Lack of interest BB codes in search index

This suggestion has been closed automatically because it did not receive enough votes over an extended period of time. If you wish to see this, please search for an open suggestion and, if you don't find any, post a new one.
Lukas W.

Lukas W.

Well-known member
I wasn't completely sure if I should post this as bug report or as suggestion, but I went with bug report for now, as it seems kinda broken to me. Please feel free to move it to suggestions and rename it to something more useful, if necessary.

When creating a search index item, XF doesn't run any pre-processing method on the search message that's being entered into the database. I assume it's that message that's being used to create the final search result listing item, so the BB code probably wants to stay in there, but it also allows to search for BB code structures, that might not be intended to be searched. Custom BB codes like a parsehtml or hide get stored into the search index without any real means of pre-processing, so we can't actually strip out content that we don't want to go there. As IndexRecord::create doesn't go through the class proxy for obvious reasons, we don't really have a way to intercept and apply our own sanitation.
 
Upvote 3
This suggestion has been closed. Votes are no longer accepted.
I agree with you, hope the xf team will look into it as it's very frustrating to have users cheat on my forum because of this reason. They already found this trick to see hidden content and they keep abusing it.
 
Lukas W. said:
I assume it's that message that's being used to create the final search result listing item
Click to expand...
The actual entity is fetched for displaying results, so I'm not sure if it would matter if it was stripped from the index.

Lukas W. said:
As IndexRecord::create doesn't go through the class proxy for obvious reasons, we don't really have a way to intercept and apply our own sanitation.
Click to expand...
A bit tedious if you're dealing with a bunch of content types (and impractical if you have to worry about 3rd party content types), but you can extend search handlers to modify the index record.
 
Jeremy P said:
The actual entity is fetched for displaying results, so I'm not sure if it would matter if it was stripped from the index.
Click to expand...
I have the rendered version adjustes to not include the content of my hide BB codes, but apparently you can "guess" the content by searching for it and having the respective post show up as search result as an indicator you searched for the right thing. Complicated, I know, but people do more for less.
 
Jeremy P said:
A bit tedious if you're dealing with a bunch of content types (and impractical if you have to worry about 3rd party content types), but you can extend search handlers to modify the index record.
Click to expand...
Yeah, I basically have to worry about all content types that support bb codes, so that's not a feasible solution
 
Lukas W. said:
Yeah, I basically have to worry about all content types that support bb codes, so that's not a feasible solution
Click to expand...
You can extend the search provider and filter on ingress (\XF\Search\Source\AbstractSource::Index) for each source handler (MySQL or ElasticSearch).

Alternatively you could extend XF\Search\Search class and shim the handler method to return a wrapper class for any search provider returned. Or dynamically shim the returned handler so the class parent is preserved.
 

Similar threads

Ozzy47
[OzzModz] Disable BB-codes in User About You Field
Replies
0
Views
458
Ozzy47
Ozzy47
Scandal
XF 2.2 Enhanced Search: index issue with "new" content type
Replies
1
Views
822
Scandal
Scandal
Wildcat Media
  • Suggestion Suggestion
Lack of interest Enhance the search in Search Forum nodes
Replies
4
Views
1K
Wildcat Media
Wildcat Media
I
  • Suggestion Suggestion
Implemented IndexNow - Instantly index content in Search Engines
Replies
14
Views
2K
Rusty Snippets
Rusty Snippets
LenaTDDS
Fixed Replace an outdated link in BB-Codes
Replies
1
Views
2K
XF Bug Bot
XF Bug Bot
Back
Top Bottom