Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
kuo_disable_search: deny access to Textpattern's front-side search
This is very basic plugin that does only this: prevents users from making search queries with the default Textpattern front-side search engine.
Why should you install this plugin? If your articles contain for example Textpattern tags, or PHP code, which are not meant to be shown publicly, and your Textpattern theme shows excerpts of found search results, then those search results can reveal sensitive data. I’ve informed TXP developers about this problem, but haven’t yet received a reply. :-/
Offline
Re: kuo_disable_search: deny access to Textpattern's front-side search
Although I’m sure that this plugin will be of use, couldn’t that sensitive information go into a section which is not syndicated or searchable?
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: kuo_disable_search: deny access to Textpattern's front-side search
That could be a better solution than this one, but consider for example a scenario where <txp:hide>this super secret thing is not hidden from search results</txp:hide>. ;-)
Offline
Re: kuo_disable_search: deny access to Textpattern's front-side search
This is not a new issue with TXP 4.7, right? I could reproduce the same problem with TXP 4.6.2.
But I can imagine this could be a problem if you insert the supersecret thing in an article, or even simply if you hide some part of an article with an HTML comment.
Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern
Offline
Re: kuo_disable_search: deny access to Textpattern's front-side search
Bug confirmed. Content wrapped in txp:hide does indeed appear in search results. Did you report the issue on github?
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: kuo_disable_search: deny access to Textpattern's front-side search
colak wrote #312503:
Bug confirmed. Content wrapped in
txp:hidedoes indeed appear in search results. Did you report the issue on github?
Hi Yiannis, it’s not a bug neither feature, just technology. For best search performance, we use db indexes. The searchable fields (body, excerpt, …) are indexed on article save without any tag parsing, which would be unreliable anyway (think of if_logged_in). And parsing on each search would be too expensive. So it goes.
A globally sane approach is avoid tags/code in article content. Just write :-)
Edit: though we could strip txp tags from search result excerpts more thoroughly, will think of it.
Offline
Re: kuo_disable_search: deny access to Textpattern's front-side search
etc wrote #312510:
Edit: though we could strip txp tags from search result excerpts more thoroughly, will think of it.
Hmmm that would possibly be a problem too as shorttags offer a wonderfully easy way to include searchable captions in figures.
>Edit: @kuopassa. Would adi_notes be able to do what you are looking for? I am by no way against your plugin… I’m just trying to think of softer ways you can bypass this issue.
Last edited by colak (2018-06-11 14:10:59)
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline