Relevanssi – A Better Search - Version 3.5.6

Version Description

  • Relevanssi admin page had a vulnerability that allowed SQL injection attacks. That is now fixed.
  • Relevanssi didn't like to highlight search terms that are followed by a ?, an ! or an apostrophe.
  • New filter: relevanssi_ok_to_log lets you control whether search queries are logged or not.
Download this release

Release Info

Developer msaari
Plugin Icon 128x128 Relevanssi – A Better Search
Version 3.5.6
Comparing to
See all releases

Code changes from version 3.5.5 to 3.5.6

Files changed (7) hide show
  1. lib/common.php +7 -2
  2. lib/excerpts-highlights.php +3 -3
  3. lib/init.php +31 -37
  4. lib/interface.php +1 -1
  5. lib/search.php +20 -2
  6. readme.txt +9 -1
  7. relevanssi.php +1 -1
lib/common.php CHANGED
@@ -132,6 +132,7 @@ function relevanssi_update_log($query, $hits) {
132
 
133
  // Bot filter, by Justin_K
134
  // See: http://wordpress.org/support/topic/bot-logging-problem-w-tested-solution
 
135
  if (isset($_SERVER['HTTP_USER_AGENT'])) {
136
  $user_agent = $_SERVER['HTTP_USER_AGENT'];
137
  $bots = array('Google'=>'Mediapartners-Google');
@@ -142,8 +143,12 @@ function relevanssi_update_log($query, $hits) {
142
  }
143
 
144
  get_option('relevanssi_log_queries_with_ip') == "on" ? $ip = apply_filters('relevanssi_remote_addr', $_SERVER['REMOTE_ADDR']) : $ip = '';
145
- $q = $wpdb->prepare("INSERT INTO " . $relevanssi_variables['log_table'] . " (query, hits, user_id, ip, time) VALUES (%s, %d, %d, %s, NOW())", $query, intval($hits), $user->ID, $ip);
146
- $wpdb->query($q);
 
 
 
 
147
  }
148
 
149
  /**
132
 
133
  // Bot filter, by Justin_K
134
  // See: http://wordpress.org/support/topic/bot-logging-problem-w-tested-solution
135
+ $user_agent = "";
136
  if (isset($_SERVER['HTTP_USER_AGENT'])) {
137
  $user_agent = $_SERVER['HTTP_USER_AGENT'];
138
  $bots = array('Google'=>'Mediapartners-Google');
143
  }
144
 
145
  get_option('relevanssi_log_queries_with_ip') == "on" ? $ip = apply_filters('relevanssi_remote_addr', $_SERVER['REMOTE_ADDR']) : $ip = '';
146
+
147
+ $ok_to_log = apply_filters('relevanssi_ok_to_log', true, $query, $hits, $user_agent, $ip);
148
+ if ($ok_to_log) {
149
+ $q = $wpdb->prepare("INSERT INTO " . $relevanssi_variables['log_table'] . " (query, hits, user_id, ip, time) VALUES (%s, %d, %d, %s, NOW())", $query, intval($hits), $user->ID, $ip);
150
+ $wpdb->query($q);
151
+ }
152
  }
153
 
154
  /**
lib/excerpts-highlights.php CHANGED
@@ -421,17 +421,17 @@ function relevanssi_count_matches($words, $fulltext) {
421
  $count = 0;
422
  foreach( $words as $word ) {
423
  if (get_option('relevanssi_fuzzy') == 'never') {
424
- $pattern = '/([\s,\.:;]'.$word.'[\s,\.:;])/i';
425
  if (preg_match($pattern, $fulltext, $matches, PREG_OFFSET_CAPTURE)) {
426
  $count += count($matches) - 1;
427
  }
428
  }
429
  else {
430
- $pattern = '/([\s,\.:;]'.$word.')/i';
431
  if (preg_match($pattern, $fulltext, $matches, PREG_OFFSET_CAPTURE)) {
432
  $count += count($matches) - 1;
433
  }
434
- $pattern = '/('.$word.'[\s,\.:;])/i';
435
  if (preg_match($pattern, $fulltext, $matches, PREG_OFFSET_CAPTURE)) {
436
  $count += count($matches) - 1;
437
  }
421
  $count = 0;
422
  foreach( $words as $word ) {
423
  if (get_option('relevanssi_fuzzy') == 'never') {
424
+ $pattern = '/([\s,\.:;\?!\']'.$word.'[\s,\.:;\?!\'])/i';
425
  if (preg_match($pattern, $fulltext, $matches, PREG_OFFSET_CAPTURE)) {
426
  $count += count($matches) - 1;
427
  }
428
  }
429
  else {
430
+ $pattern = '/([\s,\.:;\?!\']'.$word.')/i';
431
  if (preg_match($pattern, $fulltext, $matches, PREG_OFFSET_CAPTURE)) {
432
  $count += count($matches) - 1;
433
  }
434
+ $pattern = '/('.$word.'[\s,\.:;\?!\'])/i';
435
  if (preg_match($pattern, $fulltext, $matches, PREG_OFFSET_CAPTURE)) {
436
  $count += count($matches) - 1;
437
  }
lib/init.php CHANGED
@@ -4,7 +4,7 @@ add_action('admin_menu', 'relevanssi_menu');
4
  add_filter('the_posts', 'relevanssi_query');
5
  add_action('delete_post', 'relevanssi_delete');
6
  add_action('comment_post', 'relevanssi_comment_index'); //added by OdditY
7
- add_action('edit_comment', 'relevanssi_comment_edit'); //added by OdditY
8
  add_action('delete_comment', 'relevanssi_comment_remove'); //added by OdditY
9
  add_action('wp_insert_post', 'relevanssi_insert_edit', 99, 1 ); // added by lumpysimon
10
  // BEGIN added by renaissancehack
@@ -50,7 +50,7 @@ function relevanssi_init() {
50
  update_option( 'relevanssi_doc_count', $D);
51
  }
52
  }
53
-
54
  if (!function_exists('mb_internal_encoding')) {
55
  function relevanssi_mb_warning() {
56
  echo "<div id='relevanssi-warning' class='error'><p><strong>"
@@ -101,7 +101,7 @@ function relevanssi_query_vars($qv) {
101
 
102
  function relevanssi_create_database_tables($relevanssi_db_version) {
103
  global $wpdb;
104
-
105
  require_once(ABSPATH . 'wp-admin/includes/upgrade.php');
106
 
107
  $charset_collate_bin_column = '';
@@ -118,12 +118,9 @@ function relevanssi_create_database_tables($relevanssi_db_version) {
118
  if ($wpdb->collate == '' && $wpdb->charset == "utf8") {
119
  $charset_collate_bin_column .= " COLLATE utf8_bin";
120
  }
121
- if ($wpdb->collate == '' && $wpdb->charset == "utf8mb4") {
122
- $charset_collate_bin_column .= " COLLATE utf8mb4_bin";
123
- }
124
  }
125
-
126
- $relevanssi_table = $wpdb->prefix . "relevanssi";
127
  $relevanssi_stopword_table = $wpdb->prefix . "relevanssi_stopwords";
128
  $relevanssi_log_table = $wpdb->prefix . "relevanssi_log";
129
 
@@ -135,28 +132,28 @@ function relevanssi_create_database_tables($relevanssi_db_version) {
135
  }
136
  delete_option('relevanssi_indexed');
137
  }
138
-
139
- $sql = "CREATE TABLE " . $relevanssi_table . " (doc bigint(20) NOT NULL DEFAULT '0',
140
- term varchar(50) NOT NULL DEFAULT '0',
141
  term_reverse varchar(50) NOT NULL DEFAULT '0',
142
- content mediumint(9) NOT NULL DEFAULT '0',
143
- title mediumint(9) NOT NULL DEFAULT '0',
144
- comment mediumint(9) NOT NULL DEFAULT '0',
145
- tag mediumint(9) NOT NULL DEFAULT '0',
146
- link mediumint(9) NOT NULL DEFAULT '0',
147
- author mediumint(9) NOT NULL DEFAULT '0',
148
- category mediumint(9) NOT NULL DEFAULT '0',
149
- excerpt mediumint(9) NOT NULL DEFAULT '0',
150
- taxonomy mediumint(9) NOT NULL DEFAULT '0',
151
- customfield mediumint(9) NOT NULL DEFAULT '0',
152
  mysqlcolumn mediumint(9) NOT NULL DEFAULT '0',
153
  taxonomy_detail longtext NOT NULL,
154
  customfield_detail longtext NOT NULL,
155
  mysqlcolumn_detail longtext NOT NULL,
156
  type varchar(210) NOT NULL DEFAULT 'post',
157
- item bigint(20) NOT NULL DEFAULT '0',
158
  UNIQUE KEY doctermitem (doc, term, item)) $charset_collate";
159
-
160
  dbDelta($sql);
161
 
162
  $sql = "SHOW INDEX FROM $relevanssi_table";
@@ -172,7 +169,7 @@ function relevanssi_create_database_tables($relevanssi_db_version) {
172
  if ($index->Key_name == 'docs') $docs_exists = true;
173
  if ($index->Key_name == 'typeitem') $typeitem_exists = true;
174
  }
175
-
176
  if (!$terms_exists) {
177
  $sql = "CREATE INDEX terms ON $relevanssi_table (term(20))";
178
  $wpdb->query($sql);
@@ -182,12 +179,12 @@ function relevanssi_create_database_tables($relevanssi_db_version) {
182
  $sql = "CREATE INDEX relevanssi_term_reverse_idx ON $relevanssi_table (term_reverse(10))";
183
  $wpdb->query($sql);
184
  }
185
-
186
  if (!$docs_exists) {
187
  $sql = "CREATE INDEX docs ON $relevanssi_table (doc)";
188
  $wpdb->query($sql);
189
  }
190
-
191
  if (!$typeitem_exists) {
192
  $sql = "CREATE INDEX typeitem ON $relevanssi_table (type, item)";
193
  $wpdb->query($sql);
@@ -198,7 +195,7 @@ function relevanssi_create_database_tables($relevanssi_db_version) {
198
 
199
  dbDelta($sql);
200
 
201
- $sql = "CREATE TABLE " . $relevanssi_log_table . " (id bigint(9) NOT NULL AUTO_INCREMENT,
202
  query varchar(200) NOT NULL,
203
  hits mediumint(9) NOT NULL DEFAULT '0',
204
  time timestamp DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
@@ -207,11 +204,11 @@ function relevanssi_create_database_tables($relevanssi_db_version) {
207
  UNIQUE KEY id (id)) $charset_collate;";
208
 
209
  dbDelta($sql);
210
-
211
  if (RELEVANSSI_PREMIUM && get_option('relevanssi_db_version') < 12) {
212
  $charset_collate_bin_column = '';
213
  $charset_collate = '';
214
-
215
  if (!empty($wpdb->charset)) {
216
  $charset_collate_bin_column = "CHARACTER SET $wpdb->charset";
217
  $charset_collate = "DEFAULT $charset_collate_bin_column";
@@ -223,11 +220,8 @@ function relevanssi_create_database_tables($relevanssi_db_version) {
223
  if ($wpdb->collate == '' && $wpdb->charset == "utf8") {
224
  $charset_collate_bin_column .= " COLLATE utf8_bin";
225
  }
226
- if ($wpdb->collate == '' && $wpdb->charset == "utf8mb4") {
227
- $charset_collate_bin_column .= " COLLATE utf8mb4_bin";
228
- }
229
  }
230
-
231
  $sql = "ALTER TABLE $relevanssi_stopword_table MODIFY COLUMN stopword varchar(50) $charset_collate_bin_column NOT NULL";
232
  $wpdb->query($sql);
233
  $sql = "ALTER TABLE $relevanssi_log_table ADD COLUMN user_id bigint(20) NOT NULL DEFAULT '0'";
@@ -235,7 +229,7 @@ function relevanssi_create_database_tables($relevanssi_db_version) {
235
  $sql = "ALTER TABLE $relevanssi_log_table ADD COLUMN ip varchar(40) NOT NULL DEFAULT ''";
236
  $wpdb->query($sql);
237
  }
238
-
239
  if (get_option('relevanssi_db_version') < 16) {
240
  $sql = "ALTER TABLE $relevanssi_table ADD COLUMN term_reverse VARCHAR(50);";
241
  $wpdb->query($sql);
@@ -244,12 +238,12 @@ function relevanssi_create_database_tables($relevanssi_db_version) {
244
  $sql = "CREATE INDEX relevanssi_term_reverse_idx ON $relevanssi_table (term_reverse(10));";
245
  $wpdb->query($sql);
246
  }
247
-
248
  update_option('relevanssi_db_version', $relevanssi_db_version);
249
  }
250
-
251
  if ($wpdb->get_var("SELECT COUNT(*) FROM $relevanssi_stopword_table WHERE 1") < 1) {
252
  relevanssi_populate_stopwords();
253
  }
254
  }
255
- ?>
4
  add_filter('the_posts', 'relevanssi_query');
5
  add_action('delete_post', 'relevanssi_delete');
6
  add_action('comment_post', 'relevanssi_comment_index'); //added by OdditY
7
+ add_action('edit_comment', 'relevanssi_comment_edit'); //added by OdditY
8
  add_action('delete_comment', 'relevanssi_comment_remove'); //added by OdditY
9
  add_action('wp_insert_post', 'relevanssi_insert_edit', 99, 1 ); // added by lumpysimon
10
  // BEGIN added by renaissancehack
50
  update_option( 'relevanssi_doc_count', $D);
51
  }
52
  }
53
+
54
  if (!function_exists('mb_internal_encoding')) {
55
  function relevanssi_mb_warning() {
56
  echo "<div id='relevanssi-warning' class='error'><p><strong>"
101
 
102
  function relevanssi_create_database_tables($relevanssi_db_version) {
103
  global $wpdb;
104
+
105
  require_once(ABSPATH . 'wp-admin/includes/upgrade.php');
106
 
107
  $charset_collate_bin_column = '';
118
  if ($wpdb->collate == '' && $wpdb->charset == "utf8") {
119
  $charset_collate_bin_column .= " COLLATE utf8_bin";
120
  }
 
 
 
121
  }
122
+
123
+ $relevanssi_table = $wpdb->prefix . "relevanssi";
124
  $relevanssi_stopword_table = $wpdb->prefix . "relevanssi_stopwords";
125
  $relevanssi_log_table = $wpdb->prefix . "relevanssi_log";
126
 
132
  }
133
  delete_option('relevanssi_indexed');
134
  }
135
+
136
+ $sql = "CREATE TABLE " . $relevanssi_table . " (doc bigint(20) NOT NULL DEFAULT '0',
137
+ term varchar(50) NOT NULL DEFAULT '0',
138
  term_reverse varchar(50) NOT NULL DEFAULT '0',
139
+ content mediumint(9) NOT NULL DEFAULT '0',
140
+ title mediumint(9) NOT NULL DEFAULT '0',
141
+ comment mediumint(9) NOT NULL DEFAULT '0',
142
+ tag mediumint(9) NOT NULL DEFAULT '0',
143
+ link mediumint(9) NOT NULL DEFAULT '0',
144
+ author mediumint(9) NOT NULL DEFAULT '0',
145
+ category mediumint(9) NOT NULL DEFAULT '0',
146
+ excerpt mediumint(9) NOT NULL DEFAULT '0',
147
+ taxonomy mediumint(9) NOT NULL DEFAULT '0',
148
+ customfield mediumint(9) NOT NULL DEFAULT '0',
149
  mysqlcolumn mediumint(9) NOT NULL DEFAULT '0',
150
  taxonomy_detail longtext NOT NULL,
151
  customfield_detail longtext NOT NULL,
152
  mysqlcolumn_detail longtext NOT NULL,
153
  type varchar(210) NOT NULL DEFAULT 'post',
154
+ item bigint(20) NOT NULL DEFAULT '0',
155
  UNIQUE KEY doctermitem (doc, term, item)) $charset_collate";
156
+
157
  dbDelta($sql);
158
 
159
  $sql = "SHOW INDEX FROM $relevanssi_table";
169
  if ($index->Key_name == 'docs') $docs_exists = true;
170
  if ($index->Key_name == 'typeitem') $typeitem_exists = true;
171
  }
172
+
173
  if (!$terms_exists) {
174
  $sql = "CREATE INDEX terms ON $relevanssi_table (term(20))";
175
  $wpdb->query($sql);
179
  $sql = "CREATE INDEX relevanssi_term_reverse_idx ON $relevanssi_table (term_reverse(10))";
180
  $wpdb->query($sql);
181
  }
182
+
183
  if (!$docs_exists) {
184
  $sql = "CREATE INDEX docs ON $relevanssi_table (doc)";
185
  $wpdb->query($sql);
186
  }
187
+
188
  if (!$typeitem_exists) {
189
  $sql = "CREATE INDEX typeitem ON $relevanssi_table (type, item)";
190
  $wpdb->query($sql);
195
 
196
  dbDelta($sql);
197
 
198
+ $sql = "CREATE TABLE " . $relevanssi_log_table . " (id bigint(9) NOT NULL AUTO_INCREMENT,
199
  query varchar(200) NOT NULL,
200
  hits mediumint(9) NOT NULL DEFAULT '0',
201
  time timestamp DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
204
  UNIQUE KEY id (id)) $charset_collate;";
205
 
206
  dbDelta($sql);
207
+
208
  if (RELEVANSSI_PREMIUM && get_option('relevanssi_db_version') < 12) {
209
  $charset_collate_bin_column = '';
210
  $charset_collate = '';
211
+
212
  if (!empty($wpdb->charset)) {
213
  $charset_collate_bin_column = "CHARACTER SET $wpdb->charset";
214
  $charset_collate = "DEFAULT $charset_collate_bin_column";
220
  if ($wpdb->collate == '' && $wpdb->charset == "utf8") {
221
  $charset_collate_bin_column .= " COLLATE utf8_bin";
222
  }
 
 
 
223
  }
224
+
225
  $sql = "ALTER TABLE $relevanssi_stopword_table MODIFY COLUMN stopword varchar(50) $charset_collate_bin_column NOT NULL";
226
  $wpdb->query($sql);
227
  $sql = "ALTER TABLE $relevanssi_log_table ADD COLUMN user_id bigint(20) NOT NULL DEFAULT '0'";
229
  $sql = "ALTER TABLE $relevanssi_log_table ADD COLUMN ip varchar(40) NOT NULL DEFAULT ''";
230
  $wpdb->query($sql);
231
  }
232
+
233
  if (get_option('relevanssi_db_version') < 16) {
234
  $sql = "ALTER TABLE $relevanssi_table ADD COLUMN term_reverse VARCHAR(50);";
235
  $wpdb->query($sql);
238
  $sql = "CREATE INDEX relevanssi_term_reverse_idx ON $relevanssi_table (term_reverse(10));";
239
  $wpdb->query($sql);
240
  }
241
+
242
  update_option('relevanssi_db_version', $relevanssi_db_version);
243
  }
244
+
245
  if ($wpdb->get_var("SELECT COUNT(*) FROM $relevanssi_stopword_table WHERE 1") < 1) {
246
  relevanssi_populate_stopwords();
247
  }
248
  }
249
+ ?>
lib/interface.php CHANGED
@@ -828,7 +828,7 @@ function relevanssi_options_form() {
828
  $mysql_columns = get_option('relevanssi_mysql_columns');
829
  $serialize_options['relevanssi_mysql_columns'] = $mysql_columns;
830
 
831
- $serialized_options = serialize($serialize_options);
832
  }
833
 
834
  echo "<div class='postbox-container' style='width:70%;'>";
828
  $mysql_columns = get_option('relevanssi_mysql_columns');
829
  $serialize_options['relevanssi_mysql_columns'] = $mysql_columns;
830
 
831
+ $serialized_options = json_encode($serialize_options);
832
  }
833
 
834
  echo "<div class='postbox-container' style='width:70%;'>";
lib/search.php CHANGED
@@ -7,6 +7,8 @@ function relevanssi_query($posts, $query = false) {
7
  global $relevanssi_active;
8
  global $wp_query;
9
 
 
 
10
  $search_ok = true; // we will search!
11
  if (!is_search()) {
12
  $search_ok = false; // no, we can't
@@ -51,8 +53,24 @@ function relevanssi_search($args) {
51
  $relevanssi_table = $relevanssi_variables['relevanssi_table'];
52
 
53
  $filtered_args = apply_filters( 'relevanssi_search_filters', $args );
54
- extract($filtered_args);
55
-
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
56
  $hits = array();
57
 
58
  $query_restrictions = "";
7
  global $relevanssi_active;
8
  global $wp_query;
9
 
10
+ if (!$wp_query) return $posts;
11
+
12
  $search_ok = true; // we will search!
13
  if (!is_search()) {
14
  $search_ok = false; // no, we can't
53
  $relevanssi_table = $relevanssi_variables['relevanssi_table'];
54
 
55
  $filtered_args = apply_filters( 'relevanssi_search_filters', $args );
56
+ $q = $filtered_args['q'];
57
+ $tax_query = $filtered_args['tax_query'];
58
+ $tax_query_relation = $filtered_args['tax_query_relation'];
59
+ $post_query = $filtered_args['q'];
60
+ $q = $filtered_args['post_query'];
61
+ $parent_query = $filtered_args['parent_query'];
62
+ $meta_query = $filtered_args['meta_query'];
63
+ $date_query = $filtered_args['date_query'];
64
+ $expost = $filtered_args['expost'];
65
+ $post_type = $filtered_args['q'];
66
+ $post_status = $filtered_args['post_status'];
67
+ $operator = $filtered_args['operator'];
68
+ $search_blogs = $filtered_args['search_blogs'];
69
+ $author = $filtered_args['author'];
70
+ $orderby = $filtered_args['orderby'];
71
+ $order = $filtered_args['order'];
72
+ $fields = $filtered_args['fields'];
73
+
74
  $hits = array();
75
 
76
  $query_restrictions = "";
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: http://www.relevanssi.com/buy-premium/
4
  Tags: search, relevance, better search
5
  Requires at least: 4.0
6
  Tested up to: 4.6.1
7
- Stable tag: 3.5.5
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -386,6 +386,11 @@ removing those words helps to make the index smaller and searching faster.
386
 
387
  == Changelog ==
388
 
 
 
 
 
 
389
  = 3.5.5 =
390
  * 500 errors caused by arrays in custom fields should be gone now.
391
  * Improvements to the ACF "select" field support.
@@ -1127,6 +1132,9 @@ removing those words helps to make the index smaller and searching faster.
1127
 
1128
  == Upgrade notice ==
1129
 
 
 
 
1130
  = 3.5.5 =
1131
  * Bug fixes and small improvements.
1132
 
4
  Tags: search, relevance, better search
5
  Requires at least: 4.0
6
  Tested up to: 4.6.1
7
+ Stable tag: 3.5.6
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
386
 
387
  == Changelog ==
388
 
389
+ = 3.5.6 =
390
+ * Relevanssi admin page had a vulnerability that allowed SQL injection attacks. That is now fixed.
391
+ * Relevanssi didn't like to highlight search terms that are followed by a ?, an ! or an apostrophe.
392
+ * New filter: `relevanssi_ok_to_log` lets you control whether search queries are logged or not.
393
+
394
  = 3.5.5 =
395
  * 500 errors caused by arrays in custom fields should be gone now.
396
  * Improvements to the ACF "select" field support.
1132
 
1133
  == Upgrade notice ==
1134
 
1135
+ = 3.5.6 =
1136
+ * Fix for a SQL injection vulnerability.
1137
+
1138
  = 3.5.5 =
1139
  * Bug fixes and small improvements.
1140
 
relevanssi.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: Relevanssi
4
  Plugin URI: http://www.relevanssi.com/
5
  Description: This plugin replaces WordPress search with a relevance-sorting search.
6
- Version: 3.5.5
7
  Author: Mikko Saari
8
  Author URI: http://www.mikkosaari.fi/
9
  */
3
  Plugin Name: Relevanssi
4
  Plugin URI: http://www.relevanssi.com/
5
  Description: This plugin replaces WordPress search with a relevance-sorting search.
6
+ Version: 3.5.6
7
  Author: Mikko Saari
8
  Author URI: http://www.mikkosaari.fi/
9
  */