mirror of
https://github.com/OrchardCMS/Orchard.git
synced 2025-10-07 07:34:30 +08:00
Preventing Indexing AdminController and Commands from operating with unsafe index names (#8845)
This commit is contained in:
Benedek Farkas
@@ -4,7 +4,7 @@ using Orchard.Commands;
|
||||
using Orchard.ContentManagement;
|
||||
using Orchard.Indexing.Services;
|
||||
using Orchard.Tasks.Indexing;
|
||||
using Orchard.Utility.Extensions;
|
||||
using static Orchard.Indexing.Helpers.IndexingHelpers;
|
||||
|
||||
namespace Orchard.Indexing.Commands {
|
||||
public class IndexingCommands : DefaultOrchardCommandHandler {
|
||||
@@ -38,27 +38,22 @@ namespace Orchard.Indexing.Commands {
|
||||
return;
|
||||
}
|
||||
|
||||
if (string.IsNullOrWhiteSpace(index)) {
|
||||
if (!IsValidIndexName(index)) {
|
||||
Context.Output.WriteLine(T("Invalid index name."));
|
||||
return;
|
||||
}
|
||||
|
||||
if (index.ToSafeName() != index) {
|
||||
Context.Output.WriteLine(T("Invalid index name."));
|
||||
var indexProvider = _indexManager.GetSearchIndexProvider();
|
||||
if (indexProvider == null) {
|
||||
Context.Output.WriteLine(T("No indexing service was found. Please enable a module like Lucene."));
|
||||
}
|
||||
else {
|
||||
var indexProvider = _indexManager.GetSearchIndexProvider();
|
||||
if(indexProvider == null) {
|
||||
Context.Output.WriteLine(T("No indexing service was found. Please enable a module like Lucene."));
|
||||
if (indexProvider.Exists(index)) {
|
||||
Context.Output.WriteLine(T("The specified index already exists."));
|
||||
}
|
||||
else {
|
||||
if (indexProvider.Exists(index)) {
|
||||
Context.Output.WriteLine(T("The specified index already exists."));
|
||||
}
|
||||
else {
|
||||
_indexManager.GetSearchIndexProvider().CreateIndex(index);
|
||||
Context.Output.WriteLine(T("New index has been created successfully."));
|
||||
}
|
||||
_indexManager.GetSearchIndexProvider().CreateIndex(index);
|
||||
Context.Output.WriteLine(T("New index has been created successfully."));
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -66,7 +61,7 @@ namespace Orchard.Indexing.Commands {
|
||||
[CommandName("index update")]
|
||||
[CommandHelp("index update <index>\r\n\t" + "Updates the specified index")]
|
||||
public void Update(string index) {
|
||||
if (string.IsNullOrWhiteSpace(index)) {
|
||||
if (!IsValidIndexName(index)) {
|
||||
Context.Output.WriteLine(T("Invalid index name."));
|
||||
return;
|
||||
}
|
||||
@@ -78,7 +73,7 @@ namespace Orchard.Indexing.Commands {
|
||||
[CommandName("index rebuild")]
|
||||
[CommandHelp("index rebuild <index> \r\n\t" + "Rebuilds the specified index")]
|
||||
public void Rebuild(string index) {
|
||||
if (string.IsNullOrWhiteSpace(index)) {
|
||||
if (!IsValidIndexName(index)) {
|
||||
Context.Output.WriteLine(T("Invalid index name."));
|
||||
return;
|
||||
}
|
||||
@@ -91,24 +86,24 @@ namespace Orchard.Indexing.Commands {
|
||||
[CommandHelp("index query <index> /Query:<query>\r\n\t" + "Searches the specified <query> terms in the specified index")]
|
||||
[OrchardSwitches("Query")]
|
||||
public void Search(string index) {
|
||||
if (string.IsNullOrWhiteSpace(index)) {
|
||||
if (!IsValidIndexName(index)) {
|
||||
Context.Output.WriteLine(T("Invalid index name."));
|
||||
return;
|
||||
}
|
||||
|
||||
if ( !_indexManager.HasIndexProvider() ) {
|
||||
if (!_indexManager.HasIndexProvider()) {
|
||||
Context.Output.WriteLine(T("No index available"));
|
||||
return;
|
||||
}
|
||||
var searchBuilder = _indexManager.GetSearchIndexProvider().CreateSearchBuilder(index);
|
||||
var results = searchBuilder.Parse( new [] {"body", "title"}, Query).Search();
|
||||
var results = searchBuilder.Parse(new[] { "body", "title" }, Query).Search();
|
||||
|
||||
Context.Output.WriteLine("{0} result{1}\r\n-----------------\r\n", results.Count(), results.Count() > 0 ? "s" : "");
|
||||
|
||||
Context.Output.WriteLine("┌──────────────────────────────────────────────────────────────┬────────┐");
|
||||
Context.Output.WriteLine("│ {0} │ {1,6} │", "Title" + new string(' ', 60 - "Title".Length), "Score");
|
||||
Context.Output.WriteLine("├──────────────────────────────────────────────────────────────┼────────┤");
|
||||
foreach ( var searchHit in results ) {
|
||||
foreach (var searchHit in results) {
|
||||
var contentItem = _contentManager.Get(searchHit.ContentItemId);
|
||||
var metadata = _contentManager.GetItemMetadata(contentItem);
|
||||
var title = String.IsNullOrWhiteSpace(metadata.DisplayText) ? "- no title -" : metadata.DisplayText;
|
||||
@@ -126,12 +121,12 @@ namespace Orchard.Indexing.Commands {
|
||||
[CommandHelp("index stats <index>\r\n\t" + "Displays some statistics about the search index")]
|
||||
[OrchardSwitches("IndexName")]
|
||||
public void Stats(string index) {
|
||||
if (string.IsNullOrWhiteSpace(index)) {
|
||||
if (!IsValidIndexName(index)) {
|
||||
Context.Output.WriteLine(T("Invalid index name."));
|
||||
return;
|
||||
}
|
||||
|
||||
if ( !_indexManager.HasIndexProvider() ) {
|
||||
if (!_indexManager.HasIndexProvider()) {
|
||||
Context.Output.WriteLine(T("No index available"));
|
||||
return;
|
||||
}
|
||||
@@ -140,11 +135,10 @@ namespace Orchard.Indexing.Commands {
|
||||
}
|
||||
|
||||
[CommandName("index refresh")]
|
||||
[CommandHelp("index refresh /ContentItem:<content item id> \r\n\t" + "Refreshes the index for the specifed <content item id>")]
|
||||
[CommandHelp("index refresh /ContentItem:<content item id> \r\n\t" + "Refreshes the index for the specified <content item id>")]
|
||||
[OrchardSwitches("ContentItem")]
|
||||
public void Refresh() {
|
||||
int contentItemId;
|
||||
if ( !int.TryParse(ContentItem, out contentItemId) ) {
|
||||
if (!int.TryParse(ContentItem, out int contentItemId)) {
|
||||
Context.Output.WriteLine(T("Invalid content item id. Not an integer."));
|
||||
return;
|
||||
}
|
||||
@@ -152,19 +146,18 @@ namespace Orchard.Indexing.Commands {
|
||||
var contentItem = _contentManager.Get(contentItemId);
|
||||
_indexingTaskManager.CreateUpdateIndexTask(contentItem);
|
||||
|
||||
Context.Output.WriteLine(T("Content Item marked for reindexing"));
|
||||
Context.Output.WriteLine(T("Content Item marked for re-indexing"));
|
||||
}
|
||||
|
||||
[CommandName("index delete")]
|
||||
[CommandHelp("index delete /ContentItem:<content item id>\r\n\t" + "Deletes the specifed <content item id> from the index")]
|
||||
[CommandHelp("index delete /ContentItem:<content item id>\r\n\t" + "Deletes the specified <content item id> from the index")]
|
||||
[OrchardSwitches("ContentItem")]
|
||||
public void Delete() {
|
||||
int contentItemId;
|
||||
if(!int.TryParse(ContentItem, out contentItemId)) {
|
||||
if (!int.TryParse(ContentItem, out int contentItemId)) {
|
||||
Context.Output.WriteLine(T("Invalid content item id. Not an integer."));
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
var contentItem = _contentManager.Get(contentItemId);
|
||||
_indexingTaskManager.CreateDeleteIndexTask(contentItem);
|
||||
|
||||
|
||||
@@ -2,12 +2,12 @@
|
||||
using System.Linq;
|
||||
using System.Web.Mvc;
|
||||
using Orchard.Indexing.Services;
|
||||
using Orchard.Indexing.ViewModels;
|
||||
using Orchard.Localization;
|
||||
using Orchard.Logging;
|
||||
using Orchard.Security;
|
||||
using Orchard.Indexing.ViewModels;
|
||||
using Orchard.UI.Notify;
|
||||
using Orchard.Utility.Extensions;
|
||||
using static Orchard.Indexing.Helpers.IndexingHelpers;
|
||||
|
||||
namespace Orchard.Indexing.Controllers {
|
||||
public class AdminController : Controller {
|
||||
@@ -15,7 +15,7 @@ namespace Orchard.Indexing.Controllers {
|
||||
private readonly IIndexManager _indexManager;
|
||||
|
||||
public AdminController(
|
||||
IIndexingService indexingService,
|
||||
IIndexingService indexingService,
|
||||
IOrchardServices services,
|
||||
IIndexManager indexManager) {
|
||||
_indexingService = indexingService;
|
||||
@@ -34,23 +34,21 @@ namespace Orchard.Indexing.Controllers {
|
||||
IndexEntries = Enumerable.Empty<IndexEntry>(),
|
||||
IndexProvider = _indexManager.GetSearchIndexProvider()
|
||||
};
|
||||
|
||||
|
||||
if (_indexManager.HasIndexProvider()) {
|
||||
viewModel.IndexEntries = _indexManager.GetSearchIndexProvider().List().Select(x => {
|
||||
try {
|
||||
return _indexingService.GetIndexEntry(x);
|
||||
}
|
||||
catch(Exception e) {
|
||||
catch (Exception e) {
|
||||
Logger.Error(e, "Index couldn't be read: " + x);
|
||||
return new IndexEntry {
|
||||
return new IndexEntry {
|
||||
IndexName = x,
|
||||
IndexingStatus = IndexingStatus.Unavailable
|
||||
};
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
// Services.Notifier.Information(T("The index might be corrupted. If you can't recover click on Rebuild."));
|
||||
|
||||
return View(viewModel);
|
||||
}
|
||||
@@ -59,7 +57,7 @@ namespace Orchard.Indexing.Controllers {
|
||||
if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not allowed to manage the search index.")))
|
||||
return new HttpUnauthorizedResult();
|
||||
|
||||
return View("Create", String.Empty);
|
||||
return View("Create");
|
||||
}
|
||||
|
||||
[HttpPost, ActionName("Create")]
|
||||
@@ -68,7 +66,7 @@ namespace Orchard.Indexing.Controllers {
|
||||
return new HttpUnauthorizedResult();
|
||||
|
||||
var provider = _indexManager.GetSearchIndexProvider();
|
||||
if (String.IsNullOrWhiteSpace(id) || id.ToSafeName() != id) {
|
||||
if (!IsValidIndexName(id)) {
|
||||
Services.Notifier.Error(T("Invalid index name."));
|
||||
return View("Create", id);
|
||||
}
|
||||
@@ -82,9 +80,9 @@ namespace Orchard.Indexing.Controllers {
|
||||
provider.CreateIndex(id);
|
||||
Services.Notifier.Information(T("Index named {0} created successfully", id));
|
||||
}
|
||||
catch(Exception e) {
|
||||
catch (Exception e) {
|
||||
Services.Notifier.Error(T("An error occurred while creating the index: {0}", id));
|
||||
Logger.Error("An error occurred while creatign the index " + id, e);
|
||||
Logger.Error("An error occurred while creating the index " + id, e);
|
||||
return View("Create", id);
|
||||
}
|
||||
|
||||
@@ -96,7 +94,12 @@ namespace Orchard.Indexing.Controllers {
|
||||
if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not allowed to manage the search index.")))
|
||||
return new HttpUnauthorizedResult();
|
||||
|
||||
_indexingService.UpdateIndex(id);
|
||||
if (IsValidIndexName(id)) {
|
||||
_indexingService.UpdateIndex(id);
|
||||
}
|
||||
else {
|
||||
Services.Notifier.Error(T("Invalid index name."));
|
||||
}
|
||||
|
||||
return RedirectToAction("Index");
|
||||
}
|
||||
@@ -106,7 +109,12 @@ namespace Orchard.Indexing.Controllers {
|
||||
if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not allowed to manage the search index.")))
|
||||
return new HttpUnauthorizedResult();
|
||||
|
||||
_indexingService.RebuildIndex(id);
|
||||
if (IsValidIndexName(id)) {
|
||||
_indexingService.RebuildIndex(id);
|
||||
}
|
||||
else {
|
||||
Services.Notifier.Error(T("Invalid index name."));
|
||||
}
|
||||
|
||||
return RedirectToAction("Index");
|
||||
}
|
||||
@@ -116,7 +124,12 @@ namespace Orchard.Indexing.Controllers {
|
||||
if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not allowed to manage the search index.")))
|
||||
return new HttpUnauthorizedResult();
|
||||
|
||||
_indexingService.DeleteIndex(id);
|
||||
if (IsValidIndexName(id)) {
|
||||
_indexingService.DeleteIndex(id);
|
||||
}
|
||||
else {
|
||||
Services.Notifier.Error(T("Invalid index name."));
|
||||
}
|
||||
|
||||
return RedirectToAction("Index");
|
||||
}
|
||||
|
||||
@@ -0,0 +1,8 @@
|
||||
using Orchard.Utility.Extensions;
|
||||
|
||||
namespace Orchard.Indexing.Helpers {
|
||||
public static class IndexingHelpers {
|
||||
public static bool IsValidIndexName(string name) =>
|
||||
!string.IsNullOrWhiteSpace(name) && name.ToSafeName() == name;
|
||||
}
|
||||
}
|
||||
@@ -95,6 +95,7 @@
|
||||
<Compile Include="AdminMenu.cs" />
|
||||
<Compile Include="Commands\IndexingCommands.cs" />
|
||||
<Compile Include="Controllers\AdminController.cs" />
|
||||
<Compile Include="Helpers\IndexingHelpers.cs" />
|
||||
<Compile Include="Migrations.cs" />
|
||||
<Compile Include="Handlers\CreateIndexingTaskHandler.cs" />
|
||||
<Compile Include="Handlers\InfosetFieldIndexingHandler.cs" />
|
||||
@@ -180,4 +181,4 @@
|
||||
</FlavorProperties>
|
||||
</VisualStudio>
|
||||
</ProjectExtensions>
|
||||
</Project>
|
||||
</Project>
|
||||
Reference in New Issue
Block a user