Problem with showing of search results

For creating groups, suggesting features, reporting problems and the like.
Post Reply
User avatar
Krulle
Transcribes Goblins
Posts: 8116
Contact:

Problem with showing of search results

Post by Krulle » Fri Dec 06, 2013 4:02 am

I have tried searching for something, (this is the result page)
Apparently, when the hilit function uses too common words, the server delivers non-readable junk where the standard spoiler marks should be. And you can click the "show" part of the spoiler, but you can't open the spoiler, as nothing happens.
error-gobforum.png
When I change the address by deleting "too common" words in the hilit funtion, it works fine.

Just wanted to tell, as this could be an indication of a faulty implementation somewhere, which could lead to vulnerabilities regarding the server.


EDIT: a bit more testing: it only happens when you have the word "this" highlighted, as it appears in the code of the "spoiler" function.
"for" is no problem, neither "die".
Edit2: "else" is also a problem, but it looks different. Apparently, the search function searches in the code of tags too, and as many common words are used in programming languages too, this happens.... Functionnames are unlikely to be searched, but someone knowing a bit about phpBB might know more.
You do not have the required permissions to view the files attached to this post.
Goblinscomic transcriptions
Collection of G:AR cards

User avatar
SeeAMoose
Admin Moose on the Loose
Admin Moose on the Loose
Posts: 1427
UStream Username: See_a_Moose
Location: Maryland (DC Area)

Re: Problem with showing of search results

Post by SeeAMoose » Sun Dec 08, 2013 10:45 am

Thanks for the heads up, I'll look into it.
I am one of the forum admins and chat moderators. Drop any of us a line if you ever need a hand in either the forum or the chat.
You can reach me at AdminMoose@goblinsforum.com or at BotWalter@gmail.com

User avatar
Krulle
Transcribes Goblins
Posts: 8116
Contact:

Re: Problem with showing of search results

Post by Krulle » Mon Dec 09, 2013 1:58 am

A quick workaround would be to add these words to the "non-searchable or too common" list...
Goblinscomic transcriptions
Collection of G:AR cards

User avatar
gamecreator
Prattles on Unremittingly
Posts: 3116
Location: Ukraine

Re: Problem with showing of search results

Post by gamecreator » Mon Dec 09, 2013 3:55 am

That's really bad workaround. What if someone will want to search for a word "spoiler"? Or "style", "show" etc.?

User avatar
Krulle
Transcribes Goblins
Posts: 8116
Contact:

Re: Problem with showing of search results

Post by Krulle » Mon Dec 09, 2013 7:50 am

The very common words are already a problem.

It is a problem, but the safety of the forum should come first.

I also don't like the search facility of the forum, and often use google to search the forum (by adding "site: goblinsforum.com" to the google search statement). Google is good for string searches, which this forum search engine does not allow or do.Won't work in hidden thread, posts, or forums, alas.
And the "no string search" already limits the useability for me very much, as these are most effective when "short standard words" like "the", "this", or the like, not forbidden.

But maybe the phpBB people knwo about this problem, and made sure that this does not lead to vulnerabilities. Then there is no workaround necessary. Then it's just a problem with the highlighting function. And maybe this highlighting function needs some "forbidden words" then...
Goblinscomic transcriptions
Collection of G:AR cards

Post Reply