Sanitize names to avoid Formula Injections on CSV export

2017-01-05 18:48:46 +01:00 · 2017-01-05 18:48:46 +01:00 · b0e6b82877
commit b0e6b82877
parent b1d996f7d0
1 changed files with 1 additions and 0 deletions
--- a/app/classes/Framadate/Utils.php
+++ b/app/classes/Framadate/Utils.php
@ -179,6 +179,7 @@ class Utils {
        $escaped = str_replace('"', '""', $text);
        $escaped = str_replace("\r\n", '', $escaped);
        $escaped = str_replace("\n", '', $escaped);
+        $escaped = preg_replace("/^(=|\+|\-|\@)/", "'$1", $escaped);

        return '"' . $escaped . '"';
    }