View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 5598 | Composr | core_comcode_pages | public | 2024-02-07 08:50 | 2024-09-05 20:47 |
| Reporter | Adam Edington | Assigned To | PDStig | ||
| Priority | normal | Severity | major | ||
| Status | resolved | Resolution | fixed | ||
| Product Version | 10.0.45 | ||||
| Fixed in Version | 10.0.49 | ||||
| Summary | 5598: Multiple issues and potential privileged content leak in Comcode page searching | ||||
| Description | When selecting Comcode page to return keywords, the keywords appear in the block but the actual search results are blank when the links are clicked. | ||||
| Tags | Roadmap: v11 | ||||
| Attach Tags | |||||
| Attached Files | |||||
| Time estimation (hours) | |||||
| Sponsorship open | |||||
|
|
It seems this happens when pages have the _ prefix to hide them from the sitemap, but should it really exclude them from the Search results? |
|
|
Hello, No I don't believe they should be excluded. The underscore is specifically only for hiding a page from the sitemap. If a page should be hidden all together, one would mark validated to off on that page. I'll look into it, thank you. Could be a bug in v11 as well. |
|
|
Not sure if the _ prefix is at fault here, as without it I am still getting 0 results from some metatags where there should be quite a few returns. |
|
|
Some meta tags do return results, but strangely a few of these results have titles which doesn't match the content. Crazy, I know. |
|
|
Automated response: Multiple issues with searching within Comcode pages This ended up being multiple issues with the search module / comcode_page hook rather than the tags. 1) The comcode_page hook was marking cached comcode pages as having been searched without actually searching within them for results. This explains why sometimes after searching, if you refresh or go to the next page, you now have fewer results. 2) Search results were excluding pages that began with an underscore. This shouldn't happen; underscore solely controls visibility on the sitemap and everywhere else should use the unvalidated addon for controlling visibility. 3) There were also a couple potential leaks where privileged content a member does not have access to could leak into the search results. This particular issue resulted in me upgrading this to a major bug. Notice: Those using the nusearch addon will have to update their addon to receive these changes. Need to check if v11 has the same issue; this patch only applies to v10. |
|
|
Fixed in git commit 73413d8c8f (https://gitlab.com/composr-foundation/composr/commit/73413d8c8f - link will become active once code pushed to GitLab) A hotfix (a TAR of files to upload) has been uploaded to this issue. These files are made to the latest intra-version state (i.e. may roll in earlier fixes too if made to the same files) - so only upload files newer than what you have already. If there are files in a hot-fix that you don't have then they probably relate to addons that you don't have installed and should be skipped. Always take backups of files you are replacing or keep a copy of the manual installer for your version, and only apply fixes you need. These hotfixes are not necessarily reliable or well supported. Not sure how to extract TAR files to your Windows computer? Try 7-zip (http://www.7-zip.org/). |
|
|
Resolved for v11 in 5910 |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-02-07 08:50 | Adam Edington | New Issue | |
| 2024-02-07 08:50 | Adam Edington | Description Updated | |
| 2024-02-07 08:51 | Adam Edington | Summary | Side search tags doesn't return pages for meta => Side search tags block doesn't return page results for meta keywords |
| 2024-02-07 08:51 | Adam Edington | Description Updated | |
| 2024-02-07 08:58 | Adam Edington | Note Added: 0008294 | |
| 2024-02-07 15:42 | PDStig | Note Added: 0008295 | |
| 2024-02-07 15:43 | PDStig | Note Edited: 0008295 | |
| 2024-02-07 15:43 | PDStig | Assigned To | => user4172 |
| 2024-02-07 15:43 | PDStig | Status | Not Assigned => Assigned |
| 2024-02-09 04:12 | Adam Edington | Note Added: 0008297 | |
| 2024-02-09 04:21 | Adam Edington | Note Added: 0008298 | |
| 2024-02-09 04:21 | Adam Edington | Note Edited: 0008297 | |
| 2024-02-09 04:22 | Adam Edington | Note Edited: 0008298 | |
| 2024-08-13 00:37 | PDStig | Tag Attached: Roadmap: v11 | |
| 2024-08-13 00:38 | PDStig | Summary | Side search tags block doesn't return page results for meta keywords => Multiple issues and potential privileged content leak in Comcode page searching |
| 2024-08-13 00:39 | PDStig | Product Version | 10.0.48.beta => 10.0.45 |
| 2024-09-05 20:47 | PDStig | Status | Assigned => Resolved |
| 2024-09-05 20:47 | PDStig | Resolution | open => fixed |
| 2024-09-05 20:47 | PDStig | Note Added: 0009291 |
