diff options
Diffstat (limited to 'lib/axlsx')
| -rw-r--r-- | lib/axlsx/util/constants.rb | 10 | ||||
| -rw-r--r-- | lib/axlsx/workbook/worksheet/cell.rb | 14 | ||||
| -rw-r--r-- | lib/axlsx/workbook/worksheet/cell_serializer.rb | 4 |
3 files changed, 14 insertions, 14 deletions
diff --git a/lib/axlsx/util/constants.rb b/lib/axlsx/util/constants.rb index af8d9702..5ef3ece1 100644 --- a/lib/axlsx/util/constants.rb +++ b/lib/axlsx/util/constants.rb @@ -414,5 +414,15 @@ module Axlsx # Numeric recognition NUMERIC_REGEX = /\A[+-]?\d+?\Z/.freeze + # Leading characters that indicate a formula. + # See: https://owasp.org/www-community/attacks/CSV_Injection + FORMULA_PREFIX = '=' + + # Leading characters that indicate an array formula. + ARRAY_FORMULA_PREFIX = '{=' + + # Trailing character that indicates an array formula. + ARRAY_FORMULA_SUFFIX = '}' + BOOLEAN_VALUES = [true, false].freeze end diff --git a/lib/axlsx/workbook/worksheet/cell.rb b/lib/axlsx/workbook/worksheet/cell.rb index cbf55482..4d1bae63 100644 --- a/lib/axlsx/workbook/worksheet/cell.rb +++ b/lib/axlsx/workbook/worksheet/cell.rb @@ -73,16 +73,6 @@ module Axlsx CELL_TYPES = [:date, :time, :float, :integer, :richtext, :string, :boolean, :iso_8601, :text].freeze - # Leading characters that indicate a formula. - # See: https://owasp.org/www-community/attacks/CSV_Injection - FORMULA_PREFIXES = ['='].freeze - - # Leading characters that indicate an array formula. - ARRAY_FORMULA_PREFIXES = ['{='].freeze - - # Trailing character that indicates an array formula. - ARRAY_FORMULA_SUFFIX = '}' - # The index of the cellXfs item to be applied to this cell. # @return [Integer] # @see Axlsx::Styles @@ -396,14 +386,14 @@ module Axlsx def is_formula? return false if escape_formulas - type == :string && @value.to_s.start_with?(*FORMULA_PREFIXES) + type == :string && @value.to_s.start_with?(FORMULA_PREFIX) end def is_array_formula? return false if escape_formulas type == :string && - @value.to_s.start_with?(*ARRAY_FORMULA_PREFIXES) && + @value.to_s.start_with?(ARRAY_FORMULA_PREFIX) && @value.to_s.end_with?(ARRAY_FORMULA_SUFFIX) end diff --git a/lib/axlsx/workbook/worksheet/cell_serializer.rb b/lib/axlsx/workbook/worksheet/cell_serializer.rb index 2baa4271..f45d3c73 100644 --- a/lib/axlsx/workbook/worksheet/cell_serializer.rb +++ b/lib/axlsx/workbook/worksheet/cell_serializer.rb @@ -90,7 +90,7 @@ module Axlsx # @param [String] str The string the serialized content will be appended to. # @return [String] def formula_serialization(cell, str = +'') - str << 't="str"><f>' << cell.clean_value.to_s.sub('=', '') << '</f>' + str << 't="str"><f>' << cell.clean_value.to_s.delete_prefix(FORMULA_PREFIX) << '</f>' str << '<v>' << cell.formula_value.to_s << '</v>' unless cell.formula_value.nil? end @@ -99,7 +99,7 @@ module Axlsx # @param [String] str The string the serialized content will be appended to. # @return [String] def array_formula_serialization(cell, str = +'') - str << 't="str">' << '<f t="array" ref="' << cell.r << '">' << cell.clean_value.to_s.sub('{=', '').sub(/}$/, '') << '</f>' + str << 't="str">' << '<f t="array" ref="' << cell.r << '">' << cell.clean_value.to_s.delete_prefix(ARRAY_FORMULA_PREFIX).delete_suffix(ARRAY_FORMULA_SUFFIX) << '</f>' str << '<v>' << cell.formula_value.to_s << '</v>' unless cell.formula_value.nil? end |