Vulnerability in EPiServer.Forms
I have noticed that after updating to latest version of EpiFind, I can't find any results using 'like'. For example, let's have a phrase "abcdef", then when I use UnifiedSearch with phrase "abc", it will not return any result.
Can anybody confirm it?
Have you rebuilt the indexes after the Find package update?
Yes, we have reindexing job running every night.
Problem has been solved. It seems that we never had wildcard implementation.
After adding implementation provided by Joel Abrahamsson (I can't add here a link) wildcard queries started working. I might be that somebody changed implementation by accident some time ago, but nobody noticed that.
@Episerver: thanks for support.
Just want to say that wildcard search is extremely heavy on Find backend, so if you are using it a lot, you can bring down your Find subscription
We have around 50k search requests per day. Is it a lot in that case? Will it be heave even if it's running only for title, not body of each page? What do you mean by bringing down our subscription? Will it work slower becase of the load, or service might be not available at all?
We have some recommendation around the use of wildcards here (Scroll down to Wildcard searches section)
Thanks for that. After your recommendation, we decided to not use wildcard search. We have changed implementation a little bit. We still use UnifiedSearchFor, every word has separate weight 1 point, but when it's found in keywords, then it has 2 points. This imeplementation works correct for us, we are getting results that we are expecting, even if only some letters are matching beggining of single word. The only problem we found here, is it works only for 3 words, after adding 4th, we have no results (probably because of some exception). I will ivestigate it further.
public ITypeSearch<ISearchContent> Create(string query, string language)
var lang = _searchLanguageFactory.Create(language, _client);
var queriedSearch = _client.UnifiedSearchFor(query, lang);
var queries = SplitQueryToList(query);
ITypeSearch<ISearchContent> typeSearch = null;
foreach (var q in queries)
if (typeSearch == null)
typeSearch = queriedSearch.Include(x => x.SearchTitle.AnyWordBeginsWith(q), 1);
typeSearch = typeSearch.Include(x => x.SearchTitle.AnyWordBeginsWith(q), 1);
typeSearch = typeSearch.Include(x => ((MetaPageBase)x).Keywords.AnyWordBeginsWith(query), 2);
public List<string> SplitQueryToList(string query)
var list = query.Split(' ').Select(x => x.Trim()).ToList();