Unescaped HTML in snippets | WordPress.org

amartynov
(@amartynov)

11 years, 3 months ago
I often have pieces of code (HTML, XML, etc) in my posts. When Sphinx has a result within these code blocks it outputs corresponding snippets as unescaped HTML. The cosequences may vary from distorted appearance to code injections…

I fixed it by adding htmlspecialchars to snippet generation in file sphinxsearch_frontend.php, function get_excerpt:
```
$excerpts[$i] = str_replace(
    array('{sphinx_after_match}', '{sphinx_before_match}'),
    array($sphinx_after_match, $sphinx_before_match),
    htmlspecialchars($excerpts[$i]) # <<< HERE!
);
```
Is it a bug in plugin code or a problem with my theme / other plugins?

http://wordpress.org/extend/plugins/wordpress-sphinx-plugin/

The topic ‘Unescaped HTML in snippets’ is closed to new replies.

In: Plugins
0 replies
1 participant
Last reply from: amartynov
Last activity: 11 years, 3 months ago
Status: not resolved