I’m using elastic search and I create a very simple user search using it.
how can we prevent elastic search injection using web application in Yii?
for example this is my sample code :
public function actionIndex($q){
$query = ElasticUser::find()->query([
"regexp" => [
"alias" => $q,
]
]);
return $query->search();
}
is there any way to prevent run queries like ‘.*’ , ‘.str.’ and injecting strings like these?