Hi Paul,
I’ve actually had to look up how this was changed and used previously. The problem with sanitation in wordpress is that some fields are sanitised, some fields are not (as stored in the database). This creates a huge issue, as the plugin would have to preferably use the same type of sanitation methods before comparison on these specific fields. It’s however still not clear to me how the exact sanitation process runs down on the post content and how to properly convert the search phrase back to it, and minding potential dangers of SQL injections and such.
In the meantime the Index Table engine was developed, which circumvents this problem completely. Many search engines use a similar technique. So instead converting the search phrase through a number of sanitation processes and then escaping and testing, the index table was created to separate the content to words, and store them as they are – since they are not re-presented in any way.
Long story short: I could recommend modifications to sanitize the search phrase on specific occasions in the code, but I’m not sure what vulnerabilities would that cause (if any). Instead, I recommend using the index table engine – which allows mos of the “special” characters to be stored and searched untouched.
I’ve noted this as an issue, and will look into it before the upcoming version releases. I might find a proper, transparent solution for the default “regular” engine as well.
Best,Ernest Marcinko
If you like my products, don't forget to rate them on codecanyon :)
