©
本文档使用 PHP中文网手册 发布
(PECL solr >= 0.9.2)
SolrUtils::queryPhrase — Prepares a phrase from an unescaped lucene string
$str
)Prepares a phrase from an unescaped lucene string.
str
The lucene phrase.
Returns the phrase contained in double quotes.
[#1] quackfish at gmail dot com [2015-11-08 01:05:16]
You need to be careful allowing users to use raw queries if you index sensitive information. Cross domain search timing attacks can be used to extract information from an index [1] if your form does not have XSRF protection.
If you allow raw queries it can also allow users to DOS your application by inputting slow queries.
[1] https://www.idontplaydarts.com/2015/09/cross-domain-timing-attacks-against-lucene/
[#2] daniel dot allen at commercialtrucktrader dot com [2014-02-03 16:04:11]
Doing some tests it would appear that this function also sanitizes input(testing on version above 1.0). And the term "phrase" is not the same as a complete query like "FIELD:THE RIGHT HALF AFTER THE : IS THE PHRASE."
So if you want to search SOME_FIELD:some value with an escape character like +, then you would have to write the code out:
$query = 'SOME_FIELD:' . SolrUtils::queryPhrase('some value with an escape character like +');
That would properly escape it like:
some value with an escape character like \+
FYI.