From 10e40c5707d383303c7837f526c3ab06466ede98 Mon Sep 17 00:00:00 2001
From: Simon Green <sgreen@redhat.com>
Date: Mon, 6 Oct 2014 15:04:40 +0000
Subject: Bug 1054702: CSV export vulnerable to formulae injection
 r=glob,a=glob

---
 template/en/default/reports/report-table.csv.tmpl | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'template/en/default/reports/report-table.csv.tmpl')

diff --git a/template/en/default/reports/report-table.csv.tmpl b/template/en/default/reports/report-table.csv.tmpl
index e2a92b51d..e94014b92 100644
--- a/template/en/default/reports/report-table.csv.tmpl
+++ b/template/en/default/reports/report-table.csv.tmpl
@@ -23,11 +23,13 @@
   [% END %]
   [% tbl_field_disp FILTER csv %]: [% tbl_disp FILTER csv %]
 [% END %]
-[% IF row_field %]
+[% IF row_field && col_field %]
+  [% row_field_disp _ ' / ' _ col_field_disp FILTER csv %]
+[% ELSIF row_field %]
   [% row_field_disp FILTER csv %]
+[% ELSE %]
+  [% col_field_disp FILTER csv %]
 [% END %]
-[% " / " IF col_field AND row_field %]
-[% col_field_disp FILTER csv %]
 [% IF col_field -%]
   [% FOREACH col = col_names -%]
     [% colsepchar %]
-- 
cgit v1.2.3-24-g4f1b