The Goblins Fan Forum

I have tried searching for something, (this is the result page)
Apparently, when the hilit function uses too common words, the server delivers non-readable junk where the standard spoiler marks should be. And you can click the "show" part of the spoiler, but you can't open the spoiler, as nothing happens. When I change the address by deleting "too common" words in the hilit funtion, it works fine.

Just wanted to tell, as this could be an indication of a faulty implementation somewhere, which could lead to vulnerabilities regarding the server.


EDIT: a bit more testing: it only happens when you have the word "this" highlighted, as it appears in the code of the "spoiler" function.
"for" is no problem, neither "die".
Edit2: "else" is also a problem, but it looks different. Apparently, the search function searches in the code of tags too, and as many common words are used in programming languages too, this happens.... Functionnames are unlikely to be searched, but someone knowing a bit about phpBB might know more.

Thanks for the heads up, I'll look into it.

A quick workaround would be to add these words to the "non-searchable or too common" list...

That's really bad workaround. What if someone will want to search for a word "spoiler"? Or "style", "show" etc.?

The very common words are already a problem.

It is a problem, but the safety of the forum should come first.

I also don't like the search facility of the forum, and often use google to search the forum (by adding "site: goblinsforum.com" to the google search statement). Google is good for string searches, which this forum search engine does not allow or do.Won't work in hidden thread, posts, or forums, alas.
And the "no string search" already limits the useability for me very much, as these are most effective when "short standard words" like "the", "this", or the like, not forbidden.

But maybe the phpBB people knwo about this problem, and made sure that this does not lead to vulnerabilities. Then there is no workaround necessary. Then it's just a problem with the highlighting function. And maybe this highlighting function needs some "forbidden words" then...