inthere/csv-security-formatter

There is no license information available for the latest version (1.0.0) of this package.

Formatter for thephpleague/csv package to increase security for csv exports with user generated content

Maintainers

Details

github.com/InThere/csv-security-formatter

Source

Issues

Installs: 48

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 4

Forks: 1

1.0.0 2017-10-11 18:53 UTC

Requires (Dev)

Unknown License 43c53711020f76d7a4ddac55b38e0dfe943a83df

  • Dick van der Heiden <d.vanderheiden.woop@inthere.nl>

This package is auto-updated.

Last update: 2024-05-15 20:54:52 UTC

README

Formatter for league/csv package to increase security for csv exports with user generated content. For more information about the security risks of user generated content in csv exports, please read http://georgemauer.net/2017/10/07/csv-injection.html.

Installation

You can install the package via composer:

composer require inthere/csv-security-formatter

Usage

Start the formatter. The formatter accept a boolean as parameter, provide false when you want to remove the formula instead of escaping.

$csvSecurityFormatter = new \InThere\CsvSecurityFormatter\CsvSecurityFormatter();

Provide the formula to the writer.

$writer = Writer::createFromFileObject(new SplTempFileObject());
$writer->addFormatter($csvSecurityFormatter);
$writer->insertOne(['=2*5', 'foo', 'bar']);

Create the csv.

$writer->__toString();

Tests

$ vendor/bin/phpunit

Contributors

Contributions are welcome. We accept contributions via pull requests on Github.

License

The MIT License (MIT). Please see the License File for more information.

About InThere

InThere - "The training Through Gaming Company" - speeds up training your team and change processes by providing a micro-training concept based on serious games.