HomePhabricator
Diffusion Phabricator f9336e56940f

Mangle cells that look a little bit like formulas in CSV files
f9336e56940f
Actions

Description

Mangle cells that look a little bit like formulas in CSV files

Summary:
Fixes T12800. See that task for discussion. When a cell in a CSV begins with "=", "+", "-", or "@", mangle the content to discourage Excel from executing it.

This is clumsy, but we support other formats (e.g., JSON) which preserve the data faithfully and you should probably be using JSON if you're going to do anything programmatic with it.

We could add two formats or a checkbox or a warning or something but cells with these symbols are fairly rare anyway.

Some possible exceptions I can think of are "user monograms" (but we don't export those right now) and "negative numbers" (but also no direct export today). We can add exceptions for those as they arise.

Test Plan: Exported a task named =cmd|'/C evil.exe'!A0, saw the title get mangled with "(!)" in front.

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T12800

Differential Revision: https://secure.phabricator.com/D18974

Details

Provenance
epriestleyAuthored on Jan 30 2018, 11:58 PM
epriestleyPushed on Jan 31 2018, 11:33 PM
Reviewer
amckinley
Differential Revision
D18974: Mangle cells that look a little bit like formulas in CSV files
Parents
rPc9df8f77c8b5: Fix transcription of single-value bulk edit fields ("Assign to")
Branches
Unknown
Tags
Unknown
Tasks
T12800: When Excel opens a CSV file, it just runs whatever arbitrary code might be in the file
Build Status
Buildable 19311
Build 26099: Run Core Tests

Changes (1)

PathSize
src/
infrastructure/
export/
format/

rPf9336e56940f

View Options

src/infrastructure/export/format/PhabricatorCSVExportFormat.php

Loading...
Phabricator ยท Built by Phacility