This website uses cookies to personalize your experience. By using this website you agree to our cookie policy.

Forum Replies Created

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • June 26, 2015 at 4:08 pm in reply to: Escaped terms = MYSQL Query Errors + Security issues #5103
    willwill
    Participant

    Hi Ernest,

    Sorry for some reason I can’t add a new post to the forum so have had to add a comment in here.

    We’re having a couple of issues at the moment. The first is when overriding the wordpress search page, and displaying the ajax search results there instead, only a maximum of 6 are shown. We’re using a ‘Blog 1 Column’ to display the results, with -1 for the items per page, and ‘No’ for pagination (same issue when the default search page ‘Blog 2 Column’ is used). I know there should be more results as they appear in the ajax search dropdown and the Max results is set to 25. Any ideas?

    The second is our apache error log is filled with these warnings
    PHP Warning: Illegal string offset ‘images’ in /var/www/html/wp-content/plugins/ajax-search-pro/backend/settings/class/imageradio.class.php on line 35, referer: /wp-admin/admin.php?page=ajax-search-pro%2Fbackend%2Fsettings.php&asp_sid=2
    PHP Warning: Illegal string offset ‘value’ in /var/www/html/wp-content/plugins/ajax-search-pro/backend/settings/class/imageradio.class.php on line 36, referer: /wp-admin/admin.php?page=ajax-search-pro%2Fbackend%2Fsettings.php&asp_sid=2
    PHP Warning: Invalid argument supplied for foreach() in /var/www/html/wp-content/plugins/ajax-search-pro/backend/settings/class/imageradio.class.php on line 20, referer: /wp-admin/admin.php?page=ajax-search-pro%2Fbackend%2Fsettings.php&asp_sid=2

    Can we stop them, or suppress them?

    Thanks

    June 9, 2015 at 12:48 pm in reply to: Escaped terms = MYSQL Query Errors + Security issues #4948
    willwill
    Participant

    Ok, we will disable the s parameter for now and await your reply, thanks for looking into it.

    June 2, 2015 at 11:04 pm in reply to: Escaped terms = MYSQL Query Errors + Security issues #4883
    willwill
    Participant

    Thanks for the speedy response.

    We are using WordPress version 4.2.2. Yes, just entered <script>alert(‘hello’);</script> with single quotes surrounding the ‘hello’, via the normal form, not via web inspector. Using Chrome browser Version 43.0.2357.65 (64-bit).

    Are there any search settings you would like to know to ensure the tests are the same?

    After refreshing the page, due to the ’s’ query parameter in the url containing the search <script>alert(%27hello%27);</script>, the DOM tree errors remain. We also get the same results in Safari.

    The server wp is running on is an amazon EC2 instance with Ubuntu 14.04.2 and mysql version 5.6.19-0ubuntu0.14.04.1.

    Thanks Will

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)