Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using htmlspecialchars to fix issue #3145 #3146

Merged
merged 4 commits into from
Nov 1, 2022
Merged

Using htmlspecialchars to fix issue #3145 #3146

merged 4 commits into from
Nov 1, 2022

Conversation

zappzerapp
Copy link
Contributor

This is:

- [X] a bugfix
- [ ] a new feature
- [ ] refactoring
- [ ] additional unit tests

Checklist:

Why this change is needed?

This prevents the SimpleXMLElement error "unterminated entity reference" when HTML entities are present in a worksheet #3145

Using htmlspecialchars to fix issue PHPOffice#3145: this prevents the…
3d53cb7 
… SimpleXMLElement error "unterminated entity reference" when HTML entities are present in a worksheet
@oleibman
Copy link
Collaborator

I am a bit concerned that the use of htmlspecialchars here might break other things for which we don't yet have unit tests. I need to run some more tests, but the following also fixes your test case and seems safer.

$childNode = $node->addChild('formula1');
if ($childNode !== null) { // null should never happen
    $childNode[0] = (string) $item->formula1->children(Namespaces::DATA_VALIDATIONS2)->f;
}

See https://stackoverflow.com/questions/552957/rationale-behind-simplexmlelements-handling-of-text-values-in-addchild-and-adda
And https://stackoverflow.com/questions/2970575/php-simplexmlelement-set-text

@zappzerapp
Copy link
Contributor Author

@oleibman have a look at the phpstan action

 Error: SimpleXMLElement does not accept string.
 ------ ------------------------------------------ 
  Line   src/PhpSpreadsheet/Reader/Xlsx.php        
 ------ ------------------------------------------ 
  945    SimpleXMLElement does not accept string.  
 ------ ------------------------------------------

@oleibman
Copy link
Collaborator

I am not sure I agree with PhpStan's analysis. I will open an issue there. In the meantime, I think it is safe to eliminate the string cast. Please give that a try. I have another variant in mind if that doesn't work.

@zappzerapp
Copy link
Contributor Author

I think we need your other variant 😄

@oleibman
Copy link
Collaborator

I am sorry this is causing such a problem. I will have something ready for you later today.

@oleibman
Copy link
Collaborator

Please re-code the erring line as:

$childNode[0] = (string) $item->formula1->children(Namespaces::DATA_VALIDATIONS2)->f; // @phpstan-ignore-line

I have verified that (a) it works, and (b) Phpstan doesn't complain. I apologize for not doing the (b) part for my earlier suggestions. We don't like using the annotations, but sometimes you just can't get around it.

To your test, please add an assertion that the formula is as expected:

self::assertSame(expected formula, $sheet->getCell('B2')->getDataValidation()->getFormula1());

Also please add at the very end of your test:

$spreadsheet->disconnectWorksheets();

@zappzerapp
Copy link
Contributor Author

Now everything looks good 🙂

@oleibman oleibman merged commit 3e40532 into PHPOffice:master Nov 1, 2022
@oleibman
Copy link
Collaborator

oleibman commented Nov 1, 2022

Thank you for your contribution, and your patience.

@oleibman oleibman mentioned this pull request Nov 1, 2022
Closed
8 tasks
MarkBaker added a commit that referenced this pull request Dec 21, 2022
@MarkBaker
1.26.0 - 2022-12-21
a40793c 
### Added

- Extended flag options for the Reader `load()` and Writer `save()` methods
- Apply Row/Column limits (1048576 and XFD) in ReferenceHelper [PR #3213](#3213)
- Allow the creation of In-Memory Drawings from a string of binary image data, or from a stream. [PR #3157](#3157)
- Xlsx Reader support for Pivot Tables [PR #2829](#2829)
- Permit Date/Time Entered on Spreadsheet to be calculated as Float [Issue #1416](#1416) [PR #3121](#3121)

### Changed

- Nothing

### Deprecated

- Direct update of Calculation::suppressFormulaErrors is replaced with setter.
- Font public static variable defaultColumnWidths replaced with constant DEFAULT_COLUMN_WIDTHS.
- ExcelError public static variable errorCodes replaced with constant ERROR_CODES.
- NumberFormat constant FORMAT_DATE_YYYYMMDD2 replaced with existing identical FORMAT_DATE_YYYYMMDD.

### Removed

- Nothing

### Fixed

- Fixed handling for `_xlws` prefixed functions from Office365 [Issue #3245](#3245) [PR #3247](#3247)
- Conditionals formatting rules applied to rows/columns are removed [Issue #3184](#3184) [PR #3213](#3213)
- Treat strings containing currency or accounting values as floats in Calculation Engine operations [Issue #3165](#3165) [PR #3189](#3189)
- Treat strings containing percentage values as floats in Calculation Engine operations [Issue #3155](#3155) [PR #3156](#3156) and [PR #3164](#3164)
- Xlsx Reader Accept Palette of Fewer than 64 Colors [Issue #3093](#3093) [PR #3096](#3096)
- Use Locale-Independent Float Conversion for Xlsx Writer Custom Property [Issue #3095](#3095) [PR #3099](#3099)
- Allow setting AutoFilter range on a single cell or row [Issue #3102](#3102) [PR #3111](#3111)
- Xlsx Reader External Data Validations Flag Missing [Issue #2677](#2677) [PR #3078](#3078)
- Reduces extra memory usage on `__destruct()` calls [PR #3092](#3092)
- Additional properties for Trendlines [Issue #3011](#3011) [PR #3028](#3028)
- Calculation suppressFormulaErrors fix [Issue #1531](#1531) [PR #3092](#3092)
- Permit Date/Time Entered on Spreadsheet to be Calculated as Float [Issue #1416](#1416) [PR #3121](#3121)
- Incorrect Handling of Data Validation Formula Containing Ampersand [Issue #3145](#3145) [PR #3146](#3146)
- Xlsx Namespace Handling of Drawings, RowAndColumnAttributes, MergeCells [Issue #3138](#3138) [PR #3136](#3137)
- Generation3 Copy With Image in Footer [Issue #3126](#3126) [PR #3140](#3140)
- MATCH Function Problems with Int/Float Compare and Wildcards [Issue #3141](#3141) [PR #3142](#3142)
- Fix ODS Read Filter on number-columns-repeated cell [Issue #3148](#3148) [PR #3149](#3149)
- Problems Formatting Very Small and Very Large Numbers [Issue #3128](#3128) [PR #3152](#3152)
- XlsxWrite preserve line styles for y-axis, not just x-axis [PR #3163](#3163)
- Xlsx Namespace Handling of Drawings, RowAndColumnAttributes, MergeCells [Issue #3138](#3138) [PR #3137](#3137)
- More Detail for Cyclic Error Messages [Issue #3169](#3169) [PR #3170](#3170)
- Improved Documentation for Deprecations - many PRs [Issue #3162](#3162)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@zappzerapp @oleibman