diff --git a/src/Spout/Common/Escaper/ODS.php b/src/Spout/Common/Escaper/ODS.php index 86caeb3..7239011 100644 --- a/src/Spout/Common/Escaper/ODS.php +++ b/src/Spout/Common/Escaper/ODS.php @@ -22,7 +22,7 @@ class ODS implements EscaperInterface */ public function escape($string) { - return htmlspecialchars($string, ENT_QUOTES); + return htmlspecialchars($string, ENT_QUOTES | ENT_DISALLOWED); } /** diff --git a/tests/Spout/Writer/ODS/WriterTest.php b/tests/Spout/Writer/ODS/WriterTest.php index 7c4b396..9f0d886 100644 --- a/tests/Spout/Writer/ODS/WriterTest.php +++ b/tests/Spout/Writer/ODS/WriterTest.php @@ -4,6 +4,7 @@ namespace Box\Spout\Writer\ODS; use Box\Spout\Common\Exception\SpoutException; use Box\Spout\Common\Type; +use Box\Spout\Reader\ReaderFactory; use Box\Spout\Reader\Wrapper\XMLReader; use Box\Spout\TestUsingResource; use Box\Spout\Writer\Common\Helper\ZipHelper; @@ -446,6 +447,38 @@ class WriterTest extends \PHPUnit_Framework_TestCase $this->assertEquals('application/vnd.oasis.opendocument.spreadsheet', $finfo->file($resourcePath)); } + /** + * https://github.com/box/spout/issues/329 + * @return void + */ + public function testGeneratedFileWithIllegalCharsCanBeRead() + { + $fileName = 'test_illegal_characters.ods'; + $dataRows = [ + ['I am a vertical tab:' . "\v"], + ['I am a form feed:' . "\f"], + ]; + + $this->writeToODSFile($dataRows, $fileName); + + $resourcePath = $this->getGeneratedResourcePath($fileName); + + $reader = ReaderFactory::create(Type::ODS); + $reader->open($resourcePath); + + $canBeRead = false; + try { + foreach ($reader->getSheetIterator() as $sheetIndex => $sheet) { + foreach ($sheet->getRowIterator() as $rowIndex => $row) { + $canBeRead = true; + } + } + $reader->close(); + } catch(\Exception $e) {} + + $this->assertTrue($canBeRead, 'The file with illegal chars can be read'); + } + /** * @param array $allRows * @param string $fileName