WordPress.org

Ready to get started?Download WordPress

Forums

BBQ: Block Bad Queries
[resolved] URLs with quotes in a search term get blocked (10 posts)

  1. Russell Heimlich
    Member
    Posted 1 year ago #

    I have this plugin activated and when I do a search on my site that uses quotes the page returned is blanked. It gets caught by the $query_string_array filter of your plugin.

    For now I'm forced to comment out /*'\%22', '\%27',*/ in order to keep this plugin active and have my special search queries still working.

    Also it would be helpful to render something on the page when wp_debug is set to true to help people figure out why they're page is coming back blank. Something as simple as "blocked by BBQ" would have saved me loads of time tracking down this problem.

    http://wordpress.org/extend/plugins/block-bad-queries/

  2. Jeff Starr
    Member
    Plugin Author

    Posted 1 year ago #

    Thanks for the feedback, Russell. We're working on an update that should address these issues. Will see what can be done about the %27, which is a commonly seen character in malicious attacks. May we ask which other plugin is involved? Thanks.

  3. Russell Heimlich
    Member
    Posted 1 year ago #

    No other plugins were involved as far as I can tell. I do have some custom functions that make the search url "pretty"

    example.com/?s="woo+hoo" => example.com/search/"woo+hoo"

    Firefox automatically unescapes quotes in urls so the final url would really be example.com/search/%22woo+hoo%22 but you get the idea.

    Only the unrestful example.com/?s="woo+hoo" url got tripped up the BBQ plugin. example.com/search/"woo+hoo" worked just fine.

    Good luck finding an acceptable solution. It's kind of tricky.

  4. Jeff Starr
    Member
    Plugin Author

    Posted 1 year ago #

    Thanks Russell! This information will certainly help us find a solution.

  5. Russell Heimlich
    Member
    Posted 1 year ago #

    Same situation... a search on my site for environment (/?s=environment) also gets caught by BBQ.

  6. Jeff Starr
    Member
    Plugin Author

    Posted 1 year ago #

    Added to the list! Thanks again.

  7. rmlumley
    Member
    Posted 1 year ago #

    I have the same situation with ?/s=union getting caught by BBQ.

  8. Jeff Starr
    Member
    Plugin Author

    Posted 1 year ago #

    Added to the list, we'll see if there's a way to allow for searches containing otherwise blocked terms. Thanks for the feedback.

  9. ljmac
    Member
    Posted 1 year ago #

    When I do a search with quotes (double or single) on my site, BBQ doesn't block it. Am I missing something?

  10. Jeff Starr
    Member
    Plugin Author

    Posted 1 year ago #

    What is an example of a URL that should be blocked but isn't, so we can take a look..

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.