WordPress.org

Forums

WordPress Sphinx Search Plugin
Unescaped HTML in snippets (1 post)

  1. amartynov
    Member
    Posted 2 years ago #

    I often have pieces of code (HTML, XML, etc) in my posts. When Sphinx has a result within these code blocks it outputs corresponding snippets as unescaped HTML. The cosequences may vary from distorted appearance to code injections...

    I fixed it by adding htmlspecialchars to snippet generation in file sphinxsearch_frontend.php, function get_excerpt:

    $excerpts[$i] = str_replace(
        array('{sphinx_after_match}', '{sphinx_before_match}'),
        array($sphinx_after_match, $sphinx_before_match),
        htmlspecialchars($excerpts[$i]) # <<< HERE!
    );

    Is it a bug in plugin code or a problem with my theme / other plugins?

    http://wordpress.org/extend/plugins/wordpress-sphinx-plugin/

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • WordPress Sphinx Search Plugin
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic

Tags

No tags yet.