SolrUtils::queryPhrase
(PECL solr >= 0.9.2)
SolrUtils::queryPhrase — Prepares a phrase from an unescaped lucene string
Description
public static string SolrUtils::queryPhrase
( string
$str
)Prepares a phrase from an unescaped lucene string.
Parameters
-
str
-
The lucene phrase.
Return Values
Returns the phrase contained in double quotes.
- PHP Руководство
- Функции по категориям
- Индекс функций
- Справочник функций
- Расширения для работы с поисковыми системами
- Apache Solr
- Функция SolrUtils::digestXmlResponse() - Parses an response XML string into a SolrObject
- Функция SolrUtils::escapeQueryChars() - Escapes a lucene query string
- Функция SolrUtils::getSolrVersion() - Returns the current version of the Solr extension
- Функция SolrUtils::queryPhrase() - Prepares a phrase from an unescaped lucene string
Коментарии
Doing some tests it would appear that this function also sanitizes input(testing on version above 1.0). And the term "phrase" is not the same as a complete query like "FIELD:THE RIGHT HALF AFTER THE : IS THE PHRASE."
So if you want to search SOME_FIELD:some value with an escape character like +, then you would have to write the code out:
$query = 'SOME_FIELD:' . SolrUtils::queryPhrase('some value with an escape character like +');
That would properly escape it like:
some value with an escape character like \+
FYI.
You need to be careful allowing users to use raw queries if you index sensitive information. Cross domain search timing attacks can be used to extract information from an index [1] if your form does not have XSRF protection.
If you allow raw queries it can also allow users to DOS your application by inputting slow queries.
[1] https://www.idontplaydarts.com/2015/09/cross-domain-timing-attacks-against-lucene/