From d56aa0766b8f1e2e75e834aa610ef9338768b68e Mon Sep 17 00:00:00 2001 From: amercader Date: Tue, 13 Mar 2018 15:39:14 +0100 Subject: [PATCH] Disallow solr parameters --- ckan/lib/search/query.py | 12 ++++++++++++ ckan/tests/logic/action/test_get.py | 8 ++++++++ 2 files changed, 20 insertions(+) diff --git a/ckan/lib/search/query.py b/ckan/lib/search/query.py index 6ec64588cab..527670371bb 100644 --- a/ckan/lib/search/query.py +++ b/ckan/lib/search/query.py @@ -266,6 +266,12 @@ def get_index(self,reference): 'wt': 'json', 'fq': 'site_id:"%s"' % config.get('ckan.site_id')} + try: + if query['q'].startswith('{!'): + raise SearchError('Local parameters are not supported.') + except KeyError: + pass + conn = make_connection(decode_dates=False) log.debug('Package query: %r' % query) try: @@ -354,6 +360,12 @@ def run(self, query, permission_labels=None, **kwargs): query['mm'] = query.get('mm', '2<-1 5<80%') query['qf'] = query.get('qf', QUERY_FIELDS) + try: + if query['q'].startswith('{!'): + raise SearchError('Local parameters are not supported.') + except KeyError: + pass + conn = make_connection(decode_dates=False) log.debug('Package query: %r' % query) try: diff --git a/ckan/tests/logic/action/test_get.py b/ckan/tests/logic/action/test_get.py index c3f49f3b0db..fd6fe4ea8ed 100644 --- a/ckan/tests/logic/action/test_get.py +++ b/ckan/tests/logic/action/test_get.py @@ -1295,6 +1295,14 @@ def test_custom_schema_not_returned(self): p.unload('example_idatasetform') + def test_local_parameters_not_supported(self): + + nose.tools.assert_raises( + SearchError, + helpers.call_action, + 'package_search', + q='{!child of="content_type:parentDoc"}') + class TestBadLimitQueryParameters(helpers.FunctionalTestBase): '''test class for #1258 non-int query parameters cause 500 errors