Support » Plugin: Search Everything » Critical bug breaks WP_Query

  • Sam Bull

    (@dreamsorcerer)


    A bug in the newest version of Search Everything breaks some WP_Query results on our site.

    search-everything.php:278: if ( $searchQuery != '' ) {

    The default value for $searchQuery is actually '()' (see se_search_default()).

    Therefore this always runs, and adds ‘AND ((()))‘ to the SQL statement, which is invalid syntax and breaks everything.

    A simple fix is to just change that if statement to: if ( $searchQuery != '()' ) {

    Note also that the following 2 if statements attempt to concatenate to the $where variable, but without checking if the $where variable exists. It would be safer to nest those if statements into the previous if statement, so you can always guarantee the variable exists.

    With both of these fixes, that section of code would look like this:

    if ( $searchQuery != '()' ) {
    	// lets use _OUR_ query instead of WP's, as we have posts already included in our query as well(assuming it's not empty which we check for)
    	$where = " AND ((" . $searchQuery . ")) ";
    
    	if ( $this->options['se_exclude_posts_list'] != '' ) {
    		$where .= $this->se_build_exclude_posts();
    	}
    	if ( $this->options['se_exclude_categories_list'] != '' ) {
    		$where .= $this->se_build_exclude_categories();
    	}
    }
  • The topic ‘Critical bug breaks WP_Query’ is closed to new replies.