Jump to content

Sanitizer selectorValue, sanitize "(" and ")" braces?


Webrocker
 Share

Recommended Posts

Hi,

using a "Search" input and having the search over several fields like "Title", "Headline", "Body", and running the input value through $sanitizer->selectorValue() first, I noticed that a search for "Non(n)sense" led to errors. After testing around a bit, we discovered that replacing the "(" and ")" with "\(" and "\)"  before running the selector yielded the expected search result.

on line 738ff in core/Sanitizer.php:

// disallow some characters in selector values
// @todo technically we only need to disallow at begin/end of string
$value = str_replace(array('*', '~', '`', '$', '^', '|', '<', '>', '=', '[', ']', '{', '}'), ' ', $value);

Should the normal braces () be added there as well, or should those be escaped somewhere in this sanitizer?

I am not sure if we have a homegrown problem here, because our "search" selector uses some or-groups, which are denoted by using - braces.

cheers
Tom

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...