Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fixed issue: [security] Issue in CSV user export
  • Loading branch information
c-schmitz committed Mar 23, 2023
1 parent a273bd7 commit 9531225
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions application/controllers/UserManagementController.php
Expand Up @@ -808,11 +808,11 @@ public function actionExportUser(string $outputFormat, int $uid = 0)
fprintf($fp, chr(0xEF) . chr(0xBB) . chr(0xBF));
$header = array('uid', 'users_name', 'full_name', 'email', 'lang', 'password');
//Add csv header
fputcsv($fp, $header, ';');
fputcsv($fp, $header, ';', '"');

//add csv row datas
foreach ($aUsers as $fields) {
fputcsv($fp, $fields, ';');
fputcsv($fp, $fields, ';', '"');
}
fclose($fp);
header('Content-Encoding: UTF-8');
Expand Down

1 comment on commit 9531225

@Shnoulle
Copy link
Collaborator

@Shnoulle Shnoulle commented on 9531225 Mar 27, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

'"' is not the default enclosure ?
https://www.php.net/manual/fr/function.fputcsv.php

I don't understand the security issue here ?

Please sign in to comment.