Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I will post a patch for integration of the Countries field in Apache SolR.
Comment | File | Size | Author |
---|---|---|---|
#17 | 1130506-solr-17.patch | 471 bytes | guillaumev |
#14 | 1130506-solr-14.patch | 471 bytes | guillaumev |
#3 | countries_apachesolr.txt | 1.81 KB | guillaumev |
#1 | solr_integration-1130506-1.patch | 1.94 KB | guillaumev |
Comments
Comment #1
guillaumev CreditAttribution: guillaumev commentedThis patch integrates the country field into Apache SolR...
Comment #2
Alan D. CreditAttribution: Alan D. commentedlooks ok, but I can not test this myself... feedback anyone?
The only thing that I can see from the patch is this
which could be shortened to this
Reason, the iso2 value is only used to index the country array.
Comment #3
guillaumev CreditAttribution: guillaumev commentedI was too lazy to make a patch, but attached is the code that works for the new version of apachesolr (beta6)
Comment #4
webflo CreditAttribution: webflo commentedLooks good. Committed with small changes to 7.x-2.x. Thanks!
Comment #6
Alan D. CreditAttribution: Alan D. commentedRight, I am in the middle of a major refactor, so sorry for the cut 'n paste.
There is a non-critical security issue (user needs "administrate site configuration" permission) here and also invalid use of t(). Can someone please test this code for me. This integrates with i18n_countries module, but I have no idea what the means to ApacheSolr???
So, does this still work?
And if you have time, un-comment the TODO and see if it breaks the search if you have a country name like '<span>test</span>text'.
Comment #7
Alan D. CreditAttribution: Alan D. commentedI'm just flicking issues queues to get an experienced eye on the code for 2 minutes. Without being able to set up to test, I am wondering how best to safely integrate with the module.
Do the results for hook_apachesolr_map_callback() / hook_apachesolr_display_callback() both need to be sanitized?
Also, should we be translating results in either?
Feel free to transfer back to the countries issue queue afterwards. Thanks in advance.
Comment #9
Nick_vhI'd prefer if you would open a new issue in the apache solr issue queue with a clear issue summary what is requested. Are you ok with that?
Comment #10
Alan D. CreditAttribution: Alan D. commentedResponse was no sanitation, so changes are valid and I'm also adding a check_plain() to the map callback just to be safe. There should never be HTML in these text fields, so this should not effect anything!
Committed.
Comment #11
Nick_vhComment #12
Alan D. CreditAttribution: Alan D. commentedFixed issues automatically close themselves after two weeks and provide a grace period for any new issues arising from the commit.
Comment #14
guillaumev CreditAttribution: guillaumev commentedI'd like to reopen this issue because I found out that the check_plain that you added is causing issues. I have a site configured with countries and facetapi, and facetapi does a check_plain (in facetapi.theme.inc) before displaying any text.
The result is that check_plain is called twice on a single string. For most countries, it does not matter, but for "Côte d'Ivoire", which has an apostrophe:
'
&
The result is that instead of displaying "Côte d'Ivoire",
"Côte d'Ivoire"
is displayed...My proposition to fix this is to remove the check_plain in hook_apachesolr_map_callback: let modules which need to actually output text directly (such as facetapi) handle the check_plain...
Comment #16
Alan D. CreditAttribution: Alan D. commentedExcellent, some feedback from someone that has the module enabled!!!! I have been running blind, and the maintainer of Apache Solr stated that there was no sanitization and that forced my hand adding the check_plain() function as to plug a potential security hole (albeit a minor one).
Can you also let us know if the function countries_apachesolr_display_callback() is called or used? From the very original patch, this was functionally wrong.
I'm thinking:
Comment #17
guillaumev CreditAttribution: guillaumev commentedAttaching new patch for testing
Comment #18
guillaumev CreditAttribution: guillaumev commented@Alan D > That's interesting, I commented out the function countries_apachesolr_display_callback, cleared my caches and the facet still displays without any problem... So it seems like countries_apachesolr_display_callback is not called or used...
Comment #19
Alan D. CreditAttribution: Alan D. commented@guillaumev
Since I am not in a position to test, can you edit one country and insert a couple of test values for me please?
<em>Test</em>
<script>alert('test')</script>Test
Comment #20
Alan D. CreditAttribution: Alan D. commentedPushed #17