Crawler-supplied facet and serial-number URL values were interpolated into Meilisearch filters unescaped, causing two failure modes that spammed the logs: (1) embedded double-quotes broke IN [...] syntax - Scout escapes where() values but not whereIn() values, e.g. collections IN ["289""]; (2) malformed UTF-8 crashed the SDK json_encode of the search payload. Fix: centralized sanitization in Search::getFilters() (drop non-UTF-8 values, escape quotes/backslashes, mirroring Scout's own where() escaping) plus the same guard on the manual serial_number_prefix filter strings in findEnginesBySerial / findEngineByPrefix.
Faceted search: sanitize crawler-supplied Meilisearch facet filters
Tags
-
Jonathan Gustafsson moved item to board Backlog
1 month ago -
Jonathan Gustafsson moved item to project Bugs
1 month ago -
Jonathan Gustafsson created the item
1 month ago