Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Escape spreadsheet special characters to prevent formula exploits #50

Merged
merged 6 commits into from
Dec 23, 2020

Conversation

jamesros161
Copy link
Collaborator

No description provided.

Copy link
Member

@cssjoe cssjoe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All of the code can be reverted and the line prepending the ' can be after

$value = trim( strip_tags( $value ) );
. Also, that weforms_get_pain_text method has a duplicate is_array condition that can be eliminated.

includes/admin/class-admin.php Outdated Show resolved Hide resolved
@jamesros161 jamesros161 merged commit 01eb24c into master Dec 23, 2020
@cssjoe cssjoe deleted the escape-formulas branch December 23, 2020 17:57
jamesros161 added a commit that referenced this pull request Dec 23, 2020
Updated contributors ( +jamesros161 ), stable tag ( 1.6.4 ), and changelog:
= Version 1.6.4 (23 December, 2020) =
* **Fix:** Added spreadsheet function escaping to prevent CSV exploits. [#50] (#50)
* **Update:** Update Node Packages
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants