Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-53579

Solr search searches all fields for user query, even internal fields

    XMLWordPrintable

Details

    • MOODLE_31_STABLE
    • MOODLE_31_STABLE
    • MDL-53579-master
    • Hide

      The background to this test is to confirm that the contextid field is not being searched when we do a search. We are not going to go through all the fields, as it's done in a whitelist fashion, so if contextid isn't search, we "know" the other fields not added to the whitelist won't be searched.

      Note If you do A/B testing, purge caches and logout/in, or comment out return $results; around line 408 of search/classes/manager.php

      1. Create an assignment title "Assign 55"
      2. Get the context id of the assign - this can be done by looking at the URL of Assignment Administration > Locally assigned roles
      3. Index the site content, making sure the Assign area is enabled
      4. Search for the context id
      5. Confirm you don't get a result for Assign 55
      6. Search for 55
      7. Confirm you do get a result for Assign 55
      Show
      The background to this test is to confirm that the contextid field is not being searched when we do a search. We are not going to go through all the fields, as it's done in a whitelist fashion, so if contextid isn't search, we "know" the other fields not added to the whitelist won't be searched. Note If you do A/B testing, purge caches and logout/in, or comment out return $results; around line 408 of search/classes/manager.php Create an assignment title "Assign 55" Get the context id of the assign - this can be done by looking at the URL of Assignment Administration > Locally assigned roles Index the site content, making sure the Assign area is enabled Search for the context id Confirm you don't get a result for Assign 55 Search for 55 Confirm you do get a result for Assign 55

    Description

      Solr search applies the users search query against all index fields, even things like context and courseids. While this isn't a security risk, due to filtering that is in place, if the user searches for things (like numbers) that may be in those fields, it creates a mess of results that has no real bearing on the search query.

      Attachments

        Issue Links

          Activity

            People

              emerrill Eric Merrill
              emerrill Eric Merrill
              cameron1729 cameron1729
              Andrew Lyons Andrew Lyons
              Rajesh Taneja Rajesh Taneja
              Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Ilya Tregubov, Sara Arjona (@sarjona)
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                23/May/16