Merged in release/release-1.09 (pull request #10)

Release/release 1.09

* Install missing plugins 
* rs set to 1

* rebase pantheon for aws

* rebase pantheon for aws

* prod config change

* prod config change

* fix campaing issue

* revert


Approved-by: Jay Sharma

wp/wp-content/plugins/woocommerce/includes/export/abstract-wc-csv-exporter.php

@@ -360,7 +360,7 @@ abstract class WC_CSV_Exporter {
 	 * Additionally, Excel exposes the ability to launch arbitrary commands through
 	 * the DDE protocol.
 	 *
-	 * @see https://owasp.org/www-community/attacks/CSV_Injection
+	 * @see http://www.contextis.com/resources/blog/comma-separated-vulnerabilities/
 	 * @see https://hackerone.com/reports/72785
 	 *
 	 * @since 3.1.0
@@ -368,9 +368,7 @@ abstract class WC_CSV_Exporter {
 	 * @return string
 	 */
 	public function escape_data( $data ) {
-		// 0x09: Tab (\t)
-		// 0x0d: Carriage Return (\r)
-		$active_content_triggers = array( '=', '+', '-', '@', chr( 0x09 ), chr( 0x0d ) );
+		$active_content_triggers = array( '=', '+', '-', '@' );
 
 		if ( in_array( mb_substr( $data, 0, 1 ), $active_content_triggers, true ) ) {
 			$data = "'" . $data;