Fix #9338: CSV export does not escape all characters

Changed escaping method (strings could be escaped twice).

Signed-off-by: David Hicks <hickseydr@optusnet.com.au>

core/csv_api.php

@@ -72,18 +72,17 @@ function csv_get_default_filename() {
  * @access public
  */
 function csv_escape_string( $p_str ) {
-
-	# enclose strings with separators with quotaiton marks
-	if( strpos( $p_str, csv_get_separator() ) !== false ) {
-		$p_str = '"' . str_replace( '"', '""', $p_str ) . '"';
-	}
-
-	# enclose multi-line strings with quotaiton marks
-	if( strpos( $p_str, "\n" ) !== false ) {
-		$p_str = '"' . str_replace( '"', '""', $p_str ) . '"';
-	}
-
-	return $p_str;
+		$t_escaped = str_split( '"' . csv_get_separator() . csv_get_newline() );
+		$t_must_escape = false;
+		while( ( $t_char = current( $t_escaped ) ) !== false && !$t_must_escape ) {
+			$t_must_escape = strpos( $p_str, $t_char ) !== false;
+			next( $t_escaped );
+		}
+		if ( $t_must_escape ) {
+			$p_str = '"' . str_replace( '"', '""', $p_str ) . '"';
+		}
+
+		return $p_str;
 }
 
 /**