You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@solr.apache.org by th...@apache.org on 2022/05/26 13:54:13 UTC

[solr] branch main updated: SOLR-16215 Escape query characters in Solr SQL Array UDF functions (#879)

This is an automated email from the ASF dual-hosted git repository.

thelabdude pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/solr.git


The following commit(s) were added to refs/heads/main by this push:
     new cd2cf06b7ae SOLR-16215 Escape query characters in Solr SQL Array UDF functions (#879)
cd2cf06b7ae is described below

commit cd2cf06b7aea3cc408618845d99717611f2440bb
Author: Kiran Chitturi <ch...@gmail.com>
AuthorDate: Thu May 26 06:54:09 2022 -0700

    SOLR-16215 Escape query characters in Solr SQL Array UDF functions (#879)
---
 solr/CHANGES.txt                                      |  2 ++
 .../java/org/apache/solr/handler/sql/SolrFilter.java  |  4 ++--
 .../org/apache/solr/handler/sql/TestSQLHandler.java   | 19 ++++++++++++++++---
 3 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index b470b0bc87d..50a3f29d049 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -821,6 +821,8 @@ Bug Fixes
 * SOLR-16199: Improve query syntax construction for SQL LIKE clause with phrases and wildcards
   (Kiran Chitturi, Aroop Ganguly, Amrit Sarkar via Timothy Potter)
 
+* SOLR-16215: Escape query characters in Solr SQL Array UDF functions (Kiran Chitturi via Timothy Potter)
+
 ==================  8.11.1 ==================
 
 Bug Fixes
diff --git a/solr/modules/sql/src/java/org/apache/solr/handler/sql/SolrFilter.java b/solr/modules/sql/src/java/org/apache/solr/handler/sql/SolrFilter.java
index 8c913755c38..b5ba948c07c 100644
--- a/solr/modules/sql/src/java/org/apache/solr/handler/sql/SolrFilter.java
+++ b/solr/modules/sql/src/java/org/apache/solr/handler/sql/SolrFilter.java
@@ -169,7 +169,7 @@ class SolrFilter extends Filter implements SolrRel {
       if (valuesNode instanceof RexLiteral) {
         String literal = toSolrLiteral(fieldName, (RexLiteral) valuesNode);
         if (!StringUtils.isEmpty(literal)) {
-          return fieldName + ":\"" + literal + "\"";
+          return fieldName + ":\"" + ClientUtils.escapeQueryChars(literal.trim()) + "\"";
         } else {
           return null;
         }
@@ -179,7 +179,7 @@ class SolrFilter extends Filter implements SolrRel {
             valuesRexCall.getOperands().stream()
                 .map(op -> toSolrLiteral(fieldName, (RexLiteral) op))
                 .filter(value -> !StringUtils.isEmpty(value))
-                .map(value -> "\"" + value.trim() + "\"")
+                .map(value -> "\"" + ClientUtils.escapeQueryChars(value.trim()) + "\"")
                 .collect(Collectors.joining(" " + booleanOperator + " "));
         return fieldName + ":(" + valuesString + ")";
       }
diff --git a/solr/modules/sql/src/test/org/apache/solr/handler/sql/TestSQLHandler.java b/solr/modules/sql/src/test/org/apache/solr/handler/sql/TestSQLHandler.java
index eefc20f0309..b08cef64391 100644
--- a/solr/modules/sql/src/test/org/apache/solr/handler/sql/TestSQLHandler.java
+++ b/solr/modules/sql/src/test/org/apache/solr/handler/sql/TestSQLHandler.java
@@ -3342,7 +3342,9 @@ public class TestSQLHandler extends SolrCloudTestCase {
             "stringxmv",
             "e",
             "stringxmv",
-            "f",
+            "\"f\"",
+            "stringxmv",
+            "g\"h",
             "stringxmv",
             "a",
             "pdoublexmv",
@@ -3373,6 +3375,19 @@ public class TestSQLHandler extends SolrCloudTestCase {
     expectResults(
         "select id, stringxmv from $ALIAS WHERE array_contains_any(pdoublexmv, (1.5, 2.5))", 3);
     expectResults("select id, stringxmv from $ALIAS WHERE array_contains_any(longs, (1, 3))", 3);
+    expectResults(
+        "select id, stringxmv from $ALIAS WHERE array_contains_any(stringxmv, ('\"a\"', '\"e\"'))",
+        0);
+    expectResults(
+        "select id, stringxmv from $ALIAS WHERE array_contains_any(stringxmv, ('\"a\"'))", 0);
+    expectResults(
+        "select id, stringxmv from $ALIAS WHERE array_contains_any(stringxmv, ('\"f\"'))", 1);
+    expectResults(
+        "select id, stringxmv from $ALIAS WHERE array_contains_any(stringxmv, ('g\"h'))", 1);
+    expectResults(
+        "select id, stringxmv from $ALIAS WHERE array_contains_any(stringxmv, ('a', 'e', '\"f\"'))",
+        3);
+
     expectResults("select id, stringxmv from $ALIAS WHERE array_contains_any(stringxmv, ('a'))", 2);
     expectResults(
         "select id, stringxmv from $ALIAS WHERE array_contains_any(stringxmv, ('a', 'b', 'c'))", 3);
@@ -3380,7 +3395,5 @@ public class TestSQLHandler extends SolrCloudTestCase {
         "select id, stringxmv from $ALIAS WHERE array_contains_any(stringxmv, ('a', 'c'))", 3);
     expectResults(
         "select id, stringxmv from $ALIAS WHERE array_contains_any(stringxmv, ('a', 'e'))", 3);
-    expectResults(
-        "select id, stringxmv from $ALIAS WHERE array_contains_any(stringxmv, ('a', 'e', 'f'))", 3);
   }
 }