+Andrew Davie Posted January 3, 2021 Share Posted January 3, 2021 If you search for "*" without the quotes, the PlusCart essentially dies. It gets stuck in multple blank menus, wifi dies, etc.... 2 Link to comment Share on other sites More sharing options...
Mr SQL Posted January 3, 2021 Share Posted January 3, 2021 Maybe wildcard character needs to be escaped for backend db if that query is what is locking up 1 Link to comment Share on other sites More sharing options...
+Al_Nafuur Posted January 3, 2021 Share Posted January 3, 2021 10 hours ago, Andrew Davie said: If you search for "*" without the quotes, the PlusCart essentially dies. It gets stuck in multple blank menus, wifi dies, etc.... The backend search responded with 1.5 MiB of error messages.. 2 hours ago, Mr SQL said: Maybe wildcard character needs to be escaped for backend db if that query is what is locking up backend search is done with regular expression, special chars for reg_ex are now escaped. 1 Link to comment Share on other sites More sharing options...
Mr SQL Posted January 4, 2021 Share Posted January 4, 2021 4 hours ago, Al_Nafuur said: The backend search responded with 1.5 MiB of error messages.. backend search is done with regular expression, special chars for reg_ex are now escaped. Very cool! I was actually wondering about regular expression also being a possibility in lieu of SQL (RegEx Injection!) with your code in mind when I posted that I bet the backend is faster responding for all the PlusCarts without the errors queueing up. The RegEx Attack (unintentional) could be responsible for some timeouts or slowdowns we saw users experience on the Plus network. Link to comment Share on other sites More sharing options...
+Al_Nafuur Posted January 4, 2021 Share Posted January 4, 2021 1 hour ago, Mr SQL said: Very cool! I was actually wondering about regular expression also being a possibility in lieu of SQL (RegEx Injection!) with your code in mind when I posted that I bet the backend is faster responding for all the PlusCarts without the errors queueing up. The RegEx Attack (unintentional) could be responsible for some timeouts or slowdowns we saw users experience on the Plus network. fortunately, the search function is not used very often, and there was only one user sending these special chars.? Anyway for the server it was not a big issue it spills out the 1.5 MiB error messages very fast, but the requesting PlusCart tries to parse the response to menu entries 1 Link to comment Share on other sites More sharing options...
+Andrew Davie Posted January 4, 2021 Author Share Posted January 4, 2021 10 hours ago, Al_Nafuur said: fortunately, the search function is not used very often, and there was only one user sending these special chars.? Who ... little old me? I admit I was trying to break it. One thing - since the search is case-insensitive, perhaps we should not have both lowercase/uppercase keyboards for search. Just a generic uppercase keyboard would make more sense. 2 Link to comment Share on other sites More sharing options...
Recommended Posts