• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
WooCommerce a2z

WooCommerce a2z

WooCommerce

  • Home
  • Plugins
  • Blocks
  • Shortcodes
  • APIs
  • Classes
  • Files
  • Hooks
  • Sitemap
  • Blog
Home / APIs / WC_CSV_Exporter::escape_data() – Escape a string to be used in a CSV context

You appear to be a bot. Output may be restricted

Description

Escape a string to be used in a CSV context

Malicious input can inject formulas into CSV files, opening up the possibility for phishing attacks and disclosure of sensitive information. Additionally, Excel exposes the ability to launch arbitrary commands through the DDE protocol.

Usage

$string = WC_CSV_Exporter::escape_data( $data );

Parameters

$data
( string ) required – CSV field to escape.

Returns

string

Source

File name: woocommerce/includes/export/abstract-wc-csv-exporter.php
Lines:

1 to 9 of 9
  public function escape_data( $data ) {
    $active_content_triggers = array( '=', '+', '-', '@' );

    if ( in_array( mb_substr( $data, 0, 1 ), $active_content_triggers, true ) ) {
      $data = "'" . $data;
    }

    return $data;
  }
 

 View on GitHub View on Trac

Published: 26th November 2019 | Last updated: 8th February 2020

Primary Sidebar

Information

Function name: WC_CSV_Exporter::escape_data
Class ref: WC_CSV_Exporter
Plugin ref: WooCommerce
Version: 5.0.0
Sourcefile: includes/export/abstract-wc-csv-exporter.php
File ref: includes/export/abstract-wc-csv-exporter.php
Deprecated?: No
API Letters: C,D,E,W

Footer

WooCommerce a2z
WooCommerce a2z
WooCommerce
WordPress 5.6.2
WordPress a2z
WordPress core a2z
Genesis Theme Framework a2z
Jetpack a2z
WordPress develop tests
Easy Digital Downloads a2z
WooCommerce a2z
Yoast SEO a2z
WordPress Blocks

Site:  woocommerce.wp-a2z.org
© Copyright WooCommerce a2z 2014-2021. All rights reserved.


Website designed and developed by Herb Miller
Proudly powered by WordPress and oik plugins

  • Home
  • Blog
  • Sitemap
  • Sites