[
https://issues.apache.org/jira/browse/SOLR-1233?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13169431#comment-13169431
]
David Smiley commented on SOLR-1233:
------------------------------------
And I was *hoping* to find a way to disable this vulnerability in the
solrconfig.xml... thinking that perhaps I could lock down qt with invariants,
but that doesn't work. Presumably qt is special. I hate qt.
> Remove restriction that /select cannot be used for /-prefixed request
> handlers via qt
> -------------------------------------------------------------------------------------
>
> Key: SOLR-1233
> URL: https://issues.apache.org/jira/browse/SOLR-1233
> Project: Solr
> Issue Type: Improvement
> Components: search
> Affects Versions: 1.3
> Reporter: Erik Hatcher
> Assignee: Erik Hatcher
> Priority: Minor
> Fix For: 1.4
>
> Attachments: SOLR-1233.patch
>
>
> Currently /select?qt=/whatever is blocked by SolrDispatchFilter. It makes
> life a lot easier to make general requests to any request handler (for
> example in SOLR-1230 where dataimport.jsp needs to request to arbitrary
> handler names).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
