diff options
author | Ben Burgess <88810029+bx80@users.noreply.github.com> | 2022-08-02 11:38:37 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-08-02 11:38:37 +0300 |
commit | 60b5bf5ad2b82647339697b2b2a1becb4f0040f5 (patch) | |
tree | 8a99e2e6f94c40c98790fd6260cc09c6a6c0afb3 /core | |
parent | d298c61aa158cc9e182dfa93b7332e839b7d615b (diff) |
Improve the sanitization of request parameters (#19577)
* Improve the sanitization of request parameters by replacing tab characters with spaces
* Adjust scope of value sanitization
* Fix commented line mistake
Diffstat (limited to 'core')
-rw-r--r-- | core/DataTable/Renderer/Csv.php | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/core/DataTable/Renderer/Csv.php b/core/DataTable/Renderer/Csv.php index b5aad2525e..c177160955 100644 --- a/core/DataTable/Renderer/Csv.php +++ b/core/DataTable/Renderer/Csv.php @@ -239,6 +239,8 @@ class Csv extends Renderer $value = $this->formatFormulas($value); + $value = str_replace(["\t"], ' ', $value); + if (is_string($value) && (strpos($value, '"') !== false || strpos($value, $this->separator) !== false) |