Better Search 2.1.0 Boolean Operators Stopped Working

Barry, you can try turning on Boolean mode in the settings page. Does that give better results?

I’ve spent a bit of time looking at how mySQL’s search works and from all my checking I haven’t been able to get the boolean operators to work in natural language mode

Boolean is turned on. It works on 2.0.1 but not on 2.1.0.

Could you please tell me what search terms your exactly using, what you’re seeing and expecting to see? Also, site URL?

Following are the search tests I’m doing. The search arguments are this way, and the expected result follows.
srchterm will show all (4) articles with test search terms
srchterm1 (or +srchterm1) will show 3 articles containing that search term
srchterm1 srchterm2 will show 4 articles having one or the other or both
-srchterm1 srchterm2 will show 1 article having srchterm2 and not srchterm1
-srchterm1 -srchterm3 will show no results (Even though logic says it should be lots – everything not containing those items. But I can live with it.)
srchterm1 -srchterm2 -srchterm3 will show 1 result

After cloning the production site, I ran those tests before upgrading to 2.1.0. They worked as expected. I upgraded to 2.1.0 and the results changed. Nothing else was updated between the before and after tests. Under 2.1.0 it appears the boolean operators are being stripped off the search argument before the search is done. Multiple terms all become a logical OR regardless of the operators entered.

The production site is at https://callerlabknowledge.org and it is still running 2.0.1. The clone site is at https://f53.fce.myftpupload.com/ and is now running 2.1.0

Here are the options specified in the Settings for Better Search:
Enable seamless integration? Unchecked
Enable search tracking? Checked
Track visits of admins? Checked
Track visits of editors? Checked
Enable cache: Checked
Stop search engines from indexing search results pages Checked
Link to plugin homepage Unchecked
Number of Search Results per page 10
Post types to include in results post, page, attachment
Enable mySQL FULLTEXT searching Checked
Activate BOOLEAN mode of FULLTEXT search Checked
Weight of title 1
Weight of the content 10
Highlight search terms Checked
Include thumbnails in search results Unchecked
Length of excerpt (in words) 200
Filter these words (none entered)
Include heatmap on the search results Unchecked
Custom CSS (out of the box)

I just spent a half hour entering the data you wanted and this forum just threw it away. What gives?!

I just spent another 15 minutes rebuilding the post and it threw it away again. This forum is not working. Please send me an email I can reach you at and I will send the information there. [email protected]

Barry, you can contact me at https://webberzone.com/contact/

I’ve also had a couple of checks at my end and noticed that the new version strips out the + signs as part of the sanitisation process.

This line needs to be commented out.

https://github.com/WebberZone/better-search/blob/master/includes/utilities.php#L24

Removing that line doesn’t open up a SQLi vulnerability, does it?

No it shouldn’t. Further down, I run wp_kses_post which strips out anything that is not allowed in your normal post content editor.

In the line you might only want to knock off the urldecode part of the code.

Thanks @ajay. Will the fix be updated through the WP plugins site?

Yes. I need to release a new version of the plugin that should have this fix. Most likely going to be a minor release at this stage.