Filename is not escaped and therefore is a potential problem

emerinohdz / php-excel

Automatically exported from code.google.com/p/php-excel

MIT License

0 stars 0 forks source link

Filename is not escaped and therefore is a potential problem #10

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

What steps will reproduce the problem?

When using $xml->generateXML($filename) the filename is used without proper
validation of allowed characters. This may cause errors when delivering out
the file.

What is the expected output? What do you see instead?

Use a whitelist filter to correct the filename before sending out the files.

Original issue reported on code.google.com by oliver.s...@gmail.com on 10 Sep 2009 at 12:24

GoogleCodeExporter commented 8 years ago

The filename is now 1) optional and 2) escaped by a whitelist filter.

Original comment by oliver.s...@gmail.com on 10 Sep 2009 at 2:25

Changed state: Fixed