make use of ENT_DISALLOWED constant, #329

src/Spout/Common/Escaper/ODS.php

@@ -22,7 +22,7 @@ class ODS implements EscaperInterface
      */
     public function escape($string)
     {
-        return htmlspecialchars($string, ENT_QUOTES);
+        return htmlspecialchars($string, ENT_QUOTES | ENT_DISALLOWED);
     }
 
     /**

tests/Spout/Writer/ODS/WriterTest.php

@@ -4,6 +4,7 @@ namespace Box\Spout\Writer\ODS;
 
 use Box\Spout\Common\Exception\SpoutException;
 use Box\Spout\Common\Type;
+use Box\Spout\Reader\ReaderFactory;
 use Box\Spout\Reader\Wrapper\XMLReader;
 use Box\Spout\TestUsingResource;
 use Box\Spout\Writer\Common\Helper\ZipHelper;
@@ -446,6 +447,38 @@ class WriterTest extends \PHPUnit_Framework_TestCase
         $this->assertEquals('application/vnd.oasis.opendocument.spreadsheet', $finfo->file($resourcePath));
     }
 
+    /**
+     * https://github.com/box/spout/issues/329
+     * @return  void
+     */
+    public function testGeneratedFileWithIllegalCharsCanBeRead()
+    {
+        $fileName = 'test_illegal_characters.ods';
+        $dataRows = [
+            ['I am a vertical tab:' . "\v"],
+            ['I am a form feed:' . "\f"],
+        ];
+
+        $this->writeToODSFile($dataRows, $fileName);
+
+        $resourcePath = $this->getGeneratedResourcePath($fileName);
+
+        $reader = ReaderFactory::create(Type::ODS);
+        $reader->open($resourcePath);
+
+        $canBeRead = false;
+        try {
+            foreach ($reader->getSheetIterator() as $sheetIndex => $sheet) {
+                foreach ($sheet->getRowIterator() as $rowIndex => $row) {
+                    $canBeRead = true;
+                }
+            }
+            $reader->close();
+        } catch(\Exception $e) {}
+
+        $this->assertTrue($canBeRead, 'The file with illegal chars can be read');
+    }
+
     /**
      * @param array $allRows
      * @param string $fileName