Announcement

Collapse
No announcement yet.

Plus Sign and or special characters in the Item Description field for searching

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Plus Sign and or special characters in the Item Description field for searching

    I have tried to look on this forum for help with this... but I have found nothing so far.
    I have a dynamic search that looks up values for a product's description via an autocomplete. Some items have a plus sign " + " in their descriptions.
    The autocomplete is finding the items descriptions correctly, but when you select that description with the plus sign " + " in it... the search doesn't find any items.
    I have narrowed it down to the plus sign because if I remove plus sign it finds the items.

    Thanks for any pointers!

  • #2
    no responses to this? The Data the autocomplete finds has a plus sign in it. The search just needs to allow for it right?

    Comment


    • #3
      My best guess: this is due to a bug. Specifically this bug is hidden in the sajax routine that is being used.
      Find *the _sajax file in your deployed project.
      Find something that looks similar to this:
      Code:
                              else if (sajax_request_type == \"POST\") {
                                      post_data = \"rs=\" + escape(func_name);
                                      post_data += \"&rst=\" + escape(sajax_target_id);
                                      post_data += \"&rsrnd=\" + new Date().getTime();
      
                                      for (i = 0; i < args.length-1; i++)
                                              post_data = post_data + \"&rsargs[]=\" + escape(args[i]);
      There you will see the bug clearly.

      This should be:
      Code:
                              else if (sajax_request_type == \"POST\") {
                                      post_data = \"rs=\" + escape(func_name);
                                      post_data += \"&rst=\" + escape(sajax_target_id);
                                      post_data += \"&rsrnd=\" + new Date().getTime();
      
                                      for (i = 0; i < args.length-1; i++){
                                              s=escape(args[i]);
                                              post_data = post_data + \"&rsargs[]=\" + s.replace(\"+\",\"%2B\");
                                      }

      I also had to change the *_mutf8.php piece of code from
      Code:
          function NM_utf8_urldecode($str)
          {
              if (is_array($str))
              {
                  return $str;
              }
              $aRep = array(
                            '&' => '&amp;',
                            '<' => '&lt;',
                            '>' => '&gt;',
                            '"' => '&quot;',
                            "'" => '&apos;',
                            '+' => '&#44',
                            '' => '&Aacute;',
      ....
              $str = preg_replace("/%u([0-9a-f]{3,4})/i", "&#x\\1;", urldecode($str));
              if (isset($_SESSION['scriptcase']['charset']) && 'BIG-5' == $_SESSION['scriptcase']['charset'])
      ....
      to
      Code:
          function NM_utf8_urldecode($str)
          {
              return rawurldecode($str);      
          }
          
          function NM_utf8_urldecode2($str)
          {
              if (is_array($str))
              {
                  return $str;
              }
              $aRep = array(
                            '&' => '&amp;',
                            '<' => '&lt;',
                            '>' => '&gt;',
                            '"' => '&quot;',
                            "'" => '&apos;',
                            '+' => '&#43',
                            '' => '&Aacute;',
      ....
              $str = preg_replace("/%u([0-9a-f]{3,4})/i", "&#x\\1;", rawurldecode($str));
              if (isset($_SESSION['scriptcase']['charset']) && 'BIG-5' == $_SESSION['scriptcase']['charset'])
      ....

      I have reported this before with great detail but it was never fixed. It also causes file uploeads with a + sign in it to go wrong.
      Likely this is the same for you.

      The bug (never fixed as far as I can see) is clearly shown. A + sign is NOT &#44 but #&43
      And the sajax call clearly doesnt escape properly.

      If that is your case you probably need to fix similar code.

      Comment

      Working...
      X