SolrUtils::queryPhrase

(PECL solr >= 0.9.2)

SolrUtils::queryPhrase — Prepares a phrase from an unescaped lucene string

说明

public static SolrUtils::queryPhrase ( string $str ) : string

Prepares a phrase from an unescaped lucene string.

参数

str: The lucene phrase.

返回值

Returns the phrase contained in double quotes.

User Contributed Notes

quackfish at gmail dot com 08-Nov-2015 01:05


You need to be careful allowing users to use raw queries if you index sensitive information. Cross domain search timing attacks can be used to extract information from an index [1] if your form does not have XSRF protection.



If you allow raw queries it can also allow users to DOS your application by inputting slow queries. 



[1] https://www.idontplaydarts.com/2015/09/cross-domain-timing-attacks-against-lucene/

daniel dot allen at commercialtrucktrader dot com 03-Feb-2014 04:04


Doing some tests it would appear that this function also sanitizes input(testing on version above 1.0). And the term "phrase" is not the same as a complete query like "FIELD:THE RIGHT HALF AFTER THE : IS THE PHRASE."



So if you want to search SOME_FIELD:some value with an escape character like +, then you would have to write the code out:



$query  = 'SOME_FIELD:' . SolrUtils::queryPhrase('some value with an escape character like +');



That would properly escape it like:



some value with an escape character like \+



FYI.