From 033ed16db59a590905fdf9e7adec8ccf9bfa11de Mon Sep 17 00:00:00 2001 From: Mark Baker Date: Mon, 18 Feb 2019 22:56:32 +0100 Subject: [PATCH] Dde call safe handling (#891) * Set handler for quoted text cells and DDE expressions in the Calculation engine --- CHANGELOG.md | 2 ++ .../Calculation/Calculation.php | 13 +++++++++-- .../Calculation/CalculationTest.php | 23 +++++++++++++++++++ 3 files changed, 36 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 49d361ea..4f20ddc7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,8 @@ and this project adheres to [Semantic Versioning](https://semver.org). ### Added - Added support for inline styles in Html reader (borders, alignment, width, height) +- QuotedText cells no longer treated as formulae if the content begins with a `=` +- Clean handling for DDE in formulae ## [1.6.0] - 2019-01-02 diff --git a/src/PhpSpreadsheet/Calculation/Calculation.php b/src/PhpSpreadsheet/Calculation/Calculation.php index 9b9fe649..f49fb9d7 100644 --- a/src/PhpSpreadsheet/Calculation/Calculation.php +++ b/src/PhpSpreadsheet/Calculation/Calculation.php @@ -2703,7 +2703,7 @@ class Calculation * @param Cell $pCell Cell to calculate * @param bool $resetLog Flag indicating whether the debug log should be reset or not * - * @throws Exception + * @throws \PhpOffice\PhpSpreadsheet\Exception * * @return mixed */ @@ -2807,7 +2807,7 @@ class Calculation * @param string $cellID Address of the cell to calculate * @param Cell $pCell Cell to calculate * - * @throws Exception + * @throws \PhpOffice\PhpSpreadsheet\Exception * * @return mixed */ @@ -2891,6 +2891,15 @@ class Calculation { $cellValue = null; + // Quote-Prefixed cell values cannot be formulae, but are treated as strings + if ($pCell !== null && $pCell->getStyle()->getQuotePrefix() === true) { + return self::wrapResult((string) $formula); + } + + if (preg_match('/^=\s*cmd\s*\|/miu', $formula) !== 0) { + return self::wrapResult($formula); + } + // Basic validation that this is indeed a formula // We simply return the cell value if not $formula = trim($formula); diff --git a/tests/PhpSpreadsheetTests/Calculation/CalculationTest.php b/tests/PhpSpreadsheetTests/Calculation/CalculationTest.php index cd77ef84..86ca7a3e 100644 --- a/tests/PhpSpreadsheetTests/Calculation/CalculationTest.php +++ b/tests/PhpSpreadsheetTests/Calculation/CalculationTest.php @@ -140,4 +140,27 @@ class CalculationTest extends TestCase $cell->setValue('=OFFSET(D3, -1, -2)'); self::assertEquals(5, $cell->getCalculatedValue(), 'missing arguments should be filled with null'); } + + public function testCellSetAsQuotedText() + { + $spreadsheet = new Spreadsheet(); + $workSheet = $spreadsheet->getActiveSheet(); + $cell = $workSheet->getCell('A1'); + + $cell->setValue("=cmd|'/C calc'!A0"); + $cell->getStyle()->setQuotePrefix(true); + + self::assertEquals("=cmd|'/C calc'!A0", $cell->getCalculatedValue()); + } + + public function testCellWithDdeExpresion() + { + $spreadsheet = new Spreadsheet(); + $workSheet = $spreadsheet->getActiveSheet(); + $cell = $workSheet->getCell('A1'); + + $cell->setValue("=cmd|'/C calc'!A0"); + + self::assertEquals("=cmd|'/C calc'!A0", $cell->getCalculatedValue()); + } }