Hi,

It looks like the search string is not escaped for SQL statements.

// Jan





Oova wrote: 
e.g., "order by" in mini search creates

Error number 4001 in 4: Error while parsing velocity page Main.WebSearch
Wrapped Exception: Invocation of method 'searchDocuments' in class
com.xpn.xwiki.api.XWiki threw exception com.xpn.xwiki.XWikiException: Error
number 3223 in 3: Exception while searching documents with sql where
doc.web<? Wrapped Exception: unexpected char: '%' select distinct doc.web,
doc.name, ' order by doc.date from com.xpn.xwiki.doc.XWikiDocument as doc
where doc.web<? @ Main.WebSearch92,27?

I know everybody is trying to make the version stable, but could somebody
explain, how the search algorithm works?
Uwe