-
-
Notifications
You must be signed in to change notification settings - Fork 489
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CSW GetRecords doesn't escape query values when creating the Elasticsearch query #7529
Conversation
@@ -199,7 +181,7 @@ protected static String escapeLikeLiteral(String text) { | |||
} | |||
|
|||
protected static String convertLikePattern(PropertyIsLike filter) { | |||
String result = filter.getLiteral(); | |||
String result = StringEscapeUtils.escapeJson(filter.getLiteral()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would be safer to escapeJson
the result at the end ? because the filter may contain characters for escapeChar
, wildcard
and singleChar
which will not be processed with escapeJson
so the next lines may fail to do proper replacement.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done in 6c18b14
…earch query / Escape Elasticsearch special chars in EQUAL / NOT EQUAL literal queries
…earch query / Escape Elasticsearch special chars in IS LIKE literal queries
Hello @josegar74, I'm quite interested by this fix. I'll make tests on my side too with it. Thanks a lot by the way for this. |
…lasticsearch query / Escape Elasticsearch special chars in IS LIKE literal queries
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
See #7527
Includes also Sonarlint improvements.
Checklist
main
branch, backports managed with labelREADME.md
filespom.xml
dependency management. Update build documentation with intended library use and library tutorials or documentation