MAGETWO-37209: Excel Formula Injection via CSV/XML export - 2.x

Yaroslav Onischenko · Yaroslav Onischenko · commit d646dc19685a · 2015-11-05T11:41:04.000+02:00
diff --git a/app/code/Magento/Catalog/view/adminhtml/web/catalog/product/composite/configure.js b/app/code/Magento/Catalog/view/adminhtml/web/catalog/product/composite/configure.js
@@ -7,7 +7,8 @@ define([
     "jquery/ui",
     "mage/translate",
     "prototype",
-    'Magento_Ui/js/modal/modal'
+    "Magento_Ui/js/modal/modal",
+    "domReady!"
 ], function(jQuery){
 
     window.ProductConfigure = Class.create();
@@ -764,4 +765,4 @@ define([
     };
 
     productConfigure = new ProductConfigure();
-});
+});
diff --git a/lib/internal/Magento/Framework/Filesystem/Driver/File.php b/lib/internal/Magento/Framework/Filesystem/Driver/File.php
@@ -710,7 +710,7 @@ public function filePutCsv($resource, array $data, $delimiter = ',', $enclosure
             if (!is_string($value)) {
                 $value = (string)$value;
             }
-            if (isset($value[0]) && $value[0] === '=') {
+            if (isset($value[0]) && in_array($value[0], ['=', '+', '-'])) {
                 $data[$key] = ' ' . $value;
             }
         }
diff --git a/lib/internal/Magento/Framework/Filesystem/Io/File.php b/lib/internal/Magento/Framework/Filesystem/Io/File.php
@@ -190,7 +190,7 @@ public function streamWriteCsv(array $row, $delimiter = ',', $enclosure = '"')
             if (!is_string($value)) {
                 $value = (string)$value;
             }
-            if (isset($value[0]) && $value[0] === '=') {
+            if (isset($value[0]) && in_array($value[0], ['=', '+', '-'])) {
                 $row[$key] = ' ' . $value;
             }
         }

Original file line number	Diff line number	Diff line change
`@@ -710,7 +710,7 @@ public function filePutCsv($resource, array $data, $delimiter = ',', $enclosure`
`710`	`710`	`if (!is_string($value)) {`
`711`	`711`	`$value = (string)$value;`
`712`	`712`	`}`
`713`		`- if (isset($value[0]) && $value[0] === '=') {`
	`713`	`+ if (isset($value[0]) && in_array($value[0], ['=', '+', '-'])) {`
`714`	`714`	`$data[$key] = ' ' . $value;`
`715`	`715`	`}`
`716`	`716`	`}`
Original file line number	Diff line number	Diff line change
`@@ -190,7 +190,7 @@ public function streamWriteCsv(array $row, $delimiter = ',', $enclosure = '"')`
`190`	`190`	`if (!is_string($value)) {`
`191`	`191`	`$value = (string)$value;`
`192`	`192`	`}`
`193`		`- if (isset($value[0]) && $value[0] === '=') {`
	`193`	`+ if (isset($value[0]) && in_array($value[0], ['=', '+', '-'])) {`
`194`	`194`	`$row[$key] = ' ' . $value;`
`195`	`195`	`}`
`196`	`196`	`}`