• Resolved jezkerw

    (@jezkerw)


    Hi, your plugin is producing errors in the error log. You can easily replicate the error yourself. Got to your website and delete the error_log file. Once the log file is clean, go to your website and try searching for some terms. First try to search for “x”. You’ll get some notices about trying to get a property of non-object. Then extend the search term to “hold *” (just add a space and a star). You will get a query error. That means that the query is not prepared for the special characters.

    [9-Feb-2024 00:09:46 UTC] WordPress database error Regex error ‘quantifier does not follow a repeatable item at offset 2’ for query
    SELECT SQL_CALC_FOUND_ROWS DISTINCT wp_posts.ID
    FROM wp_posts LEFT JOIN wp_term_relationships AS tr ON (wp_posts.ID = tr.object_id)
    WHERE 1=1 AND (
    wp_posts.ID NOT IN (
    SELECT object_id
    FROM wp_term_relationships
    WHERE term_taxonomy_id IN (792)
    )
    ) AND ( ((wp_posts.post_title REGEXP ‘\bBook|Book\b’)) AND ((wp_posts.post_title REGEXP ‘\b📕|📕\b’)) AND ((wp_posts.post_title REGEXP ‘\bchri|chri\b’))) AND ( ( wp_posts.ID NOT IN ( SELECT wp_term_relationships.object_id FROM wp_term_relationships WHERE wp_term_relationships.term_taxonomy_id IN ( 792) ) )) AND wp_posts.post_type = ‘post’ AND ((wp_posts.post_status = ‘publish’ OR wp_posts.post_status = ‘inherit’))
    GROUP BY wp_posts.ID
    ORDER BY (CASE WHEN wp_posts.post_title LIKE ‘%Book 📕 f chri%’ THEN 1 WHEN wp_posts.post_title LIKE ‘%Book%’ AND wp_posts.post_title LIKE ‘%📕%’ AND wp_posts.post_title LIKE ‘%chri%’ THEN 2 WHEN wp_posts.post_title LIKE ‘%Book%’ OR wp_posts.post_title LIKE ‘%📕%’ OR wp_posts.post_title LIKE ‘%chri%’ THEN 3 WHEN wp_posts.post_excerpt LIKE ‘%Book 📕 f chri%’ THEN 4 WHEN wp_posts.post_content LIKE ‘%Book 📕 f chri%’ THEN 5 ELSE 6 END), wp_posts.post_date DESC
    LIMIT 0, 10
    made by do_action(‘wp_ajax_nopriv_is_ajax_load_posts’), WP_Hook->do_action, WP_Hook->apply_filters, IS_Ajax->ajax_load_posts, require_once(‘/plugins/add-search-to-menu-premium/public/partials/is-ajax-results.php’), WP_Query->__construct, WP_Query->query, WP_Query->get_posts.

    I think this must be fixed.

Viewing 12 replies - 1 through 12 (of 12 total)
  • Plugin Author Vinod Dalvi

    (@vinod-dalvi)

    Sorry to hear about the problem you are having.

    I tried to reproduce the issue by following your instructions but couldn’t reproduce it.

    It seems your website specific issue.

    This can be due to plugin conflict on your site so please try temporarily deactivating all plugins except the Ivory Search plugin and see whether everything works fine, and then enable the plugins one by one to see which plugin is conflicting if any.

    Also, this can be a theme issue used on your site so to confirm it just temporarily use the Twenty Twenty One theme on your site. If everything works fine then it’s your site theme issue.

    Also could you please tell me what version of PHP and WordPress you are using?

    Best regards,

    Thread Starter jezkerw

    (@jezkerw)

    Hi, I don’t think this has anything to do with other plugins. It happens on both my sites. Both developers who checked said it was bad coding in the Ivory plugin and should be patched.

    I am using latest WordPress and latest PHP.

    • This reply was modified 4 months, 1 week ago by jezkerw.
    Plugin Author Vinod Dalvi

    (@vinod-dalvi)

    I could not reproduce the issue on my website as displayed in these screenshots https://imgur.com/a/0DinwnI

    Could you please share the page URL from your site where it is happening so I can troubleshoot it?

    Thread Starter jezkerw

    (@jezkerw)

    Hi Vinod. I forwarded your message to my developer and he said…

    “Well, in theory he can be right, but he can also add some conditions to avoid the error. What he describes is correct but also a “painful” procedure.
    In addition it can also be other things causing the error. In my opinion there are two ways to go…

    1. Do as he says.
    2. Replace the plugin with a similar one.”
    Plugin Author Vinod Dalvi

    (@vinod-dalvi)

    It’s your call to select any of the above shared options.

    Thread Starter jezkerw

    (@jezkerw)

    So are you saying nothing is wrong at all with the way your plugin operates? Just to confirm.

    Plugin Author Vinod Dalvi

    (@vinod-dalvi)

    Yes as said earlier I have tested it on my website and it is working fine.

    Also, it is being used on thousands of websites of users without any issue.

    It seems your website-specific issue that we can only resolve If we perform troubleshooting as described earlier.

    Thread Starter jezkerw

    (@jezkerw)

    
    
    [08-Mar-2024 03:44:07 UTC] WordPress database error Regex error 'quantifier does not follow a repeatable item at offset 2' for querySELECT SQL_CALC_FOUND_ROWS DISTINCT wp_posts.ID
    FROM wp_posts LEFT JOIN wp_term_relationships AS tr ON (wp_posts.ID = tr.object_id)
    WHERE 1=1 AND (
    wp_posts.ID NOT IN (
    SELECT object_id
    FROM wp_term_relationships
    WHERE term_taxonomy_id IN (792)
    )
    AND
    wp_posts.ID NOT IN (
    SELECT object_id
    FROM wp_term_relationships
    WHERE term_taxonomy_id IN (792)
    )
    ) AND ( ((wp_posts.post_title REGEXP '\b試験の準備方法-実用的なMB-220|試験の準備方法-実用的なMB-220\b')) AND ((wp_posts.post_title REGEXP '\b資格模擬試験-真実的なMB-220|資格模擬試験-真実的なMB-220\b')) AND ((wp_posts.post_title REGEXP '\b認定テキスト|認定テキスト\b')) AND ((wp_posts.post_title REGEXP '\b👽|👽\b')) AND ((wp_posts.post_title REGEXP '\b➽|➽\b')) AND ((wp_posts.post_title REGEXP '\bwww.spamurl .com|www.spamurl .com\b')) AND ((wp_posts.post_title REGEXP '\b🢪で《|🢪で《\b')) AND ((wp_posts.post_title REGEXP '\bMB-220|MB-220\b')) AND ((wp_posts.post_title REGEXP '\b》を検索し、無料でダウンロードしてくださいMB-220受験対策|》を検索し、無料でダウンロードしてくださいMB-220受験対策\b'))) AND ( ( wp_posts.ID NOT IN ( SELECT wp_term_relationships.object_id FROM wp_term_relationships WHERE wp_term_relationships.term_taxonomy_id IN ( 792) ) )) AND wp_posts.post_type = 'post' AND ((wp_posts.post_status = 'publish' OR wp_posts.post_status = 'inherit'))
    GROUP BY wp_posts.ID
    ORDER BY (CASE WHEN wp_posts.post_title LIKE '%試験の準備方法-実用的なMB-220 資格模擬試験-真実的なMB-220 認定テキスト 👽 ➽ www.goshiken.com 🢪で《 MB-220 》を検索し、無料でダウンロードしてくださいMB-220受験対策%' THEN 1 WHEN wp_posts.post_excerpt LIKE '%試験の準備方法-実用的なMB-220 資格模擬試験-真実的なMB-220 認定テキスト 👽 ➽ www.spamurl .com 🢪で《 MB-220 》を検索し、無料でダウンロードしてくださいMB-220受験対策%' THEN 4 WHEN wp_posts.post_content LIKE '%試験の準備方法-実用的なMB-220 資格模擬試験-真実的なMB-220 認定テキスト 👽 ➽ www.spam url.com 🢪で《 MB-220 》を検索し、無料でダウンロードしてくださいMB-220受験対策%' THEN 5 ELSE 6 END), wp_posts.post_date DESC
    LIMIT 0, 8
    made by require('wp-blog-header.php'), wp, WP->main, WP->query_posts, WP_Query->query, WP_Query->get_posts
    • This reply was modified 4 months, 1 week ago by jezkerw.
    Thread Starter jezkerw

    (@jezkerw)

    Sorry my post looks a bit messed up

    I am getting this regularly in my error log and I think it’s related to Ivory search somehow. Doesn’t necessarily mean it’s your plugin that is the issue, but could it simply be that some bot is just trying to add this into the search box an execute it?

    Thread Starter jezkerw

    (@jezkerw)

    I asked ChatGTP and it says…

    The error log you’re seeing indicates that your WordPress site is encountering a problem when trying to process a database query that includes regular expressions (REGEXP). The specific error message “Regex error ‘quantifier does not follow a repeatable item at offset 2′” suggests there’s an issue with how the regular expression is constructed, likely due to the input it’s trying to process.

    From the context provided, it indeed appears that some bot or malicious user is trying to inject code or manipulate your site’s behavior through the search functionality. They’re attempting to use complex regular expressions within the search terms, which your WordPress site then incorporates into a database query. This type of activity is a form of attack known as SQL Injection, which aims to exploit security vulnerabilities in the database layer of an application.

    Thread Starter jezkerw

    (@jezkerw)

    I realized this can be done in a number of ways using any type of form or upload functions.

    Plugin Author Vinod Dalvi

    (@vinod-dalvi)

    Awesome great to see you got that found.

Viewing 12 replies - 1 through 12 (of 12 total)
  • You must be logged in to reply to this topic.