Direct use of example.com/?s=something

  • Resolved tezalsec

    (@tezalsec)


    3 years ago

    Hi,

    it looks like direct use of the search results page url, like example.com/?s=something, is overriding any content post type filtering I use on individual search boxes I create. In fact, it overrides any per box settings. Is this correct? Should there not be any check on where searches are initiated, like passing a nonce along with the result, to avoid direct url use?

    Second related question, is there any way to limit the availability of the search function? I want only logged in users to be able to search, and I thought I had solved this by rendering the search box shortcode only to logged in users, but now I see non-logged in users can still make direct use of the search results page url, like example.com/?s=something. Please advise.

    Thanks.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author wpdreams

    (@wpdreams)

    Hi,

    When the search results override feature is enabled, then by visiting the search results page will automatically trigger the plugin search – as configured on the back-end. Originally it did not work like that, so only if the search was triggered via the plugin search bar, but many users requested this to work this way instead.

    Well, for limiting the search functionality that way, you will need some custom code to restrict rendering the results page. WordPress still handles the results page, even if you hide the search bar.

    Best,
    Ernest M.

    Thread Starter tezalsec

    (@tezalsec)

    Hi,

    thank you for responding and pointing out the setting, I had overlooked it.

    However, I am still not getting it to work how I want it without some custom function. I would like direct url access to be completely unavailable, not just overridden. I tried disabling the underlying WP search, but your plugin did not like that. Too bad they both seem to have to use the same “s” url parameter.

    Below simple function works though, maybe not very clean, but effective. Loading it as soon as possible, so there is as little memory cost to the server as possible. Is this a viable solution in your opinion, I assume this can not cause any trouble to your plugin’s functionality?

    function avoid_direct_searches() {

	if(isset($_GET['s']) && !isset($_GET['asp_active'])) {
		wp_safe_redirect(site_url());
		exit;
	}

}
add_action( 'plugins_loaded', 'avoid_direct_searches' );

    Thanks!

    • This reply was modified 3 years ago by tezalsec.
    Thread Starter tezalsec

    (@tezalsec)

    PS. I added a if(!is_user_logged_in()) { .. } around the existing if in the function.

    Never realized WP itself uses the s parameter as well in the admin area.

    Plugin Author wpdreams

    (@wpdreams)

    Hi,

    That looks perfectly fine, it should not cause any issues ??

    Best,
    Ernest

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Direct use of example.com/?s=something’ is closed to new replies.