From 10e40c5707d383303c7837f526c3ab06466ede98 Mon Sep 17 00:00:00 2001 From: Simon Green Date: Mon, 6 Oct 2014 15:04:40 +0000 Subject: Bug 1054702: CSV export vulnerable to formulae injection r=glob,a=glob --- template/en/default/reports/report-table.csv.tmpl | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'template/en/default/reports') diff --git a/template/en/default/reports/report-table.csv.tmpl b/template/en/default/reports/report-table.csv.tmpl index e2a92b51d..e94014b92 100644 --- a/template/en/default/reports/report-table.csv.tmpl +++ b/template/en/default/reports/report-table.csv.tmpl @@ -23,11 +23,13 @@ [% END %] [% tbl_field_disp FILTER csv %]: [% tbl_disp FILTER csv %] [% END %] -[% IF row_field %] +[% IF row_field && col_field %] + [% row_field_disp _ ' / ' _ col_field_disp FILTER csv %] +[% ELSIF row_field %] [% row_field_disp FILTER csv %] +[% ELSE %] + [% col_field_disp FILTER csv %] [% END %] -[% " / " IF col_field AND row_field %] -[% col_field_disp FILTER csv %] [% IF col_field -%] [% FOREACH col = col_names -%] [% colsepchar %] -- cgit v1.2.3-24-g4f1b