You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by ds...@apache.org on 2012/03/26 06:05:29 UTC

svn commit: r1305213 - in /lucene/dev/branches/branch_3x/solr/core/src: java/org/apache/solr/core/SolrCore.java test/org/apache/solr/TestDistributedSearch.java

Author: dsmiley
Date: Mon Mar 26 04:05:28 2012
New Revision: 1305213

URL: http://svn.apache.org/viewvc?rev=1305213&view=rev
Log:
SOLR-3161 An incoming isShard=true should be limited to a SearchHandler. Protects against shards.qt=/update attack

Modified:
    lucene/dev/branches/branch_3x/solr/core/src/java/org/apache/solr/core/SolrCore.java
    lucene/dev/branches/branch_3x/solr/core/src/test/org/apache/solr/TestDistributedSearch.java

Modified: lucene/dev/branches/branch_3x/solr/core/src/java/org/apache/solr/core/SolrCore.java
URL: http://svn.apache.org/viewvc/lucene/dev/branches/branch_3x/solr/core/src/java/org/apache/solr/core/SolrCore.java?rev=1305213&r1=1305212&r2=1305213&view=diff
==============================================================================
--- lucene/dev/branches/branch_3x/solr/core/src/java/org/apache/solr/core/SolrCore.java (original)
+++ lucene/dev/branches/branch_3x/solr/core/src/java/org/apache/solr/core/SolrCore.java Mon Mar 26 04:05:28 2012
@@ -27,6 +27,7 @@ import org.apache.lucene.store.LockObtai
 import org.apache.solr.common.SolrException;
 import org.apache.solr.common.params.CommonParams;
 import org.apache.solr.common.params.CommonParams.EchoParamStyle;
+import org.apache.solr.common.params.ShardParams;
 import org.apache.solr.common.params.SolrParams;
 import org.apache.solr.common.util.NamedList;
 import org.apache.solr.common.util.SimpleOrderedMap;
@@ -1368,7 +1369,10 @@ public final class SolrCore implements S
     toLog.add("webapp", req.getContext().get("webapp"));
     toLog.add("path", req.getContext().get("path"));
     toLog.add("params", "{" + req.getParamString() + "}");
-    
+
+    if (req.getParams().getBool(ShardParams.IS_SHARD,false) && !(handler instanceof SearchHandler))
+      throw new SolrException(SolrException.ErrorCode.BAD_REQUEST,"isShard is only acceptable with search handlers");
+
     handler.handleRequest(req,rsp);
     setResponseHeaderValues(handler,req,rsp);
     

Modified: lucene/dev/branches/branch_3x/solr/core/src/test/org/apache/solr/TestDistributedSearch.java
URL: http://svn.apache.org/viewvc/lucene/dev/branches/branch_3x/solr/core/src/test/org/apache/solr/TestDistributedSearch.java?rev=1305213&r1=1305212&r2=1305213&view=diff
==============================================================================
--- lucene/dev/branches/branch_3x/solr/core/src/test/org/apache/solr/TestDistributedSearch.java (original)
+++ lucene/dev/branches/branch_3x/solr/core/src/test/org/apache/solr/TestDistributedSearch.java Mon Mar 26 04:05:28 2012
@@ -18,6 +18,8 @@
 package org.apache.solr;
 
 
+import org.apache.solr.client.solrj.SolrServerException;
+
 /**
  * TODO? perhaps use:
  *  http://docs.codehaus.org/display/JETTY/ServletTester
@@ -280,6 +282,15 @@ public class TestDistributedSearch exten
       query("q","*:*", "rows",100);
     }
 
+    //SOLR 3161 ensure shards.qt=/update fails (anything but search handler really)
+    // Also see TestRemoteStreaming#testQtUpdateFails()
+    try {
+      query("q","*:*","shards.qt","/update","stream.body","<delete><query>*:*</query></delete>");
+      fail();
+    } catch (SolrServerException e) {
+      //expected
+    }
+    
     // Thread.sleep(10000000000L);
   }