Topic: [Bug/NOT A BUG/BUT AMUSING] Backslashes partially ignored in single-term searches

Posted under Site Bug Reports & Feature Requests

Bug overview description.

If backslashes are included anywhere in a single search term, the term itself will be used for searching, but the number of pages returned will correspond to the term without backslashes. This does not occur if more than one term is used while searching, but does work even if an alias is involved.

What part(s) of the site page(s) are affected?

Searching

What is the expected behavior?

The page count to match the number of pictures returned.

What actual behavior is given instead?

The number of pictures returned being zero, but there being multiple pages anyway.

Time of incident (if applicable).

N/A

Can you reproduce the bug every time?

Yes.

What steps did you take to replicate this bug?

Search for anything using a single term, filled with as many backspaces as you want anywhere.

Example:

ca\nin\e_pu\ssy vs canine_pussy (note the same pagecounts)

Note that the effect persists even with chains of backslashes, but I can't demonstrate that as above because other weird stuff happens.

Example:

c\\an\\\ine_\\\p\\uss\\\y

Note if you copypaste this manually into the search bar, it will still show the effect.

Errors or other messages returned (if any).

N/A

Updated

What is the use of inserting backslashes into tags? Unless it can be used to inject code this seems like a total non-issue that can be solved by simply using the tool as intended.

Updated by anonymous

NotMeNotYou said:
What is the use of inserting backslashes into tags? Unless it can be used to inject code this seems like a total non-issue that can be solved by simply using the tool as intended.

Probably, but I've found that when something unexpected is happening it might be a sign of something else wrong with the code that could cause more significant problems later down the line.

I figured there was no harm in bringing it up, and there might be some potential benefit if that turned out to be the case. If the site is allowing you to escape where it shouldn't, it could be a potential security risk. Don't want users being able to escape regular input and potentially cause the site to run code or some such.

Updated by anonymous

So what is happening here is that when you only search for one tag, it tries to skip counting the results and uses the post count for the tag. Tag names can't contain \` so they are removed from the name before it is looked up. It appears that the normal search code doesn't mangle tag names because that removes prefixes and makes metatags not work properly in searches.

Updated by anonymous

KiraNoot said:
So what is happening here is that when you only search for one tag, it tries to skip counting the results and uses the post count for the tag. Tag names can't contain \` so they are removed from the name before it is looked up. It appears that the normal search code doesn't mangle tag names because that removes prefixes and makes metatags not work properly in searches. [/quote] That makes sense. And can't be used to inject code, so it's not a problem then. Glad it was amusing, at least.

Updated by anonymous

  • 1