mirror/snipe-it
3
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-10-29 19:31:41 +00:00
Code Issues Projects Releases Wiki Activity

Made a conditional escape according to .env

Browse Source 
Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
snipe 2022-09-30 09:48:43 -07:00
parent bae200edd7
commit 5a7e35c0e8
3 changed files with 30 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.env.example
View File

@ -173,3 +173,4 @@ IMPORT_MEMORY_LIMIT=500M
REPORT_TIME_LIMIT=12000
REQUIRE_SAML=false
API_THROTTLE_PER_MINUTE=120
CSV_ESCAPE_FORMULAS=true

13
app/Http/Controllers/ReportsController.php
View File

@ -411,6 +411,7 @@ class ReportsController extends Controller
$customfields = CustomField::get();
$response = new StreamedResponse(function () use ($customfields, $request) {
\Log::debug('Starting streamed response');
\Log::debug('CSV escaping is set to: '.config('app.escape_formulas'));
// Open output stream
$handle = fopen('php://output', 'w');
@ -858,7 +859,17 @@ class ReportsController extends Controller
$row[] = $asset->$column_name;
}
}
fputcsv($handle, $formatter->escapeRecord($row));
// CSV_ESCAPE_FORMULAS is set to false in the .env
if (config('app.escape_formulas') === false) {
fputcsv($handle, $row);
// CSV_ESCAPE_FORMULAS is set to true or is not set in the .env
} else {
fputcsv($handle, $formatter->escapeRecord($row));
}
$executionTime = microtime(true) - $_SERVER['REQUEST_TIME_FLOAT'];
\Log::debug('-- Record '.$count.' Asset ID:'.$asset->id.' in '.$executionTime);
}

18
config/app.php
View File

@ -394,7 +394,7 @@ return [
'allow_purge' => env('ALLOW_DATA_PURGE', false),
/*
/*
|--------------------------------------------------------------------------
| Allow Backup Deletion
|--------------------------------------------------------------------------
@ -405,4 +405,20 @@ return [
'allow_backup_delete' => env('ALLOW_BACKUP_DELETE', false),
/*
|--------------------------------------------------------------------------
| Escape Excel formulas in CSV exports
|--------------------------------------------------------------------------
|
| This determins whether or not we should escape Excel formulas in CSV exports.
| This can be UNSAFE in untrusted environments, and therefore defaults to true
| so that Excel forumals WILL be escaped in CSV exports, however if your workflow
| is designed around using formulas in your fields, you
| you can set CSV_ESCAPE_FORMULAS to 'false' in your .env.
|
*/
'escape_formulas' => env('CSV_ESCAPE_FORMULAS', true),
];