Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-10423

Searching for the term "test *" will highlight nearly every word and displays htmlspecialchars as htmlentities.

    Details

    • Type: Bug
    • Status: Unverified Fix
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.9
    • Fix Version/s: 3.0.13-RC1, 3.1.0-b3
    • Component/s: Search
    • Labels:
      None
    • Environment:
      Windows 7 64Bit
      PHPBB 3.0.9
      PHP Version 5.2.11 (Apache 2.0 Handler)
      MySQL 5.1.44-community-log
      Firefox 7.0.1

      Description

      Searching for the term "test *" will highlight nearly every word and displays htmlspecialchars as htmlentities.

        Issue Links

          Activity

          Hide
          canonknipser Frank Jakobs added a comment -

          I don't think its a bug - with your 1st query you searched for 2 values ored together:
          1) the word "test"
          2) all words (by specifying the asterix) - so any word will be highlighted

          If you want to search for all word starting with test use "test*" with no space between test and asterix

          Show
          canonknipser Frank Jakobs added a comment - I don't think its a bug - with your 1st query you searched for 2 values ored together: 1) the word "test" 2) all words (by specifying the asterix) - so any word will be highlighted If you want to search for all word starting with test use "test*" with no space between test and asterix
          Hide
          barra1337 barra1337 added a comment - - edited

          The point was that e.g. the character ':' ist displayed as " & # 5 8; " (see screenshot) and i thought that it's unintended to highlight every word.

          Show
          barra1337 barra1337 added a comment - - edited The point was that e.g. the character ':' ist displayed as " & # 5 8; " (see screenshot) and i thought that it's unintended to highlight every word.
          Hide
          Oleg Oleg [X] (Inactive) added a comment - - edited

          The entity display is clearly wrong. How in the world did dots get escaped?

          Highlighting every word is also pointless. If * indeed searches for anything, the entire search query should simply be dropped as a restriction.

          Show
          Oleg Oleg [X] (Inactive) added a comment - - edited The entity display is clearly wrong. How in the world did dots get escaped? Highlighting every word is also pointless. If * indeed searches for anything, the entire search query should simply be dropped as a restriction.
          Hide
          canonknipser Frank Jakobs added a comment -

          I just checked on my board - same result, but an extra hint: "*" was ignored, but seems to be used for highlighting:
          search.php

          // define some vars for urls
          $hilit = implode('|', explode(' ', preg_replace('#\s+#u', ' ', str_replace(array('+', '-', '|', '(', ')', '"'), ' ', $keywords))));
          // Do not allow only wildcard being used for hilight
          $hilit = (strspn($hilit, '*') === strlen($hilit)) ? '' : $hilit;

          Checking is done for single asterix, but seem not working correctly.

          Maybe ignored words (eg. to short) have to be remove from $keywords - string?

          Show
          canonknipser Frank Jakobs added a comment - I just checked on my board - same result, but an extra hint: "*" was ignored, but seems to be used for highlighting: search.php // define some vars for urls $hilit = implode('|', explode(' ', preg_replace('#\s+#u', ' ', str_replace(array('+', '-', '|', '(', ')', '"'), ' ', $keywords)))); // Do not allow only wildcard being used for hilight $hilit = (strspn($hilit, '*') === strlen($hilit)) ? '' : $hilit; Checking is done for single asterix, but seem not working correctly. Maybe ignored words (eg. to short) have to be remove from $keywords - string?
          Hide
          bantu Andreas Fischer added a comment -

          I have the feeling that the entity display is not properly fixable. We use input encoding, then the BBcode parser and then search on the result. What we actually want to do is search on the plaintext. At least for MySQL fulltext this is a problem, but I've been able to reproduce the entity display with both, native and mysql_fulltext.

          Show
          bantu Andreas Fischer added a comment - I have the feeling that the entity display is not properly fixable. We use input encoding, then the BBcode parser and then search on the result. What we actually want to do is search on the plaintext. At least for MySQL fulltext this is a problem, but I've been able to reproduce the entity display with both, native and mysql_fulltext.
          Hide
          canonknipser Frank Jakobs added a comment -

          the "asterix"-problem is the same as here: http://tracker.phpbb.com/browse/PHPBB3-10342 ?

          Show
          canonknipser Frank Jakobs added a comment - the "asterix"-problem is the same as here: http://tracker.phpbb.com/browse/PHPBB3-10342 ?
          Hide
          P_I P_I added a comment - - edited

          Now that phpBB 3.0.13 has been released, I upgraded our forum and discovered this fix breaks the ability to do any wildcard searches, i.e. "test*" will return with "You must specify at least one word to search for. Each word must consist of at least 3 characters and must not contain more than 14 characters excluding wildcards." See https://tracker.phpbb.com/browse/PHPBB3-12933 for the phpBB 3.1.2 version of this problem.

          Opened new bug, PHPBB3-13548 to track.

          Show
          P_I P_I added a comment - - edited Now that phpBB 3.0.13 has been released, I upgraded our forum and discovered this fix breaks the ability to do any wildcard searches, i.e. "test*" will return with "You must specify at least one word to search for. Each word must consist of at least 3 characters and must not contain more than 14 characters excluding wildcards." See https://tracker.phpbb.com/browse/PHPBB3-12933 for the phpBB 3.1.2 version of this problem. Opened new bug, PHPBB3-13548 to track.

            People

            • Assignee:
              nickvergessen Joas Schilling
              Reporter:
              barra1337 barra1337
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development