Perhaps I have missed something; but there doesn’t seem to be any kind of input sanitisation going on. If you look at the itsas_sqlWhere() and itsas_search() functions, it seems that the SQL queries are being constructed WITHOUT any safe-guards against SQL injection attacks.
No where is $wpdb->prepare() or mysql_real_escape_string() called. If no sanitisation is present, this represents a massive security problem for the plugin users.
Hello,
Congratulations for this plugin. I have 10 sticky posts and i would like to exclure them of the search box. Can you tell me how can i do ?
Thanks ??
]]>Hi all
I’m trying to figure out why only one or two thumbnails are showing when I type a search term in? All posts have correct thumbnails representing them as can be seen when browsing the full search page. This has really got me stumped. Does anyone have any idea?
thanks
chris
heres the site: mjbox.info
https://www.ads-software.com/extend/plugins/search-light/
Dear Daniel and Sai,
Thanks for this great plugin.
Do you know if it is possible to track in Google analytic the search terms entered by the users if they click directly on a dynamic results (so, when then don’t pass by a search results page)?
Thanks in advance for you answer.
Julia
Does this plugin support Custom post types?
]]>Plugin cannot be activated parallel to “Last.fm Recently Played Tracks”-Plugin (https://www.ads-software.com/extend/plugins/lastfm-recently-played-tracks/)
because of duplicate “add_my_ stylesheet()” error during plugin-activation.
No changes were made other than moving to a new host. Ideas anyone?
]]>I love the instant search function of this plugin, but the relevance of the search results are terrible. Any way to have the results sorted by relevance, with heavy weight given to the post / page title, rather than sorting by date? I have another plugin that does that for the WP search results, but it doesn’t affect the Search Light plugin.
thanks,
Mike
Hi!
I would like to know:
how can i change the plugin, so i can make an option: search only after at least X character is entered? Because i think it is meaningless to search after 1-2 characters entered, as there are too many results – just stressing the server. So it would be a very good option to implement a “search only after X character is entered” option. Of course a hack is good too, if someone knows how to make it.