From e50f636dc0d2cd96772a6b55934bf9a7773f21fa Mon Sep 17 00:00:00 2001 From: Winfield Peterson Date: Wed, 29 Nov 2017 14:41:18 -0500 Subject: Axlsx.sanitize uses delete() vs. delete!() for frozen strings Whenever a frozen string is passed as an input to any sanitized value, we are modifying it in place which raised a RuntimeError if that string is frozen (as you might expect constants like header or workbook names to be). Use the safer delete() method which creates a new, modified copy of the string. --- lib/axlsx.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/axlsx.rb b/lib/axlsx.rb index c5d26c2b..20b5cab0 100644 --- a/lib/axlsx.rb +++ b/lib/axlsx.rb @@ -136,10 +136,10 @@ module Axlsx # @param [String] str The string to process # @return [String] def self.sanitize(str) - str.delete!(CONTROL_CHARS) + str.delete(CONTROL_CHARS) str end - + # If value is boolean return 1 or 0 # else return the value # @param [Object] value The value to process -- cgit v1.2.3 From ccc69882c6ec4fb8286282313620bceac32e592d Mon Sep 17 00:00:00 2001 From: Winfield Peterson Date: Thu, 30 Nov 2017 10:36:20 -0500 Subject: Axlsx.sanitize() writes in place or copies on write Depending on whether a string is frozen, either a new string is created sanitized or the existing string is modified in place. --- lib/axlsx.rb | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/lib/axlsx.rb b/lib/axlsx.rb index 20b5cab0..586562f6 100644 --- a/lib/axlsx.rb +++ b/lib/axlsx.rb @@ -136,8 +136,12 @@ module Axlsx # @param [String] str The string to process # @return [String] def self.sanitize(str) - str.delete(CONTROL_CHARS) - str + if str.frozen? + str.delete(CONTROL_CHARS) + else + str.delete!(CONTROL_CHARS) + str + end end # If value is boolean return 1 or 0 -- cgit v1.2.3 From b34286f6975679e9e5eb390241eb05f95759461b Mon Sep 17 00:00:00 2001 From: Winfield Peterson Date: Tue, 6 Feb 2018 17:22:59 -0500 Subject: Adds Axlsx.sanitize() unit tests Verify frozen/unfrozen paths for sanitize() helper. --- test/tc_axlsx.rb | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/test/tc_axlsx.rb b/test/tc_axlsx.rb index 99832f63..3d6a2e70 100644 --- a/test/tc_axlsx.rb +++ b/test/tc_axlsx.rb @@ -79,4 +79,25 @@ class TestAxlsx < Test::Unit::TestCase assert_equal([['Z5', 'AA5', 'AB5'], ['Z6', 'AA6', 'AB6']], Axlsx::range_to_a('Z5:AB6')) end + def test_sanitize_frozen_control_strippped + needs_sanitize = "legit\x08".freeze # Backspace control char + + assert_equal(Axlsx.sanitize(needs_sanitize), 'legit', 'should strip control chars') + end + + def test_sanitize_unfrozen_control_strippped + needs_sanitize = "legit\x08" # Backspace control char + sanitized_str = Axlsx.sanitize(needs_sanitize) + + assert_equal(sanitized_str, 'legit', 'should strip control chars') + assert_equal(sanitized_str.object_id, sanitized_str.object_id, 'should preserve object') + end + + def test_sanitize_unfrozen_no_sanitize + legit_str = 'legit' + sanitized_str = Axlsx.sanitize(legit_str) + + assert_equal(sanitized_str, legit_str, 'should preserve value') + assert_equal(sanitized_str.object_id, legit_str.object_id, 'should preserve object') + end end -- cgit v1.2.3