You appear to be a bot. Output may be restricted
Description
Escape a string to be used in a CSV context
Malicious input can inject formulas into CSV files, opening up the possibility for phishing attacks and disclosure of sensitive information. Additionally, Excel exposes the ability to launch arbitrary commands through the DDE protocol.
Usage
$string = WC_CSV_Exporter::escape_data( $data );
Parameters
- $data
- ( string ) required – CSV field to escape.
Returns
string
Source
File name: woocommerce/includes/export/abstract-wc-csv-exporter.php
Lines:
1 to 9 of 9
public function escape_data( $data ) { $active_content_triggers = array( '=', '+', '-', '@' ); if ( in_array( mb_substr( $data, 0, 1 ), $active_content_triggers, true ) ) { $data = "'" . $data; } return $data; }