This closes #1391, escape XML characters to avoid with corrupt file

- Update and improve unit test coverage
pull/2/head
xuri 2 years ago
parent ac564afa56
commit 45d168c79d
No known key found for this signature in database
GPG Key ID: BA5E5BB1C948EDF7

@ -279,17 +279,15 @@ func (f *File) adjustAutoFilter(ws *xlsxWorksheet, dir adjustDirection, num, off
rowData.Hidden = false rowData.Hidden = false
} }
} }
return nil return err
} }
coordinates = f.adjustAutoFilterHelper(dir, coordinates, num, offset) coordinates = f.adjustAutoFilterHelper(dir, coordinates, num, offset)
x1, y1, x2, y2 = coordinates[0], coordinates[1], coordinates[2], coordinates[3] x1, y1, x2, y2 = coordinates[0], coordinates[1], coordinates[2], coordinates[3]
if ws.AutoFilter.Ref, err = f.coordinatesToRangeRef([]int{x1, y1, x2, y2}); err != nil { ws.AutoFilter.Ref, err = f.coordinatesToRangeRef([]int{x1, y1, x2, y2})
return err return err
} }
return nil
}
// adjustAutoFilterHelper provides a function for adjusting auto filter to // adjustAutoFilterHelper provides a function for adjusting auto filter to
// compare and calculate cell reference by the given adjust direction, operation // compare and calculate cell reference by the given adjust direction, operation

@ -12,6 +12,7 @@
package excelize package excelize
import ( import (
"bytes"
"encoding/xml" "encoding/xml"
"fmt" "fmt"
"os" "os"
@ -490,7 +491,9 @@ func (c *xlsxC) setCellValue(val string) {
// string. // string.
func (c *xlsxC) setInlineStr(val string) { func (c *xlsxC) setInlineStr(val string) {
c.T, c.V, c.IS = "inlineStr", "", &xlsxSI{T: &xlsxT{}} c.T, c.V, c.IS = "inlineStr", "", &xlsxSI{T: &xlsxT{}}
c.IS.T.Val, c.IS.T.Space = trimCellValue(val) buf := &bytes.Buffer{}
_ = xml.EscapeText(buf, []byte(val))
c.IS.T.Val, c.IS.T.Space = trimCellValue(buf.String())
} }
// setStr set cell data type and value which containing a formula string. // setStr set cell data type and value which containing a formula string.

@ -58,11 +58,19 @@ func TestStreamWriter(t *testing.T) {
// Test set cell with style and rich text. // Test set cell with style and rich text.
styleID, err := file.NewStyle(&Style{Font: &Font{Color: "#777777"}}) styleID, err := file.NewStyle(&Style{Font: &Font{Color: "#777777"}})
assert.NoError(t, err) assert.NoError(t, err)
assert.NoError(t, streamWriter.SetRow("A4", []interface{}{Cell{StyleID: styleID}, Cell{Formula: "SUM(A10,B10)"}}, RowOpts{Height: 45, StyleID: styleID})) assert.NoError(t, streamWriter.SetRow("A4", []interface{}{
assert.NoError(t, streamWriter.SetRow("A5", []interface{}{&Cell{StyleID: styleID, Value: "cell"}, &Cell{Formula: "SUM(A10,B10)"}, []RichTextRun{ Cell{StyleID: styleID},
Cell{Formula: "SUM(A10,B10)", Value: " preserve space "},
},
RowOpts{Height: 45, StyleID: styleID}))
assert.NoError(t, streamWriter.SetRow("A5", []interface{}{
&Cell{StyleID: styleID, Value: "cell <>&'\""},
&Cell{Formula: "SUM(A10,B10)"},
[]RichTextRun{
{Text: "Rich ", Font: &Font{Color: "2354e8"}}, {Text: "Rich ", Font: &Font{Color: "2354e8"}},
{Text: "Text", Font: &Font{Color: "e83723"}}, {Text: "Text", Font: &Font{Color: "e83723"}},
}})) },
}))
assert.NoError(t, streamWriter.SetRow("A6", []interface{}{time.Now()})) assert.NoError(t, streamWriter.SetRow("A6", []interface{}{time.Now()}))
assert.NoError(t, streamWriter.SetRow("A7", nil, RowOpts{Height: 20, Hidden: true, StyleID: styleID})) assert.NoError(t, streamWriter.SetRow("A7", nil, RowOpts{Height: 20, Hidden: true, StyleID: styleID}))
assert.EqualError(t, streamWriter.SetRow("A8", nil, RowOpts{Height: MaxRowHeight + 1}), ErrMaxRowHeight.Error()) assert.EqualError(t, streamWriter.SetRow("A8", nil, RowOpts{Height: MaxRowHeight + 1}), ErrMaxRowHeight.Error())

Loading…
Cancel
Save