Mercurial > p > roundup > code
diff roundup/cgi/actions.py @ 6190:15fd91fd3c4c
Quote all exported CSV data
Quote all non-numeric data in csv export functions. Report that a
title like '=a2+b3' could be interpreted as a function in Excel and
executed. csv.writer now includes quoting=csv.QUOTE_NONNUMERIC to
generate quoted values for all fields. This should make the string
starting with = be interpreted as a string and not a formula.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Mon, 08 Jun 2020 16:18:21 -0400 |
| parents | f74d078cfd9a |
| children | 45ba6b71f1cf |
line wrap: on
line diff
--- a/roundup/cgi/actions.py Sun Jun 07 18:10:51 2020 -0400 +++ b/roundup/cgi/actions.py Mon Jun 08 16:18:21 2020 -0400 @@ -1438,7 +1438,7 @@ self.client.STORAGE_CHARSET, self.client.charset, 'replace') - writer = csv.writer(wfile) + writer = csv.writer(wfile, quoting=csv.QUOTE_NONNUMERIC) # handle different types of columns. def repr_no_right(cls, col): @@ -1603,7 +1603,7 @@ self.client.STORAGE_CHARSET, self.client.charset, 'replace') - writer = csv.writer(wfile) + writer = csv.writer(wfile, quoting=csv.QUOTE_NONNUMERIC) self.client._socket_op(writer.writerow, columns) # and search