WordPress Sphinx Search Plugin
Unescaped HTML in snippets (1 post)

  1. amartynov
    Posted 3 years ago #

    I often have pieces of code (HTML, XML, etc) in my posts. When Sphinx has a result within these code blocks it outputs corresponding snippets as unescaped HTML. The cosequences may vary from distorted appearance to code injections...

    I fixed it by adding htmlspecialchars to snippet generation in file sphinxsearch_frontend.php, function get_excerpt:

    $excerpts[$i] = str_replace(
        array('{sphinx_after_match}', '{sphinx_before_match}'),
        array($sphinx_after_match, $sphinx_before_match),
        htmlspecialchars($excerpts[$i]) # <<< HERE!

    Is it a bug in plugin code or a problem with my theme / other plugins?


Topic Closed

This topic has been closed to new replies.

About this Plugin

  • WordPress Sphinx Search Plugin
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic


No tags yet.