Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-53579

Solr search searches all fields for user query, even internal fields

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide

      The background to this test is to confirm that the contextid field is not being searched when we do a search. We are not going to go through all the fields, as it's done in a whitelist fashion, so if contextid isn't search, we "know" the other fields not added to the whitelist won't be searched.

      Note If you do A/B testing, purge caches and logout/in, or comment out return $results; around line 408 of search/classes/manager.php

      1. Create an assignment title "Assign 55"
      2. Get the context id of the assign - this can be done by looking at the URL of Assignment Administration > Locally assigned roles
      3. Index the site content, making sure the Assign area is enabled
      4. Search for the context id
      5. Confirm you don't get a result for Assign 55
      6. Search for 55
      7. Confirm you do get a result for Assign 55
      Show
      The background to this test is to confirm that the contextid field is not being searched when we do a search. We are not going to go through all the fields, as it's done in a whitelist fashion, so if contextid isn't search, we "know" the other fields not added to the whitelist won't be searched. Note If you do A/B testing, purge caches and logout/in, or comment out return $results; around line 408 of search/classes/manager.php Create an assignment title "Assign 55" Get the context id of the assign - this can be done by looking at the URL of Assignment Administration > Locally assigned roles Index the site content, making sure the Assign area is enabled Search for the context id Confirm you don't get a result for Assign 55 Search for 55 Confirm you do get a result for Assign 55
    • Affected Branches:
      MOODLE_31_STABLE
    • Fixed Branches:
      MOODLE_31_STABLE
    • Pull Master Branch:
      MDL-53579-master

      Description

      Solr search applies the users search query against all index fields, even things like context and courseids. While this isn't a security risk, due to filtering that is in place, if the user searches for things (like numbers) that may be in those fields, it creates a mess of results that has no real bearing on the search query.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              emerrill Eric Merrill
              Reporter:
              emerrill Eric Merrill
              Peer reviewer:
              cameron1729
              Integrator:
              Andrew Nicols
              Tester:
              Rajesh Taneja
              Participants:
              Component watchers:
              Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona), Víctor Déniz Falcón
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                23/May/16