Xml::loadSpreadsheetFromString() tries to open file when using falsy argument #3999
Closed
3 of 11 tasks
Comments
oleibman
added a commit
to oleibman/PhpSpreadsheet
that referenced
this issue
Apr 27, 2024
Fix PHPOffice#3999. Fix PHPOffice#4000. Fix PHPOffice#4002. Several bug reports and feature requests for Xml Reader arrived practically simultaneously. They are all small and hit the same code modules, so I have bundled them together in one PR. - `loadSpreadsheetFromString` might try to open a file with a falsy name (like '0'), which results in an exception with a misleading message (or a completely unexpected result if a file with that name exists). Code will still throw an exception, but the message will no longer be misleading, and no file I/O will be attempted. - function `trySimpleXmlLoadString` is deprecated. It should never have been implemented with public visibility, and the fact that it was made the fix above a little more difficult than it would otherwise have been. It is replaced with a private equivalent. - Style reader function `parseStyles` will now use a better namespace-aware method of reading its Xml data. Peculiarly, the Xml for the Style elements can either include or not a namespace prefix. This is probably because the global namespace and the styles namespace are the same. The existing prefix-based code does not recognize their equivalence, but the new namespace-based code does. Xml Reader continues to use prefix-based code in several other places. - Border line styles with Weight omitted or equal to 0 have been treated as no border, but they should be treated as 'hair' thickness. - Support for Zoom is added to Xml Reader. - In support of the above, new properties (and getters and setters) zoomScalePageLayoutView and zoomScaleSheetLayoutView are added to Worksheet/SheetView. (As far as I can tell, Excel does not support Sheet Layout View for Xml spreadsheets). - Support is added for those new properties in Xlsx Reader and Writer. - Xls Reader and Writer seem to work okay without changes. There is one test where Xls shows a different value for one of the properties than Xml or Xlsx, but the spreadsheet looks okay and I don't see any practical consequences of the difference. - PageBreak support is added to Xml Reader. - Code for writing out Column Page Breaks in Xlsx Writer was wrong (and, unsurprisingly, untested). A one-line change fixes it, and tests are added.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is:
What is the expected behavior?
Calling
Xml::loadSpreadsheetFromString()with any value should never try to load a file from disk.What is the current behavior?
Calling
loadSpreadsheetFromString(0)tries to load a file named0and triggers this warning:I think this happens because of
$this->fileContents ?: file_get_contents($filename), anyfileContentsvalue that is evaluated as false triggersfile_get_contents().What are the steps to reproduce?
Please provide a Minimal, Complete, and Verifiable example of code that exhibits the issue without relying on an external Excel file or a web server:
If this is an issue with reading a specific spreadsheet file, then it may be appropriate to provide a sample file that demonstrates the problem; but please keep it as small as possible, and sanitize any confidential information before uploading.
What features do you think are causing the issue
Does an issue affect all spreadsheet file formats? If not, which formats are affected?
I think only the XML reader is affected.
Which versions of PhpSpreadsheet and PHP are affected?
2.0.0
The text was updated successfully, but these errors were encountered: