Fix boolean mode validation and improve search term sanitization

Author: ajaydsouza

includes/class-better-search-core-query.php

@@ -532,17 +532,30 @@ public function set_class_variables( $search_query = '' ) {
 		if ( $use_fulltext ) {
 			$use_fulltext_proxy = false;
 			foreach ( $search_words as $search_word ) {
-				if ( strlen( $search_word ) >= (int) $min_char ) {
+				$clean_word = preg_replace( '/[^\w\s]/u', '', $search_word );
+				if ( strlen( $clean_word ) >= (int) $min_char ) {
 					$use_fulltext_proxy = true;
 				}
 			}
 			$use_fulltext = $use_fulltext_proxy;
 		}
 
-		$this->search_query     = $search_query;
-		$this->search_terms     = $search_words;
-		$this->use_fulltext     = $use_fulltext;
-		$this->is_boolean_mode  = $this->input_query_args['boolean_mode'] ?? bsearch_get_option( 'boolean_mode' );
+		$this->search_query    = $search_query;
+		$this->search_terms    = $search_words;
+		$this->use_fulltext    = $use_fulltext;
+		$this->is_boolean_mode = $this->input_query_args['boolean_mode'] ?? bsearch_get_option( 'boolean_mode' );
+
+		// If boolean mode is enabled, check if there are any terms long enough.
+		if ( $this->is_boolean_mode ) {
+			$boolean_proxy = false;
+			foreach ( $search_words as $search_word ) {
+				$clean_word = preg_replace( '/[^\w\s]/u', '', $search_word );
+				if ( strlen( $clean_word ) >= (int) $min_char ) {
+					$boolean_proxy = true;
+				}
+			}
+			$this->is_boolean_mode = $boolean_proxy;
+		}
 		$this->is_seamless_mode = $this->input_query_args['seamless'] ?? bsearch_get_option( 'seamless' );
 		$this->should_use_custom_table();
 	}
@@ -835,7 +848,7 @@ public function posts_search( $where, $query ) {
 			}
 
 			foreach ( (array) $search_terms as $term ) {
-				$term = str_replace( array( "'", '"', '"', '\+', '\-' ), '', $term );
+				$term = preg_replace( '/[+\-*"~<>()@\']/', '', $term );
 
 				// If there is an $exclusion_prefix, terms prefixed with it should be excluded.
 				$exclude = $exclusion_prefix && ( substr( $term, 0, 1 ) === $exclusion_prefix );
@@ -873,7 +886,7 @@ public function posts_search( $where, $query ) {
 		// Let's do a LIKE search for all other fields.
 		$searchand = '';
 		foreach ( (array) $search_terms as $term ) {
-			$term   = str_replace( array( "'", '"', '&quot;', '\+', '\-' ), '', $term );
+			$term   = preg_replace( '/[+\-*"~<>()@\']/', '', $term );
 			$clause = array();
 
 			// If there is an $exclusion_prefix, terms prefixed with it should be excluded.

readme.txt

@@ -121,6 +121,17 @@ You can report security bugs through the Patchstack Vulnerability Disclosure Pro
 
 == Changelog ==
 
+= 4.2.4 =
+
+* Features:
+	* Better Search form: The "any" post type option label can now be customised when the post type dropdown is enabled.
+
+* Fixed:
+	* Fixed an issue where selecting "any" post type would search through all post types instead of respecting the configured post types from settings.
+	* [Pro] Custom table searches now include post slug matching when “Search post slug” is enabled.
+    * [Pro] Fixed SQL syntax error in multisite search queries when custom tables are disabled, caused by malformed GROUP BY clause stripping.
+    * Fixed improper stripping of boolean mode operators in LIKE clauses, ensuring consistent behavior between FULLTEXT and LIKE searches.
+
 = 4.2.3 =
 
 * Modifications:
@@ -193,5 +204,8 @@ For previous changelog entries, please refer to the separate changelog.txt file
 
 == Upgrade Notice ==
 
+ = 4.2.4 =
+Fixes post type selection to respect configured settings when "any" is selected.
+
  = 4.2.3 =
 Adds WooCommerce product indexing (Pro only), modernizes taxonomy search with Tom Select, and enhances seamless mode logic with improved tracker response handling.