-
Notifications
You must be signed in to change notification settings - Fork 24.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Throw exception if an additional field was placed inside the "query" body #4913
Conversation
@@ -574,6 +575,8 @@ private void parseSource(SearchContext context, BytesReference source) throws Se | |||
element.parse(parser, context); | |||
} else if (token == null) { | |||
break; | |||
} else if ((token != XContentParser.Token.START_OBJECT)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
so in theory there can only be a single fieldname and from thereone we pass on to the actual query parser, right? so instead of else if
we can just put an else
in there and make sure we move the parser to the first fieldName as we expect it before we enter the loop?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok, I added a commit for this
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
updated again - even more strict!
…body Currently the parser accepts queries like ``` "query" : { "any_query": { ... }, "any_field_name":... } ``` The "any_field_name" is silently ignored. However, this also causes the parser not to move to the next closing bracket which in turn can lead to additional query paremters being ignored such as "fields", "highlight",... This was the case in issue elastic#4895 closes issue elastic#4895
I think we should push this - it's a good fix |
Pushed to master and 1.x. |
Currently the parser accepts queries like
The "any_field_name" is silently ignored. However, this also causes the parser
not to move to the next closing bracket which in turn can lead to additional query
paremters being ignored such as "fields", "highlight",...
This was the case in issue #4895
closes issue #4895