Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-1831

DataImportHandler not escaping single quotes

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Not A Problem
    • Affects Version/s: 1.4, 1.5
    • Fix Version/s: None
    • Environment:

      Windows XP Pro SP3
      java 1.6.0.18
      Solr 1.4 and Solr 1.5-dev using example-DIH and example start.jar
      MySQL 5.1

      Description

      SQL queries are not being properly escaped. Single quotes are being passed to SQL driver. Despite line 78 of EvaluatorBag.java single quotes are being retrieved in fields from the parent entity. When a field containing a single quote is referenced via variable in a child entity's query string it does not get escaped.

      I have tested this in both 1.4 and 1.5-dev and receive the same result. Below is the error that I received when this happened:

      SEVERE: Exception while processing: person document : solrInputDocument[{Person_hasAlias=Person_hasAlias(1.0)=

      {Al'fiuwa}

      , id=id(1.0)=

      {http://x.yz/bk/aya/}

      , Person_hasTempRi=Person_hasTempRi(1.0)=

      {http://x.yz/bk/aya/ > Al'fiuwa}

      , Person_hasEmailAddress=Person_hasEmailAddress(1.0)={aya@bk.yz}}]
      org.apache.solr.handler.dataimport.DataImportHandlerException: Unable to execute query: SELECT * FROM Message WHERE hasAuthor='http://x.yz/bk/aya/ > Al'fiuwa' Processing Document # 593
      at org.apache.solr.handler.dataimport.DataImportHandlerException.wrapAndThrow(DataImportHandlerException.java:72)
      at org.apache.solr.handler.dataimport.JdbcDataSource$ResultSetIterator.<init>(JdbcDataSource.java:251)
      at org.apache.solr.handler.dataimport.JdbcDataSource.getData(JdbcDataSource.java:208)
      at org.apache.solr.handler.dataimport.JdbcDataSource.getData(JdbcDataSource.java:39)
      at org.apache.solr.handler.dataimport.SqlEntityProcessor.initQuery(SqlEntityProcessor.java:58)
      at org.apache.solr.handler.dataimport.SqlEntityProcessor.nextRow(SqlEntityProcessor.java:71)
      at org.apache.solr.handler.dataimport.EntityProcessorWrapper.nextRow(EntityProcessorWrapper.java:233)
      at org.apache.solr.handler.dataimport.DocBuilder.buildDocument(DocBuilder.java:580)
      at org.apache.solr.handler.dataimport.DocBuilder.buildDocument(DocBuilder.java:606)
      at org.apache.solr.handler.dataimport.DocBuilder.doFullDump(DocBuilder.java:261)
      at org.apache.solr.handler.dataimport.DocBuilder.execute(DocBuilder.java:185)
      at org.apache.solr.handler.dataimport.DataImporter.doFullImport(DataImporter.java:333)
      at org.apache.solr.handler.dataimport.DataImporter.runCmd(DataImporter.java:391)
      at org.apache.solr.handler.dataimport.DataImporter$1.run(DataImporter.java:372)
      Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'fiuwa'' at line 1
      at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
      at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
      at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
      at java.lang.reflect.Constructor.newInstance(Unknown Source)
      at com.mysql.jdbc.Util.handleNewInstance(Util.java:406)
      at com.mysql.jdbc.Util.getInstance(Util.java:381)
      at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1030)
      at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:956)
      at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3515)
      at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3447)
      at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1951)
      at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2101)
      at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2548)
      at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2477)
      at com.mysql.jdbc.StatementImpl.execute(StatementImpl.java:741)
      at com.mysql.jdbc.StatementImpl.execute(StatementImpl.java:587)
      at org.apache.solr.handler.dataimport.JdbcDataSource$ResultSetIterator.<init>(JdbcDataSource.java:244)
      ... 12 more

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              kevinaj Kevin
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: