Sanitize names to avoid Formula Injections on CSV export

This commit is contained in:
framartin 2017-01-05 18:48:46 +01:00
parent b1d996f7d0
commit b0e6b82877

View File

@ -179,6 +179,7 @@ class Utils {
$escaped = str_replace('"', '""', $text);
$escaped = str_replace("\r\n", '', $escaped);
$escaped = str_replace("\n", '', $escaped);
$escaped = preg_replace("/^(=|\+|\-|\@)/", "'$1", $escaped);
return '"' . $escaped . '"';
}