github
/
nocodb
mirror of https://github.com/nocodb/nocodb
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

fix: sanitize user data while generating csv to avoid formula injection 

Signed-off-by: Pranav C <pranavxc@gmail.com>
pull/894/head
Pranav C 3 years ago
parent
f46e89b079
commit
079e3abe98
1 changed files with 15 additions and 10 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 9
      packages/nocodb/src/lib/dataMapper/lib/sql/BaseModelSql.ts

9
packages/nocodb/src/lib/dataMapper/lib/sql/BaseModelSql.ts
Unescape View File

@ -2556,7 +2556,8 @@ class BaseModelSql extends BaseModel {
} }
} }
const data = Papaparse.unparse({ const data = Papaparse.unparse(
{
fields: fields:
fields && fields &&
fields.filter( fields.filter(
@ -2565,7 +2566,11 @@ class BaseModelSql extends BaseModel {
this.virtualColumns.some(c => c._cn === f) this.virtualColumns.some(c => c._cn === f)
), ),
data: csvRows data: csvRows
}); },
{
escapeFormulae: true
}
);
return { data, offset, elapsed }; return { data, offset, elapsed };
} }

Write Preview
Loading…
Cancel
Save