MAGETWO-45047: Data modification in Export result file

Leonid Poluyanov · Leonid Poluyanov · commit 04037a56193a · 2015-11-11T16:31:59.000+02:00
diff --git a/lib/internal/Magento/Framework/Convert/Excel.php b/lib/internal/Magento/Framework/Convert/Excel.php
@@ -134,6 +134,19 @@ protected function _getXmlRow($row, $useCallback)
             $value = htmlspecialchars($value);
             $dataType = is_numeric($value) && $value[0] !== '+' && $value[0] !== '0' ? 'Number' : 'String';
 
+            /**
+             * Security enhancement for CSV data processing by Excel-like applications.
+             * @see https://bugzilla.mozilla.org/show_bug.cgi?id=1054702
+             *
+             * @var $value string|\Magento\Framework\Phrase
+             */
+            if (!is_string($value)) {
+                $value = (string)$value;
+            }
+            if (isset($value[0]) && in_array($value[0], ['=', '+', '-'])) {
+                $value = ' ' . $value;
+            }
+
             $value = str_replace("\r\n", '&#10;', $value);
             $value = str_replace("\r", '&#10;', $value);
             $value = str_replace("\n", '&#10;', $value);
