SolrUtils::queryPhrase

(PECL solr >= 0.9.2)

SolrUtils::queryPhrasePrepares a phrase from an unescaped lucene string

说明

public static SolrUtils::queryPhrase ( string $str ) : string

Prepares a phrase from an unescaped lucene string.

参数

str

The lucene phrase.

返回值

Returns the phrase contained in double quotes.

User Contributed Notes

quackfish at gmail dot com 08-Nov-2015 01:05
You need to be careful allowing users to use raw queries if you index sensitive information. Cross domain search timing attacks can be used to extract information from an index [1] if your form does not have XSRF protection.

If you allow raw queries it can also allow users to DOS your application by inputting slow queries.

[1] https://www.idontplaydarts.com/2015/09/cross-domain-timing-attacks-against-lucene/
daniel dot allen at commercialtrucktrader dot com 03-Feb-2014 04:04
Doing some tests it would appear that this function also sanitizes input(testing on version above 1.0). And the term "phrase" is not the same as a complete query like "FIELD:THE RIGHT HALF AFTER THE : IS THE PHRASE."

So if you want to search SOME_FIELD:some value with an escape character like +, then you would have to write the code out:

$query  = 'SOME_FIELD:' . SolrUtils::queryPhrase('some value with an escape character like +');

That would properly escape it like:

some value with an escape character like \+

FYI.