Crawler-supplied facet and serial-number URL values were interpolated into Meilisearch filters unescaped, causing two failure modes that spammed the logs: (1) embedded double-quotes broke IN [...] syntax - Scout escapes where() values but not whereIn() values, e.g. collections IN ["289""]; (2) malformed UTF-8 crashed the SDK json_encode of the search payload. Fix: centralized sanitization in Search::getFilters() (drop non-UTF-8 values, escape quotes/backslashes, mirroring Scout's own where() escaping) plus the same guard on the manual serial_number_prefix filter strings in findEnginesBySerial / findEngineByPrefix.

Faceted search: sanitize crawler-supplied Meilisearch facet filters

no votes yet
Priority P1

Tags

Storefront
Quick Actions
Activity
View recent activity and updates
Use arrow keys to navigate