WC_CSV_Exporter::escape_data( string $data )

Escape a string to be used in a CSV context

Description
- See also
- Parameters
- Return
- Source
- Changelog
Related
- Used By
User Contributed Notes

Description Description

Malicious input can inject formulas into CSV files, opening up the possibility for phishing attacks and disclosure of sensitive information.

Additionally, Excel exposes the ability to launch arbitrary commands through the DDE protocol.

Parameters Parameters

$data: (Required) CSV field to escape.

Top ↑

Return Return

(string)

Top ↑

Source Source

File: includes/export/abstract-wc-csv-exporter.php

	public function escape_data( $data ) {
		$active_content_triggers = array( '=', '+', '-', '@' );

		if ( in_array( mb_substr( $data, 0, 1 ), $active_content_triggers, true ) ) {
			$data = "'" . $data;
		}

		return $data;
	}

Expand full source code Collapse full source code

Top ↑

Changelog Changelog

Changelog
Version	Description
3.1.0	Introduced.

Top ↑

Used By Used By

Used By
Used By	Description
includes/export/abstract-wc-csv-exporter.php: WC_CSV_Exporter::format_data()	Format and escape data ready for the CSV file.

Top ↑

User Contributed Notes User Contributed Notes

You must log in before being able to contribute a note or feedback.

Dev Resources

WC_CSV_Exporter::escape_data( string $data )

Contents

Description Description

See also See also

Parameters Parameters

Return Return

Source Source

Changelog Changelog

User Contributed Notes User Contributed Notes

WC_CSV_Exporter::escape_data( string $data )

Contents

Description #Description

See also #See also

Parameters #Parameters

Return #Return

Source #Source

Changelog #Changelog

Related #Related

Used By #Used By

User Contributed Notes #User Contributed Notes

Description Description

See also See also

Parameters Parameters

Return Return

Source Source

Changelog Changelog

Related Related

Used By Used By

User Contributed Notes User Contributed Notes