WordPress.org

Support

Support » Plugins and Hacks » BBQ: Block Bad Queries » [Resolved] URLs with quotes in a search term get blocked

[Resolved] URLs with quotes in a search term get blocked

  • I have this plugin activated and when I do a search on my site that uses quotes the page returned is blanked. It gets caught by the $query_string_array filter of your plugin.

    For now I’m forced to comment out /*’\%22′, ‘\%27’,*/ in order to keep this plugin active and have my special search queries still working.

    Also it would be helpful to render something on the page when wp_debug is set to true to help people figure out why they’re page is coming back blank. Something as simple as “blocked by BBQ” would have saved me loads of time tracking down this problem.

    http://wordpress.org/extend/plugins/block-bad-queries/

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Author Jeff Starr

    @specialk

    Thanks for the feedback, Russell. We’re working on an update that should address these issues. Will see what can be done about the %27, which is a commonly seen character in malicious attacks. May we ask which other plugin is involved? Thanks.

    No other plugins were involved as far as I can tell. I do have some custom functions that make the search url “pretty”

    example.com/?s=”woo+hoo” => example.com/search/”woo+hoo”

    Firefox automatically unescapes quotes in urls so the final url would really be example.com/search/%22woo+hoo%22 but you get the idea.

    Only the unrestful example.com/?s=”woo+hoo” url got tripped up the BBQ plugin. example.com/search/”woo+hoo” worked just fine.

    Good luck finding an acceptable solution. It’s kind of tricky.

    Plugin Author Jeff Starr

    @specialk

    Thanks Russell! This information will certainly help us find a solution.

    Same situation… a search on my site for environment (/?s=environment) also gets caught by BBQ.

    Plugin Author Jeff Starr

    @specialk

    Added to the list! Thanks again.

    I have the same situation with ?/s=union getting caught by BBQ.

    Plugin Author Jeff Starr

    @specialk

    Added to the list, we’ll see if there’s a way to allow for searches containing otherwise blocked terms. Thanks for the feedback.

    When I do a search with quotes (double or single) on my site, BBQ doesn’t block it. Am I missing something?

    Plugin Author Jeff Starr

    @specialk

    What is an example of a URL that should be blocked but isn’t, so we can take a look..

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘[Resolved] URLs with quotes in a search term get blocked’ is closed to new replies.
Skip to toolbar