Skip to main contentSkip to footer
Relevanssi.

relevanssi_allow_meta_query_regexp

Controls whether REGEXP meta queries are allowed or not.

apply_filters( 'relevanssi_allow_meta_query_regexp', bool $allow )

Parameters

$allow
(bool) Whether REGEXP and NOT REGEXP meta queries are allowed or not. Default false.

More information

Meta queries are a powerful tool. One part of that power is the ability to use regular expressions in meta queries. This feature is disabled in Relevanssi by default as allowing it opens a possibility for blind oracle attacks.

An attacker may use Relevanssi and Relevanssi Live Ajax Search in combination to search for posts and then try to figure out their custom field content using regular expressions (does the value in field foo begin with a? ab? abc?).

Since regular expression queries are something of a power feature, Relevanssi now locks them behind this filter hook. If you need regular expressions in your meta queries, you can allow them with:

add_filter( 'relevanssi_allow_meta_query_regexp', '__return_true' );