Return to previous page

Search stopped working after update to 9.7.2

This topic has 8 replies, 2 voices, and was last updated 27 minutes ago ago by Andrew Mitchell

Kristjan

Participant

April 16, 2026 at 12:41

Search gives no results after update and changes made to theme-functions.php
Using WPML.
If I replace
// WooCommerce search query part with old one, it works again.

#468978 Copied

7 Answers

Andrew Mitchell

Support staff

April 16, 2026 at 16:47

Hello, Kristjan,

Could you please provide temporary wp-admin and FTP access? We will check what can be done to help you.
To grant WP-Admin access, please proceed to create a new user account with an administrator role through your WordPress Dashboard. Once the account is established, you may securely transmit the username and password to us via the Private Content section designated for this purpose.

For FTP access, we require the following details: FTP host, FTP username, FTP password, FTP port, and FTP encryption type. If you need assistance in creating these credentials, please reach out to your hosting provider who will guide you through the process.

Best Regards,
8Theme’s Team

#468995 Copied

Kristjan

Participant

April 16, 2026 at 20:02

The problem was that when the old SKU search code was converted to use prepare(), the SQL structure changed slightly: a closing parenthesis was added too early inside the prepared fragment.

Line 880 should be:
“,
not
)”,

I’d also use
$s = trim( wp_unslash( $wp_the_query->query_vars[‘s’] ?? ” ) );
on line 857

#469001 Copied

Kristjan

Participant

April 17, 2026 at 06:48

Also your recent patch fixed the SQL grouping issue and improved the SKU search branch by using prepare() and esc_like().
However, the search is still not fully hardened against SQL injection, because the variation search block still concatenates the raw search term into SQL LIKE ‘%$s%’ conditions.

See more info I posted in this topic: https://www.8theme.com/topic/new-sql-injection-vulnerability-discovered/#post-434516

#469012 Copied

Andrew Mitchell

Support staff

April 17, 2026 at 10:05

Hello, Kristjan,

The functions wp_unslash() and trim() are not required in this case. The value used here is not the raw data from $_GET, but rather query_vars[‘s’] from the WordPress query object. Therefore, adding an extra wp_unslash() would be redundant and provide no practical benefit.

Similarly, trim() is also unnecessary: the current search logic already works correctly with this value, and forcibly trimming spaces would alter the query’s behavior. In other words, adding wp_unslash() and trim() in this line appears to be excessive data normalization rather than a necessary safeguard or correction.

Best regards,
8Theme’s Team

#469024 Copied

Kristjan

Participant

April 17, 2026 at 14:24

You still have to remove the )
This breaks the product search with WPML.

Files is visible for topic creator and
support staff only.

#469051 Copied

Kristjan

Participant

April 17, 2026 at 14:45

The prepared SQL string should be left open since the remaining parentheses are closed later by the appended SQL
$where .= “) )”;

#469053 Copied

Andrew Mitchell

Support staff

April 20, 2026 at 08:16

Hello, Kristjan,

We have made the necessary changes to the file wp-content/themes/xstore/framework/theme-functions.php.

These changes will also be included in the next theme update.

Best regards,
The 8Theme Team

#469160 Copied
Viewing 8 results - 1 through 8 (of 8 total)