You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@solr.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2022/10/25 17:04:00 UTC

[jira] [Commented] (SOLR-16476) Remove commons-text dependency from solr-core

    [ https://issues.apache.org/jira/browse/SOLR-16476?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17623933#comment-17623933 ] 

ASF subversion and git services commented on SOLR-16476:
--------------------------------------------------------

Commit f3b953d8311694cbf0e802ad24da6df2372e0f25 in solr's branch refs/heads/main from Kevin Risden
[ https://gitbox.apache.org/repos/asf?p=solr.git;h=f3b953d8311 ]

SOLR-16476: Remove commons-text dependency from solr-core (#1122)



> Remove commons-text dependency from solr-core
> ---------------------------------------------
>
>                 Key: SOLR-16476
>                 URL: https://issues.apache.org/jira/browse/SOLR-16476
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: Admin UI, Build
>            Reporter: David Smiley
>            Assignee: Kevin Risden
>            Priority: Minor
>              Labels: newdev
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> I don't think we +really+ need commons-text in solr-core.  I see it's for only one usage:
> https://github.com/apache/solr/blob/c99af207c761ec34812ef1cc3054eb2804b7448b/solr/core/src/java/org/apache/solr/servlet/LoadAdminUiServlet.java#L83
> {noformat}
> String[] search = new String[] {"${contextPath}", "${adminPath}", "${version}"};
>         String[] replace =
>             new String[] {
>               StringEscapeUtils.escapeEcmaScript(request.getContextPath()),
>               StringEscapeUtils.escapeEcmaScript(CommonParams.CORES_HANDLER_PATH),
>               StringEscapeUtils.escapeEcmaScript(pack.getSpecificationVersion())
>             };
> {noformat}
> But contextPath & adminPath are no longer in our admin pages.  "version" is.  Regardless, I don't see why we need to escape EcmaScript; these variables come from internal/validated sources that will not have user provided data that could hack the pages.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org