Disallow solr parameters

ckan/lib/search/query.py

@@ -266,6 +266,12 @@ def get_index(self,reference):
             'wt': 'json',
             'fq': 'site_id:"%s"' % config.get('ckan.site_id')}
 
+        try:
+            if query['q'].startswith('{!'):
+                raise SearchError('Local parameters are not supported.')
+        except KeyError:
+            pass
+
         conn = make_connection(decode_dates=False)
         log.debug('Package query: %r' % query)
         try:
@@ -354,6 +360,12 @@ def run(self, query, permission_labels=None, **kwargs):
             query['mm'] = query.get('mm', '2<-1 5<80%')
             query['qf'] = query.get('qf', QUERY_FIELDS)
 
+        try:
+            if query['q'].startswith('{!'):
+                raise SearchError('Local parameters are not supported.')
+        except KeyError:
+            pass
+
         conn = make_connection(decode_dates=False)
         log.debug('Package query: %r' % query)
         try:

ckan/tests/logic/action/test_get.py

@@ -1295,6 +1295,14 @@ def test_custom_schema_not_returned(self):
 
         p.unload('example_idatasetform')
 
+    def test_local_parameters_not_supported(self):
+
+        nose.tools.assert_raises(
+            SearchError,
+            helpers.call_action,
+            'package_search',
+            q='{!child of="content_type:parentDoc"}')
+
 
 class TestBadLimitQueryParameters(helpers.FunctionalTestBase):
     '''test class for #1258 non-int query parameters cause 500 errors