Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2018-06-10 13:35:27

kuopassa
Plugin Author
From: Porvoo, Finland
Registered: 2008-12-03
Posts: 238
Website

kuo_disable_search: deny access to Textpattern's front-side search

This is very basic plugin that does only this: prevents users from making search queries with the default Textpattern front-side search engine.

Why should you install this plugin? If your articles contain for example Textpattern tags, or PHP code, which are not meant to be shown publicly, and your Textpattern theme shows excerpts of found search results, then those search results can reveal sensitive data. I’ve informed TXP developers about this problem, but haven’t yet received a reply. :-/

Offline

#2 2018-06-10 17:12:57

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,090
Website GitHub Mastodon Twitter

Re: kuo_disable_search: deny access to Textpattern's front-side search

Although I’m sure that this plugin will be of use, couldn’t that sensitive information go into a section which is not syndicated or searchable?


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#3 2018-06-10 17:45:27

kuopassa
Plugin Author
From: Porvoo, Finland
Registered: 2008-12-03
Posts: 238
Website

Re: kuo_disable_search: deny access to Textpattern's front-side search

That could be a better solution than this one, but consider for example a scenario where <txp:hide>this super secret thing is not hidden from search results</txp:hide>. ;-)

Offline

#4 2018-06-11 07:13:35

phiw13
Plugin Author
From: Japan
Registered: 2004-02-27
Posts: 3,187
Website

Re: kuo_disable_search: deny access to Textpattern's front-side search

This is not a new issue with TXP 4.7, right? I could reproduce the same problem with TXP 4.6.2.

But I can imagine this could be a problem if you insert the supersecret thing in an article, or even simply if you hide some part of an article with an HTML comment.


Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern

Offline

#5 2018-06-11 07:47:09

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,090
Website GitHub Mastodon Twitter

Re: kuo_disable_search: deny access to Textpattern's front-side search

Bug confirmed. Content wrapped in txp:hide does indeed appear in search results. Did you report the issue on github?


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#6 2018-06-11 13:36:55

etc
Developer
Registered: 2010-11-11
Posts: 5,187
Website GitHub

Re: kuo_disable_search: deny access to Textpattern's front-side search

colak wrote #312503:

Bug confirmed. Content wrapped in txp:hide does indeed appear in search results. Did you report the issue on github?

Hi Yiannis, it’s not a bug neither feature, just technology. For best search performance, we use db indexes. The searchable fields (body, excerpt, …) are indexed on article save without any tag parsing, which would be unreliable anyway (think of if_logged_in). And parsing on each search would be too expensive. So it goes.

A globally sane approach is avoid tags/code in article content. Just write :-)

Edit: though we could strip txp tags from search result excerpts more thoroughly, will think of it.

Offline

#7 2018-06-11 14:07:10

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,090
Website GitHub Mastodon Twitter

Re: kuo_disable_search: deny access to Textpattern's front-side search

etc wrote #312510:

Edit: though we could strip txp tags from search result excerpts more thoroughly, will think of it.

Hmmm that would possibly be a problem too as shorttags offer a wonderfully easy way to include searchable captions in figures.

>Edit: @kuopassa. Would adi_notes be able to do what you are looking for? I am by no way against your plugin… I’m just trying to think of softer ways you can bypass this issue.

Last edited by colak (2018-06-11 14:10:59)


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

Board footer

Powered by FluxBB