Page 1 of 1

Two Problems with s9y search

Posted: Fri Feb 27, 2009 1:54 pm
by konus
Hello, I have a Blog about playgrounds in Dresden. So the term "spielplatz" (german für playground) is in almost every article. But:
searching for "spielplatz" does not found any of them.
Searching for "spielplatz*" finds 123 articles.

The same problem is with dresden vs. dresden* (153 articles), but some terms like sandkasten (66x) words work just fine.

Could it be, that the normal search does not work at all, if more than 100 articles are found?

An other problem is, that the pagination of bulletproof does not work after using the search with * added. Normal search (without * are ok)

Re: Two Problems with s9y search

Posted: Fri Feb 27, 2009 2:25 pm
by garvinhicking
Hi!

This is a usual mysql feature, it prevents searches from returning rows when you reach a threshold. This forum has a lot of references about this, if you search for "fulltext search", I think.

Regards,
Garvin

Re: Two Problems with s9y search

Posted: Fri Feb 27, 2009 6:57 pm
by konus
garvinhicking wrote:This is a usual mysql feature, it prevents searches from returning rows when you reach a threshold. This forum has a lot of references about this, if you search for "fulltext search", I think.
Found it, sorry for asking, I didn't expect this to be a mysql restriction (as feature not as bug). :roll:

So there is the pagination problem left: Links to numbered pages in pagination of bulletproof don't work if searched for a term with *. Next/prev. however works.

Re: Two Problems with s9y search

Posted: Fri Feb 27, 2009 8:36 pm
by Don Chambers
konus wrote:So there is the pagination problem left: Links to numbered pages in pagination of bulletproof don't work if searched for a term with *. Next/prev. however works.
I just verified that this is not specific to your install... It appears to be a smarty error related to string_format:$footer_pageLink.

Garvin? Judebert?

EDIT: this is how a page link is being emitted on my sandbox when search using "*" appended to a term:

Code: Select all

<a href="<br />
<b>Warning</b>:  sprintf() [<a href='function.sprintf'>function.sprintf</a>]: Too few arguments in <b>\server\.....\serendipity\bundled-libs\Smarty\libs\plugins\modifier.string_format.php</b> on line <b>24</b><br />
">2</a>

Re: Two Problems with s9y search

Posted: Fri Feb 27, 2009 9:55 pm
by judebert
Okay, here's the problem...

The variable $footer_pageLink gets URL-escaped to prevent users from inserting malicious code in your page. We must do this because their search term is echoed to the page, as well as included in hyperlinks. If we didn't, someone could make a link that attempted to take over a computer, then pass it to people who would obliviously click on it, then blame your site for infecting their computer.

The asterisk (*) gets encoded as %2A.

The |string_format modifier in your template tries to read that as "the second parameter, formatted in an invalid/unknown way". There aren't two parameters, so it reports that error.

If you could supply a second argument (maybe {$smarty.section.i.index|string_format:$footer_pageLink:"2nd arg"} or something), it'd probably fail while complaining that %A is invalid.

Unfortunately, the URL escaping is buried deep in the s9y code, since we've always been so security-conscious. I don't think it's feasible to unescape it, and it's possibly dangerous.

However, replacing that one %2A with * shouldn't hurt us... much. We can either do it in Smarty, for the quick fix:

Code: Select all

{assign var="dangerLink" value=$footer_pageLink|replace:"%2A":"*"}
...<a href="{$smarty.section.i.index|string_format:$dangerLink}">...
Or, if Garvin thinks it's safe enough, in the functions_entries.inc.php, around line 872, we can replace

Code: Select all

$serendipity['smarty']->assign('footer_pageLink', serendipity_rewriteURL(implode('/', $uriArguments) . $suffix));
with

Code: Select all

 $serendipity['smarty']->assign('footer_pageLink', str_replace("%2A", "*", serendipity_rewriteURL(implode('/', $uriArguments) . $suffix)));
Either way should fix the problem.

Re: Two Problems with s9y search

Posted: Fri Feb 27, 2009 10:29 pm
by Don Chambers
Thanks Judebert - will await Garvin's input because fixing it in one central location would be easier than updating all templates that might have adopted this pagination code.

Re: Two Problems with s9y search

Posted: Mon Mar 02, 2009 2:15 pm
by garvinhicking
Hi!

I'm with judebert here, we can do the "*" replacement he suggests :)

Judebert, wanna commit that?

Regards,
Garvin