WC_CSV_Exporter::escape_data() - Escape a string to be used in a CSV context

You appear to be a bot. Output may be restricted

Description

Escape a string to be used in a CSV context

Malicious input can inject formulas into CSV files, opening up the possibility for phishing attacks and disclosure of sensitive information. Additionally, Excel exposes the ability to launch arbitrary commands through the DDE protocol.

Usage

$string = WC_CSV_Exporter::escape_data( $data );

Parameters

$data: ( string ) required – CSV field to escape.

Returns

string

Source

File name: woocommerce/includes/export/abstract-wc-csv-exporter.php

Lines:

1 to 10 of 10

  public function escape_data( $data ) {
    $active_content_triggers = array( '=', '+', '-', '@' );

    if ( in_array( mb_substr( $data, 0, 1 ), $active_content_triggers, true ) ) {
      $data = "'" . $data;
    }

    return $data;
  }

View on GitHub View on Trac

Description

Usage

Parameters

Returns

Source

Footer