From bea334f159508cdb94adbfd01cdca99776e05507 Mon Sep 17 00:00:00 2001 From: James Cole Date: Fri, 3 Jul 2026 06:26:38 +0200 Subject: [PATCH] Several reports of a possible unescaped data situation, thanks all. --- app/Support/Export/ExportDataGenerator.php | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/app/Support/Export/ExportDataGenerator.php b/app/Support/Export/ExportDataGenerator.php index 580cb8f2eb..f361cf8c12 100644 --- a/app/Support/Export/ExportDataGenerator.php +++ b/app/Support/Export/ExportDataGenerator.php @@ -60,6 +60,7 @@ use FireflyIII\User; use Illuminate\Support\Collection; use Illuminate\Support\Facades\Log; use League\Csv\CannotInsertRecord; +use League\Csv\EscapeFormula; use League\Csv\Exception; use League\Csv\Writer; use Psr\Container\ContainerExceptionInterface; @@ -285,6 +286,8 @@ class ExportDataGenerator // load the CSV document from a string $csv = Writer::fromString(); + $escaper = new EscapeFormula(); + $csv->addFormatter($escaper->escapeRecord(...)); // insert the header try { @@ -354,6 +357,8 @@ class ExportDataGenerator // load the CSV document from a string $csv = Writer::fromString(); + $escaper = new EscapeFormula(); + $csv->addFormatter($escaper->escapeRecord(...)); // insert the header try { @@ -413,6 +418,8 @@ class ExportDataGenerator // load the CSV document from a string $csv = Writer::fromString(); + $escaper = new EscapeFormula(); + $csv->addFormatter($escaper->escapeRecord(...)); // insert the header try { @@ -458,6 +465,8 @@ class ExportDataGenerator // load the CSV document from a string $csv = Writer::fromString(); + $escaper = new EscapeFormula(); + $csv->addFormatter($escaper->escapeRecord(...)); // insert the header try { @@ -538,6 +547,8 @@ class ExportDataGenerator // load the CSV document from a string $csv = Writer::fromString(); + $escaper = new EscapeFormula(); + $csv->addFormatter($escaper->escapeRecord(...)); // insert the header try { @@ -705,6 +716,8 @@ class ExportDataGenerator } // load the CSV document from a string $csv = Writer::fromString(); + $escaper = new EscapeFormula(); + $csv->addFormatter($escaper->escapeRecord(...)); // insert the header try { @@ -852,6 +865,8 @@ class ExportDataGenerator // load the CSV document from a string $csv = Writer::fromString(); + $escaper = new EscapeFormula(); + $csv->addFormatter($escaper->escapeRecord(...)); // insert the header try { @@ -908,6 +923,8 @@ class ExportDataGenerator // load the CSV document from a string $csv = Writer::fromString(); + $escaper = new EscapeFormula(); + $csv->addFormatter($escaper->escapeRecord(...)); // insert the header try { @@ -1104,6 +1121,8 @@ class ExportDataGenerator // load the CSV document from a string $csv = Writer::fromString(); + $escaper = new EscapeFormula(); + $csv->addFormatter($escaper->escapeRecord(...)); // insert the header try {