Bugs in search, brace yourself

beholder

2009-02-28 21:43

My brother was bugging me with this since a search for some 10.4" or 20" notebooks or monitors returned too little or no results. This behavior pertained to at least ver. 3.0, if not older. So I looked into it and found some very interesting bugs..

The first bug may manifest only on some servers that have 'magic quotes' on. The feature causes any form entries submitted with character " to be escaped - to have characters \" instead. The obvious solution would be to use stripslashes on form output. I just switched off the whole magic quotes with .htaccess since this feature is no longer supported under PHP6 anyway. Just create .htaccess in the main QC dir and put following content in:
php_flag magic_quotes_gpc off

Allright, I was now getting the proper form output sent to the search engine. But the search was still borked. I tracked it to the core/products.php, function generateProductsSearchListArray(). The character " is somewhere previously encoded as HTML special char & q u o t ; and thus the searched needle that is supposed to be for example 14" looks like this:

please disregard spaces in the above example.
The solution would be to decode these characters, change line:
$aWords[] = $aExp[$i];
to:
$aWords[] = htmlspecialchars_decode($aExp[$i]);


Furthermore, if just by some accident you actually have used in your product name or description the html special char & q u o t ; then the borked search would end up ok for the given product, but since the above fix breaks this behavior, the htmlspecialchars_decode() is also needed to be added to this line:
if( stristr( implode( ' ', $aData ), $aWords[$i] ))
change it to following:
if( stristr( htmlspecialchars_decode(implode( ' ', $aData )), $aWords[$i] ))

In the same spirit replace this line:
if( stristr( implode( ' ', $aFile ), $aWords[$i] ) )

with this:
if( stristr( htmlspecialchars_decode(implode( ' ', $aFile )), $aWords[$i] ) )


And there you go.. working search finally. How many bugs was that? I lost count ;-)

» Quick.Cart v3.x

beholder

2009-02-28 22:45

I just noticed that when it comes to product name, QuickCart 3.3 always uses the & q u o t ; instead of normal quotes character ".
But this still needs to be fixed as detailed above, since a user can search product descriptions and there can be the normal quotes character.

Also, I noticed that if you use character " in the product name (QC 3.3 translates it to & q u o t ; ), the product links get malformed. The correct fix for this is to replace function change2Url() in file libraries/Trash.tpl with this:

Hopefully it doesn't break anything else, I'll keep testing.

beholder

2009-02-28 22:49

Oh, I just found out that on some servers the magic quotes htaccess switch doesn't work. In that case the index.php must be changed, line:

$sPhrase = trim( changeSpecialChars( htmlspecialchars( stripslashes( urldecode( $sPhrase ) ) ) ) );

to this:

$sPhrase = stripslashes( trim( changeSpecialChars( htmlspecialchars( stripslashes( urldecode( $sPhrase ) ) ) ) ) );

beholder

2009-02-28 23:28

Actually, on the second look, URLs look fine with the old change2Url() in QC v. 3.3. Please disregard that part of the report. It works either way, at least for the " character.