I’ve recently implemented the Sitelinks Search Box and I’m having problems with search terms and special characters.
For example, if I indtroduce an accented character in the standard search box from WP, it is correctly used. If I do the same in the sitelinks search box, the accented character is URL enconded and WP use it directly and doesn’t return restuls correctly (zero results most of the time).
Example. Searching camión from google search box, it redirects to https://example.com/?s=cami%25C3%25B3n and no results are given by WordPress. If I search the same word directly in WP I get the resutls correctly.
If I urldecode the search string, all seems to work correctly. But it is safe? I think it is beacuse the database query is escaped later but not sure.
add_action( 'pre_get_posts', function( $query ) {
if( $query->is_search() && ! is_admin() && $query->is_main_query() ) {
$query->set( 's', urldecode( get_search_query() ) );
}
} );
1 Answer
I can confirm that url-decoding the search query is the correct approach. In fact, it is done in WordPress core for the search parameter of WP_Query but not when the search string is from a $_GET request as it is seen in WP_Query::parse_search() method, wp-includes/query.php#L2061 (WP 4.2.2):
if ( empty( $_GET['s'] ) && $this->is_main_query() )
$q['s'] = urldecode( $q['s'] );
Later within the same method, the search phrase is scaped. So, the search string from Google SearchBox must be urldecoded and it is safe:
add_action( 'pre_get_posts', function( $query ) {
if( ! is_admin() && $query->is_search() && $query->is_main_query() ) {
$query->set( 's', urldecode( $query->get( 's' ) ) );
}
} );
