions (Kiran Chitturi via Timothy Potter)
+
 ==================  8.11.1 ==================
 
 Bug Fixes
diff --git a/solr/modules/sql/src/java/org/apache/solr/handler/sql/SolrFilter.java b/solr/modules/sql/src/java/org/apache/solr/handler/sql/SolrFilter.java
index 8c913755c38..b5ba948c07c 100644
--- a/solr/modules/sql/src/java/org/apache/solr/handler/sql/SolrFilter.java
+++ b/solr/modules/sql/src/java/org/apache/solr/handler/sql/SolrFilter.java
@@ -169,7 +169,7 @@ class SolrFilter extends Filter implements SolrRel {
       if (valuesNode instanceof RexLiteral) {
         String literal = toSolrLiteral(fieldName, (RexLiteral) valuesNode);
         if (!StringUtils.isEmpty(literal)) {
-          return fieldName + ":\"" + literal + "\"";
+          return fieldName + ":\"" + ClientUtils.escapeQueryChars(literal.trim()) + "\"";
         } else {
           return null;
         }
@@ -179,7 +179,7 @@ class SolrFilter extends Filter implements SolrRel {
             valuesRexCall.getOperands().stream()
                 .map(op -> toSolrLiteral(fieldName, (RexLiteral) op))
                 .filter(value -> !StringUtils.isEmpty(value))
-                .map(value -> "\"" + value.trim() + "\"")
+                .map(value -> "\"" + ClientUtils.escapeQueryChars(value.trim()) + "\"")
                 .collect(Collectors.joining(" " + booleanOperator + " "));
         return fieldName + ":(" + valuesString + ")";
       }
diff --git a/solr/modules/sql/src/test/org/apache/solr/handler/sql/TestSQLHandler.java b/solr/modules/sql/src/test/org/apache/solr/handler/sql/TestSQLHandler.java
index eefc20f0309..b08cef64391 100644
--- a/solr/modules/sql/src/test/org/apache/solr/handler/sql/TestSQLHandler.java
+++ b/solr/modules/sql/src/test/org/apache/solr/handler/sql/TestSQLHandler.java
@@ -3342,7 +3342,9 @@ public class TestSQLHandler extends SolrCloudTestCase {
             "stringxmv",
             "e",
             "stringxmv",
-            "f",
+            "\"f\"",
+            "stringxmv",
+            "g\"h",
             "stringxmv",
             "a",
             "pdoublexmv",
@@ -3373,6 +3375,19 @@ public class TestSQLHandler extends SolrCloudTestCase {
     expectResults(
         "select id, stringxmv from $ALIAS WHERE array_contains_any(pdoublexmv, (1.5, 2.5))", 3);
     expectResults("select id, stringxmv from $ALIAS WHERE array_contains_any(longs, (1, 3))", 3);
+    expectResults(
+        "select id, stringxmv from $ALIAS WHERE array_contains_any(stringxmv, ('\"a\"', '\"e\"'))",
+        0);
+    expectResults(
+        "select id, stringxmv from $ALIAS WHERE array_contains_any(stringxmv, ('\"a\"'))", 0);
+    expectResults(
+        "select id, stringxmv from $ALIAS WHERE array_contains_any(stringxmv, ('\"f\"'))", 1);
+    expectResults(
+        "select id, stringxmv from $ALIAS WHERE array_contains_any(stringxmv, ('g\"h'))", 1);
+    expectResults(
+        "select id, stringxmv from $ALIAS WHERE array_contains_any(stringxmv, ('a', 'e', '\"f\"'))",
+        3);
+
     expectResults("select id, stringxmv from $ALIAS WHERE array_contains_any(stringxmv, ('a'))", 2);
     expectResults(
         "select id, stringxmv from $ALIAS WHERE array_contains_any(stringxmv, ('a', 'b', 'c'))", 3);
@@ -3380,7 +3395,5 @@ public class TestSQLHandler extends SolrCloudTestCase {
         "select id, stringxmv from $ALIAS WHERE array_contains_any(stringxmv, ('a', 'c'))", 3);
     expectResults(
         "select id, stringxmv from $ALIAS WHERE array_contains_any(stringxmv, ('a', 'e'))", 3);
-    expectResults(
-        "select id, stringxmv from $ALIAS WHERE array_contains_any(stringxmv, ('a', 'e', 'f'))", 3);
   }
 }