Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-53579

Solr search searches all fields for user query, even internal fields

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide

      The background to this test is to confirm that the contextid field is not being searched when we do a search. We are not going to go through all the fields, as it's done in a whitelist fashion, so if contextid isn't search, we "know" the other fields not added to the whitelist won't be searched.

      Note If you do A/B testing, purge caches and logout/in, or comment out return $results; around line 408 of search/classes/manager.php

      1. Create an assignment title "Assign 55"
      2. Get the context id of the assign - this can be done by looking at the URL of Assignment Administration > Locally assigned roles
      3. Index the site content, making sure the Assign area is enabled
      4. Search for the context id
      5. Confirm you don't get a result for Assign 55
      6. Search for 55
      7. Confirm you do get a result for Assign 55
      Show
      The background to this test is to confirm that the contextid field is not being searched when we do a search. We are not going to go through all the fields, as it's done in a whitelist fashion, so if contextid isn't search, we "know" the other fields not added to the whitelist won't be searched. Note If you do A/B testing, purge caches and logout/in, or comment out return $results; around line 408 of search/classes/manager.php Create an assignment title "Assign 55" Get the context id of the assign - this can be done by looking at the URL of Assignment Administration > Locally assigned roles Index the site content, making sure the Assign area is enabled Search for the context id Confirm you don't get a result for Assign 55 Search for 55 Confirm you do get a result for Assign 55
    • Affected Branches:
      MOODLE_31_STABLE
    • Fixed Branches:
      MOODLE_31_STABLE
    • Pull Master Branch:
      MDL-53579-master

      Description

      Solr search applies the users search query against all index fields, even things like context and courseids. While this isn't a security risk, due to filtering that is in place, if the user searches for things (like numbers) that may be in those fields, it creates a mess of results that has no real bearing on the search query.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  23/May/16