4 replies to this topic

[elitLG]

Hi,

I'm trying to build a search function using selectors but when "sanitizing" a string, containing a comma, with Sanitizer::selectorValue it sometimes removes the comma. Here are some test runs (first row is input, second is selectorValue output) :

'test'
'test'

"test'
"test"

,test, '
"test '"

'
''

','test'
"'test"

guns n' roses, mötley crüe
"guns n' roses mötley crüe"

','test
"'test"

"''"
""

,
""

test, test2
"test, test2"

Also in the documentation for selectorValue it says:

Replaces disallowed characters with spaces

does this mean you can't search for all characters (comma)?

[ryan]

MySQL's fulltext indexes don't index commas. As you saw, commas and quotes will get trimmed from the front and back of the string. The sanitizer leaves single quote characters by themselves just in case they are an apostrophe. The sanitizer is fast but not smart here, which is why you saw it leave [what it thinks] is an apostrophe at the beginning of a couple of your tests.

A comma in the middle of the string is fine. It'll be ignored by the fulltext index, but could still be used for an exact match '=' operation. I'm not certain why it's removing the comma from your guns n roses string, but looks like a bug to me. Apparently it doesn't like the combination of apostrophe and comma, because the string works fine as soon as I remove the "n'" part of it. I will use that to test and debug -- thanks.

[Soma]

It seems when there's a "'" in the string any "," gets stripped out. I also tested this just to confirm.

[ryan]

The behavior you see here where sometimes it allows commas and sometimes it doesn't is because it depends on what other characters are in the strong. So it'll let a comma stay in "test, test2" but not "guns n' roses, mötley crüe". It's a little too strict, and this function could be a lot smarter, so I'm working on some updates to it that I'll post later this week.

[evan]

Was this issue ever resolved?  The code below will fail when given the string "well, I":

 

$query = $sanitizer->selectorValue($input->get->q);

$this_results = $pages->find("template=item, body|title|artists.title%=$query, sort=-posted, limit=10");

 

 

The error output:

Error Exception: Unknown Selector operator: '' -- was your selector value properly escaped? (in /home/public_html/wire/core/Selectors.php line 165)

#0 /home/public_html/wire/core/Selectors.php(190): Selectors->create('I', '', '')
#1 /home/public_html/wire/core/Selectors.php(63): Selectors->extractString('template=item, ...')
#2 /home/public_html/wire/core/Pages.php(132): Selectors->__construct('template=item, ...')
#3 /home/public_html/wire/core/Wire.php(269): Pages->___find('template=item, ...')
#4 /home/public_html/wire/core/Wire.php(229): Wire->runHooks(Array, Array)
#5 /home/public_html/site/templates/section.php(92): Wire->__call('find', Array)
#6 /home/public_html/site/templates/section.php(92): Pages->find('find', Array)
#7 /home/public_html/site/templates/home.php(78): include('/home/msvalerie...')

 

 

 

I'm using PW 2.2.2.

 

Nevermind, disregard -- editing the wrong template.  How embarassing...!