Bug #18686
closed
Problems with authors having ' in the name
100%
Description
If I search Andrea Dell'Amico, the result is empty. When I remove the ', the publications associated to my name appear.
Files
| Screenshot 2020-02-28 at 19.09.03.png (49.6 KB) Screenshot 2020-02-28 at 19.09.03.png | Delete | ||
| Screenshot 2020-02-28 at 19.21.33.png (144 KB) Screenshot 2020-02-28 at 19.21.33.png | CNR Authros with ' in the name | Delete |
Subtasks
Related issues
Updated by Leonardo Candela about 4 years ago
- File Screenshot 2020-02-28 at 19.09.03.png Screenshot 2020-02-28 at 19.09.03.png added
- Priority changed from Normal to High
The problem is with the ' in the query
The following queries both return the 12 records we have
https://openportal.isti.cnr.it/results?qv=andrea+dell+amico
https://openportal.isti.cnr.it/results?qv=andrea+amico
yet they are not the solution. We should find a solution since also the browse by author fails to display the 12 records.
Updated by Leonardo Candela about 4 years ago
- Subject changed from While we wait for the new issue tracker: my surname breaks the search (as often does) to Problema with authors having ' in the name
These are the queries associated with the browse ...
Updated by Leonardo Candela about 4 years ago
- Subject changed from Problema with authors having ' in the name to Problems with authors having ' in the name
Updated by Leonardo Candela about 4 years ago
We do have 14 authors with ' in the name ... see screenshot.
Updated by Michele Artini about 4 years ago
- Status changed from New to Feedback
The bug has been introduced recently to fix a XSS vulnerability.
In particular I changed the read of each input parameter from:
$mainValue = $jinput->get('qv', '', 'STRING');
to
$mainValue = htmlspecialchars($jinput->get('qv', '', 'STRING'), ENT_QUOTES);
The problem was mainly related with the parameter of the free search, so I changed only the read of the browse parameter in:
$mainValue = htmlspecialchars($jinput->get('qv', '', 'STRING'), ENT_COMPAT);
Updated by Leonardo Candela about 4 years ago
- Status changed from Feedback to Closed
- % Done changed from 0 to 100
I confirm the query
https://openportal.isti.cnr.it/results?qf=cnrautb&qv=Andrea%20Dell%27Amico
is now working again.