Expected result
normal search results
{
"title": "Eco",
"num_results": "242"
},
Actual result
[Screenshot, logs] sql error https://www.goinggreensolutions.com.au/search/ajax/suggest/?q=eco+max&_=1588277353486
{
"title": "eco max brush' AND 9307=CAST((CHR(113)||CHR(122)||CHR(118)||CHR(113)||CHR(113))||(SELECT (CASE WHEN (9307=9307) THEN 1 ELSE 0 EN",
"num_results": "267"
}
The extra SQL parts here are being added to your documents before they get added into elasticsearch I think. How are you indexing data? Is this through some third-party database?
So this site is hosted at nexcess on the cloud server
its just a standard magento2 installation and we choose there elastic search 6+ container.. its a 1 click installation and we are on 2.3.4 which has elastic search support out of the box.
So basically besides going to m2 admin and saying use elastic search 6+ and clicked the button in nexcess portal that says "enable elastic search container" we haven't done anything else.
Its mysql DB.. just your standard magento 2.3.4 installation... nothing custom
I'm afraid I don't know anything about nexcess or magento2, but it sounds like it's a bug in whatever is doing the indexing. Elasticsearch doesn't use SQL internally for anything, so these extra bits of code must be coming from elsewhere.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.