solr sanitizing query - ruby-on-rails

I am using solr with ruby on rails.
It's all working well, I just need to know if there's any existing code to sanitize user input, like a query starting with ? or *

I don't know any code that does this, but theoretically it could be done by looking at the parsing code in Lucene and searching for throw new ParseException (only 16 matches!).
In practice, I think you're better off just catching any solr exceptions in your code and showing an "invalid query" message or something like that.
EDIT: Here are a couple of "sanitizers":
http://pivotallabs.com/users/zach/blog/articles/937-sanitizing-solr-requests
http://github.com/jvoorhis/lucene_query
http://e-mats.org/2010/01/escaping-characters-in-a-solr-query-solr-url/

If you are using Solarium with PHP then you can use the Solarium_Escape::term() method.
/**
* Escape a term
*
* A term is a single word.
* All characters that have a special meaning in a Solr query are escaped.
*
* If you want to use the input as a phrase please use the {#link phrase()}
* method, because a phrase requires much less escaping.\
*
* #link http://lucene.apache.org/java/docs/queryparsersyntax.html#Escaping%20Special%20Characters
*
* #param string $input
* #return string
*/
static public function term($input)
{
$pattern = '/(\+|-|&&|\|\||!|\(|\)|\{|}|\[|]|\^|"|~|\*|\?|:|\\\)/';
return preg_replace($pattern, '\\\$1', $input);
}

Related

Doxygen anchor inside function

I have a filter which converts actual code into #code/#endcode blocks but I can't figure out a way to create a #ref link to these sections.
Here's a snippet of what I mean:
/**
* Refer to this example: #ref example1
* #param $arg1
* #param $arg2
*/
public function somefunction($arg1, $arg2)
{
/**
* #anchor example1 #code
if (true)
{
$this = 'bollox';
}
* #endcode
**/
}
The output of this looks pretty much like what I want (although I haven't decided on how best to truly indicate the link point...exmple1 springs to mind).
The problem is that the hyperlink for example1 links to the filename.html#example1.
I've checked the source and there is an anchor class being generated.
I understand I'm not really using anchor as documented.
Any suggestions welcome.
Note: I'm not specifically trying to get anchor to work...just want a hyperlink/bookmark to link a \ref (or similar).

Google Sheets QR code "tab"

I am working with the Google sheets to make QR codes. I have my scanner programmed to do a 'TAB' function after every scan and it works well. I would like to make a single QR code that has 3 different pieces of information in it with a tab between each and an enter on the end. I have tried many ways and just found that most of them work fine in something like Notepad, but nothing is working in a form where there are 3 fields. The form has the following fields: Plant, Department, Part#
I have tried using:
//cell E12 has 106+%09+W6311A+%09+12345678 or 106+char(9)+W6311A+char(9)+12345678
=if(isblank(E12),"",image("https://chart.googleapis.com/chart?chs=150x150&cht=qr&chl="&E12))
//A14==106, B14==W06311A, C14==12345678
=CONCATENATE(A14, char(9),B14,char(9),C14,char(10))
//A15==the above concatenate code
=image("https://chart.googleapis.com/chart?chs=200x200&cht=qr&chl="& urlencode(join(char(10),arrayformula(A15))))
//this script is called by the above code:
/**
* Converts a string to a properly encoded URI
*
* #param {string} component The component you want to encode
* #return {string} The encoded URI component.
* #customfunction
*/
function urlencode ( component ) {
if ( component && component.map ) {
return component.map ( urlencode );
Logger.log(component);
}
else {
return encodeURIComponent ( component || "" ) ;
Logger.log("2 "+component);
}
}
As I said, they work fine in word or notepad, but they put all the information into one field of a form. One scan could be quicker then the current 3 individual scans that we do. Is there a coding method that is specific to fill in forms?
Thanks,
Josh

Response code Null (0) today, app was working yesterday (API Integration)

I have integrated Asana task lists into my company's website for our development team. All was going well until today - the page I created now errors out with a response code of NULL (or 0). In my very limited experience, this is an issue with the Asana connection, correct? Is this something I can fix on my side or is Asana API currently down (considering this worked up until today)?
We are using the API key, not OAuth, as everyone who has access to this task list is on the same workspace.
Edit:
I have 2 api keys that I am working with - 1 for production, 1 for development. I switch them out when I hand over a branch for my boss to merge in.
Testing API key works just fine.
Production API key does not work - always a response code null when trying to pull back tasks.
I am brand new to API development and I do not know how to use curl to make these calls. I am using a library found here:
https://github.com/ajimix/asana-api-php-class/blob/master/asana.php
More specifically, here is my code:
/*
* We are only interested in the JVZoo workspace
* Unless we are testing, in which we will use Faith In Motion workspace
*/
$JVZ_workspace_id = 18868754507673;
$FIM_workspace_id = 47486153348950;
/*
* Which one are we using right now?
*/
$workspace = $FIM_workspace_id;
/*
* Now lets do the same thing with Projects
* There should only be one project - JVZoo.com
* Unless we are testing - More JVZoo Testing
*
* We do need to dynamically show the project name
* This will help on confusion if we are accidently in the
* wrong project
*
* Then start building an array with these pieces
*/
$JVZ_project = array();
$JVZ_project['id'] = 53244927972665;
$JVZ_project['name'] = "JVZoo.com";
$FIM_project = array();
$FIM_project['id'] = 54787074465868;
$FIM_project['name'] = "More JVZoo Testing";
/*
* Which one are we using?
*/
$project = $FIM_project;
/*
* In order to help reduce load time even more,
* we are not going to return the project name
*
* This way we do not need to ask Asana for the project information
* This does change the layout of the view, however
*
* And finally grab all tasks for each project
* Connection check
*
* Return all tasks from this workspace and hand-filter
* to show both assigned and followed tasks
*/
$tasksJson = $asana->getProjectTasks($project['id']);
if ($asana->responseCode != '200' || is_null($tasksJson))
{
$this->session->set_flashdata('error', 'Error while trying to get tasks from Asana, response code: ' . $asana->responseCode);
redirect_and_continue_processing('/dashboard');
return;
}
FIM is my test environment.
JVZ is my production environment.
/**
* Returns all unarchived tasks of a given project
*
* #param string $projectId
* #param array $opt Array of options to pass
* (#see https://asana.com/developers/documentation/getting-started/input-output-options)
*
* #return string JSON or null
*/
public function getProjectTasks($projectId, array $opts = array())
{
$options = http_build_query($opts);
return $this->askAsana($this->taskUrl . '?project=' . $projectId . '&' . $options);
}
I did a PR on the parameter passed in to line that is returned above. In my FIM environment, I get this:
https://app.asana.com/api/1.0/tasks?project=54787074465868&
For my production environment:
https://app.asana.com/api/1.0/tasks?project=53244927972665&

Parse a report with powershell

I'm trying to gather some statistics using powershell.
I have about 4,000 reports that look like this (all in their own Report.txt files - some have more fields. I've sniped it):
What I would like to do (thinking out loud) is take each [ ] and make that a csv header and then add each item under that header under it. Then I can run simple count statements against it and pull out some data. Maybe there is a better/easier way?
The idea is to have some like:
Requested Permissions: android.permission.INTERNET 3,562 of 4,000
Requested Permissions: android.permission.READ_SMS 1 of 4,000
etc...
So far i've stripped down the string so it no longer has white spaces and *.
[ Package name ]
* com.software.application
[ Requested Permissions ]
* android.permission.INTERNET
* android.permission.READ_PHONE_STATE
* android.permission.READ_SMS
* android.permission.RECEIVE_SMS
* android.permission.SEND_SMS
* android.permission.WAKE_LOCK
* android.permission.WRITE_EXTERNAL_STORAGE
* com.google.android.c2dm.permission.RECEIVE
* com.software.application.permission.C2D_MESSAGE
[ Responsible API calls for used Permissions ]
* android/app/NotificationManager;->notify
* android/content/Context;->sendBroadcast
* android/content/Context;->startService
* android/os/PowerManager$WakeLock;->acquire
* android/os/PowerManager$WakeLock;->release
* android/telephony/SmsManager;->sendTextMessage
[ Potentially dangerous Calls ]
* getSystemService
* HttpPost
* sendSMS
Current output example:
[PotentiallydangerousCalls]
getSystemService
HttpPost
sendSMS
So it's a bit cleaner now...
I will put some code if I have time, but here is a roadbook :
1) Write a function (CsvToObject) that take the path and name of a csv file and return a PSObject with a property with each [value]
This function can take advantage of switch ... case PowerShell structure with regex and file usage.
2) Take every *.csv file (Get-ChildItem) , call your function and pipe the result in Export-CSV
Your current output example is structured like an ini file. This Scripting Guy post on ini files might be useful. Some regex help here and here.

Where is "?" placeholder of sql in play2's anorm

We can write sqls like following in play2's anorm:
def findById(id: String): Option[Link] = DB.withConnection {implicit connection =>
SQL("select * from links where id={id}").on('id -> id).as(simple.singleOpt)
}
It uses {xxx} format as the placeholder, and the specify a map 'id->id. Is there anyway to use ? as the placeholder as we do in play1?
I hope I can write it like:
def findById(id:String): Option[Link] = DB.withConnection {implicit connection =>
SQL("select * from links where id=?").on(id).as(simple.singleOpt)
}
This format is very useful sometimes.
No, currently Anorm uses the Scala symbols for the mapping and you can't use '?'.
This may change in the future, but it is not possible right now.

Resources