Search Results: Exclusion of Special Characters

[hi-im-si]

Describe the bug Algolia search results returning the following: /index/\\think\\app/invokefunction This seems to be associated with some form of common remote code execution.

To Reproduce Can only be seen in the algolia search console under Searches without results

Expected behavior I would expect there to be some form of way of excluding specific sets of characters in the search field?

[richaber]

Howdy @hi-im-si,

From a security standpoint, I'm not sure that concern is warranted, unless you are running a vulnerable, unpatched version of ThinkPHP5 framework on the same server as your WordPress installation.

However, if you want to prevent someone from entering specific characters into a search input, you could probably write some custom JavaScript to do so. Though I don't know if that would stop a "bot" from entering the characters directly into the DOM.

[tw2113]

Closing due to limited feedback and need for concern at the moment. We can revisit in the future if needed.