From 9dcfd9a5c299249949c2be609ce7d15c2acd0943 Mon Sep 17 00:00:00 2001
From: Vladislav Lyshenko <vladdnepr1989@gmail.com>
Date: Tue, 23 Nov 2021 16:45:43 +0200
Subject: [PATCH] Use standard temporary file for internal use of HTMLPurifier
 (#2383)

---
 CHANGELOG.md                       | 2 +-
 src/PhpSpreadsheet/Writer/Html.php | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8dc363be4d..c1ed732097 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,7 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org).
 
 ### Added
 
-- Nothing
+- Use tmp dir in HTMLPurifier config
 
 ### Changed
 
diff --git a/src/PhpSpreadsheet/Writer/Html.php b/src/PhpSpreadsheet/Writer/Html.php
index 9a8c0ff6df..a59ea1f931 100644
--- a/src/PhpSpreadsheet/Writer/Html.php
+++ b/src/PhpSpreadsheet/Writer/Html.php
@@ -1769,6 +1769,10 @@ private function writeComment(Worksheet $worksheet, $coordinate)
         $result = '';
         if (!$this->isPdf && isset($worksheet->getComments()[$coordinate])) {
             $sanitizer = new HTMLPurifier();
+            $cachePath = File::sysGetTempDir() . '/phpsppur';
+            if (is_dir($cachePath) || mkdir($cachePath)) {
+                $sanitizer->config->set('Cache.SerializerPath', $cachePath);
+            }
             $sanitizedString = $sanitizer->purify($worksheet->getComment($coordinate)->getText()->getPlainText());
             if ($sanitizedString !== '') {
                 $result .= '<a class="comment-indicator"></a>';