Chapril/date.chapril.org-framadate
Chapril/date.chapril.org-framadate
24
1
Fork 0
Code Issues Pull Requests Releases Activity

Sanitize names to avoid Formula Injections on CSV export

Browse Source
This commit is contained in:
framartin 2017-01-05 18:48:46 +01:00
parent b1d996f7d0
commit b0e6b82877
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/classes/Framadate/Utils.php
View File

@ -179,6 +179,7 @@ class Utils {
$escaped = str_replace('"', '""', $text); $escaped = str_replace('"', '""', $text);
$escaped = str_replace("\r\n", '', $escaped); $escaped = str_replace("\r\n", '', $escaped);
$escaped = str_replace("\n", '', $escaped); $escaped = str_replace("\n", '', $escaped);
$escaped = preg_replace("/^(=|\+|\-|\@)/", "'$1", $escaped);
return '"' . $escaped . '"'; return '"' . $escaped . '"';
} }