Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#34541] - Added urlencode to search word

? Pending

User tests: Successful: Unsuccessful:

avatar indyteo
indyteo
17 Jun 2021

The encoding of the search word prevent unexpected behavior with this user-dependent field (e.g. "word&with=special+characters" will be search literally rather than parsed in the URL), and fixes some bugs related to special characters such as accents (for example "café") in the "Location" response header, that are blocked by some security protection

Pull Request for Issue #34540.

Summary of Changes

Added urlencode call (twice, because one wasn't enough) in com_search/controller.php around $searchword

Testing Instructions

Perform a search using a special character (such as an ampersand, symbol used to separate URL parameters), and check the term effectively searched

Actual result BEFORE applying this Pull Request

Search for word&with=special+characters and get a search result for word, with an extra URL parameter with=special+characters

Expected result AFTER applying this Pull Request

Search for word&with=special+characters and get a search result for word&with=special+characters, without any extra URL parameter

Documentation Changes Required

No change would be required, as it fix an abnormal behavior of the com_search component

avatar indyteo indyteo - open - 17 Jun 2021
avatar indyteo indyteo - change - 17 Jun 2021
Status New Pending
avatar joomla-cms-bot joomla-cms-bot - change - 17 Jun 2021
Category Front End com_search
avatar Fedik
Fedik - comment - 18 Jun 2021

There something wrong, if we need 2 urlencode(),
Need to check more, what is going on.

I found urldecode() in the Search model, that may cause this:

joomla-cms/components/com_search/models/search.php

Lines 80 to 82 in 1c78eef

// Set the search parameters
$keyword = urldecode($app->input->getString('searchword'));
$match = $app->input->get('searchphrase', $searchphrase, 'word');

but need check

avatar indyteo
indyteo - comment - 18 Jun 2021

Yes I first found it strange too, but then I saw two urldecode somewhere in the code so I though it may be normal ?

joomla-cms/components/com_search/router.php

Lines 58 to 59 in 1c78eef

// Urldecode twice because it is encoded twice
$segments[$i] = urldecode(urldecode(stripcslashes($segments[$i])));

avatar Fedik
Fedik - comment - 18 Jun 2021

yeah, that also looks strange ?

avatar zero-24
zero-24 - comment - 21 Jul 2022

Will close here for 3.10. I dont intend to change this within the last release of 3.10. But please check whether thats still an issue and send a PR here: https://github.com/joomla-extensions/search so it can be patched for search.

Thanks

avatar zero-24 zero-24 - change - 21 Jul 2022
Status Pending Closed
Closed_Date 0000-00-00 00:00:00 2022-07-21 17:07:30
Closed_By zero-24
Labels Added: ?
avatar zero-24 zero-24 - close - 21 Jul 2022

Add a Comment

Login with GitHub to post a comment