[MDL-53579] Solr search searches all fields for user query, even internal fields - Moodle Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 3.1
Fix Version/s: 3.1
Component/s: Global search
Labels:

Affected Branches:
MOODLE_31_STABLE
Fixed Branches:
MOODLE_31_STABLE
Pull from Repository:
git://github.com/merrill-oakland/moodle.git
Pull Master Branch:
~~MDL-53579~~-master
Pull Master Diff URL:
https://github.com/merrill-oakland/moodle/compare/aeccf4b...MDL-53579-master
Testing Instructions:
Hide

The background to this test is to confirm that the contextid field is not being searched when we do a search. We are not going to go through all the fields, as it's done in a whitelist fashion, so if contextid isn't search, we "know" the other fields not added to the whitelist won't be searched.

Note If you do A/B testing, purge caches and logout/in, or comment out return $results; around line 408 of search/classes/manager.php

Create an assignment title "Assign 55"

Get the context id of the assign - this can be done by looking at the URL of Assignment Administration > Locally assigned roles

Index the site content, making sure the Assign area is enabled

Search for the context id

Confirm you don't get a result for Assign 55

Search for 55

Confirm you do get a result for Assign 55
Show
The background to this test is to confirm that the contextid field is not being searched when we do a search. We are not going to go through all the fields, as it's done in a whitelist fashion, so if contextid isn't search, we "know" the other fields not added to the whitelist won't be searched. Note If you do A/B testing, purge caches and logout/in, or comment out return $results; around line 408 of search/classes/manager.php Create an assignment title "Assign 55" Get the context id of the assign - this can be done by looking at the URL of Assignment Administration > Locally assigned roles Index the site content, making sure the Assign area is enabled Search for the context id Confirm you don't get a result for Assign 55 Search for 55 Confirm you do get a result for Assign 55

Description

Solr search applies the users search query against all index fields, even things like context and courseids. While this isn't a security risk, due to filtering that is in place, if the user searches for things (like numbers) that may be in those fields, it creates a mess of results that has no real bearing on the search query.

Attachments

Issue Links

is blocked by

MDL-53508 Result highlighting doesn't work in Solr

Closed

Activity

People

Assignee:: Eric Merrill

Reporter:: Eric Merrill

Peer reviewer:: cameron1729

Integrator:: Andrew Lyons

Tester:: Rajesh Taneja

Participants:: Andrew Lyons, cameron1729, CiBoT, Dan Poltawski, David Monllaó, Eric Merrill, Mary Cooch, Rajesh Taneja

Component watchers:: David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 22/Mar/16 4:18 PM

Updated:: 13/May/16 11:58 PM

Resolved:: 08/Apr/16 2:34 AM

Fix Release Date:: 23/May/16