Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Search not working on discussion titles
Prosper
✭✭
Why is the search function not working on discussion titles? Does anyone have a fix to this problem?
0
Comments
what search term did you try and what title was not found?
what garden searchmode are you using?
myisam table?
$Configuration['Garden']['Search']['Mode']
afaik, the search search the title of discussion - (discussion name)
https://github.com/vanilla/vanilla/blob/18498916ac071fd2f9778183c3972764b022154c/applications/vanilla/models/class.vanillasearchmodel.php#L58
https://dev.mysql.com/doc/refman/5.5/en/fulltext-search.html
https://dev.mysql.com/doc/refman/5.5/en/fulltext-boolean.html
are you using sphinxsearch plugin?
Pragmatism is all I have to offer. Avoiding the sidelines and providing centerline pro-tips.
@River - I don't use sphinxsearch plugin. I use vanilla default search function. My problem is that the discussion titles are not highlighted "yellow" as do the discussion summary after search is performed.
post a screenshot. since the idea seems to be veering from your original premise or I don't understand.
so the search is working and finding the proper discussions and selecting appropriate discussions based on discussion title! but the words are not highlighted in discussion title and you want them to be.
Pragmatism is all I have to offer. Avoiding the sidelines and providing centerline pro-tips.
Yes - that's exactly what I want.
a screenshot with an example would probably help people see your issue. whether it is a feature request or a bug.
Pragmatism is all I have to offer. Avoiding the sidelines and providing centerline pro-tips.
From the screenshot, you can see the search for the word "police" did not highlight "police" on discussion titles as it does on discussion summary.
you might be able to debug here:
https://github.com/vanilla/vanilla/blob/Vanilla_2.2.1/library/core/functions.render.php#L704
or here:
https://github.com/vanilla/vanilla/blob/Vanilla_2.2.1/applications/dashboard/controllers/class.searchcontroller.php#L102
I'm not sure what goes into result set without testing and can't test right now.
or it could be the "mark" css is wrong and too specific on your site. you could determine that by testing with default theme.
Pragmatism is all I have to offer. Avoiding the sidelines and providing centerline pro-tips.
here is the problem No mark tag is added to titles.
and a solution. BUT the solution needs a second pair of eyes regarding SECURITY. I don't think it opens a security flaw, but someone else might take a look and if not someone might add it to github.
https://github.com/vanilla/vanilla/blob/Vanilla_2.2.1/applications/dashboard/controllers/class.searchcontroller.php#L102
insert this line to add the
<mark>to the title.$Row{'Title'} = SearchExcerpt(Gdn_Format::plainText($Row['Title'],$Row['Format'], $SearchTerms);https://github.com/vanilla/vanilla/blob/Vanilla_2.2.1/applications/dashboard/views/search/results.php#L9
<h3><?php echo anchor(htmlspecialchars($Row['Title']), $Row['Url']); ?></h3>to
<h3><?php echo anchor($Row['Title'], $Row['Url']); ?></h3>anyone see a security flaw due to removal of htmlspecialchars with the change. if not, anyone want to put it on github either as is or with mods. is the Gdn_Format::plainText sufficient in this case.
until then it is at your own risk.
Pragmatism is all I have to offer. Avoiding the sidelines and providing centerline pro-tips.
No, never do this.
Yes, it is a serious flaw.
No, that is no security at all.
The only way to do this securely is to then treat the text as HTML and therefore pass it thru the HTMLawed purifier AFTER you add the
marktags instead of applying htmlspecialchars.But you are opening up a whole other can of worms by doing that, because then OTHER post-legal HTML injected into titles will start rendering on that page. I recommend against this course of action (mostly because adding a core hack is bad enough let alone one fraught with security peril), but you'd need to first strip tags, then add
mark, then run the purifier. I imagine that all is why it wasn't done in the first place.In summary
Filed as a proper enhancement issue: https://github.com/vanilla/vanilla/issues/4556
thanks for the follow-up and constructive critique.
Pragmatism is all I have to offer. Avoiding the sidelines and providing centerline pro-tips.