ofco/medicalalert-web-reloaded
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

rebase from live enviornment

Browse Source
This commit is contained in:
Rachit Bhargava
2024-01-09 22:14:20 -05:00
parent ff0b49a046
commit 3a22fcaa4a
15968 changed files with 2344674 additions and 45234 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
wp/wp-content/plugins/woocommerce/includes/export/abstract-wc-csv-exporter.php
View File

@@ -360,7 +360,7 @@ abstract class WC_CSV_Exporter {
* Additionally, Excel exposes the ability to launch arbitrary commands through
* the DDE protocol.
*
* @see http://www.contextis.com/resources/blog/comma-separated-vulnerabilities/
* @see https://owasp.org/www-community/attacks/CSV_Injection
* @see https://hackerone.com/reports/72785
*
* @since 3.1.0
@@ -368,7 +368,9 @@ abstract class WC_CSV_Exporter {
* @return string
*/
public function escape_data( $data ) {
$active_content_triggers = array( '=', '+', '-', '@' );
// 0x09: Tab (\t)
// 0x0d: Carriage Return (\r)
$active_content_triggers = array( '=', '+', '-', '@', chr( 0x09 ), chr( 0x0d ) );
if ( in_array( mb_substr( $data, 0, 1 ), $active_content_triggers, true ) ) {
$data = "'" . $data;