Webrocker Posted December 3, 2015 Share Posted December 3, 2015 Hi, using a "Search" input and having the search over several fields like "Title", "Headline", "Body", and running the input value through $sanitizer->selectorValue() first, I noticed that a search for "Non(n)sense" led to errors. After testing around a bit, we discovered that replacing the "(" and ")" with "\(" and "\)" before running the selector yielded the expected search result. on line 738ff in core/Sanitizer.php: // disallow some characters in selector values // @todo technically we only need to disallow at begin/end of string $value = str_replace(array('*', '~', '`', '$', '^', '|', '<', '>', '=', '[', ']', '{', '}'), ' ', $value); Should the normal braces () be added there as well, or should those be escaped somewhere in this sanitizer? I am not sure if we have a homegrown problem here, because our "search" selector uses some or-groups, which are denoted by using - braces. cheersTom Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now