Grunion_Contact_Form_Plugin::esc_csv PHP Method

Grunion_Contact_Form_Plugin Class Documentation Mostrar archivo Open project: automattic/jetpack

esc_csv() public method

Malicious input can inject formulas into CSV files, opening up the possibility for phishing attacks and disclosure of sensitive information. Additionally, Excel exposes the ability to launch arbitrary commands through the DDE protocol.
See also: http://www.contextis.com/resources/blog/comma-separated-vulnerabilities/
public esc_csv ( string $field ) : string
$field string
return string 
    function esc_csv($field)
    {
        $active_content_triggers = array('=', '+', '-', '@');
        if (in_array(mb_substr($field, 0, 1), $active_content_triggers, true)) {
            $field = "'" . $field;
        }
        return $field;
    }
Grunion_Contact_Form_Plugin
__construct
add_shortcode
ajax_request
akismet_submit
allow_feedback_rest_api_type
daily_akismet_meta_cleanup
download_feedback_as_csv
esc_csv
export_form
get_export_data_for_posts
get_feedbacks_as_options
get_field_names
get_ip_address
get_parsed_field_contents_of_post
get_post_content_for_csv_export
get_post_meta_for_csv_export
init
insert_feedback_filter
is_spam_akismet
make_csv_row_from_feedback
map_parsed_field_contents_of_post_to_field_names
parse_fields_from_content
prepare_for_akismet
process_form_submission
replace_tokens_with_input
sanitize_value
strip_tags
tokenize_label
track_current_widget
unread_count
widget_atts
widget_shortcode_hack