Changes to the xml security scanner to use libxml_disable_entity_loader() when cleanly supported and thread-safe, and to handle UTF-7 charset which otherwise permits an XXE exploit
Due to a limitation in Mpdf, the HTML string passed to its WriteHTML method
must not exceed a particular length. PhpSpreadsheet produces one HTML string
containing all spreadsheet data when writing to HTML, which can easily exceed
Mpdf's size limit. Thus, it was impossible to write large spreadsheets to PDF
using the Mpdf writer - this change fixes that issue.
Fixes#637Fixes#706
Commit 8dddf56 inadvertently removed the ability to omit the width
and height arguments to the OFFSET function. And #REF! is returned
because the function is validating that the new $pCell argument
is present. It is present, but it has been passed in the $height position.
We fixed this by always passing $pCell at the last position and filling
missing arguments with NULL values.
Fixes#561Fixes#565
When extracting sheet title from string reference (like `"Work!sheet1!A1"`), PHP function `explode()` divide this string into three parts: `['Work', 'sheet1', 'A1']`. And then these wrong values are used in formulas, ranges, etc.
This change fix that problem by using special function `Worksheet::extractSheetTitle()`. This function also has been changed to make sure that worksheet title can contain "!" character. So, that function search last position of "!" in reference string and divide it to 2 parts correctly: `['Work!sheet1', 'A1']`.
Fixes#325Fixes#662
This a bugfix for php 7.3 related errors where using continue inside a switch raises a PHP warning. Either use continue 2 or break. Previously continue behaves like break but the intended usage is to continue the for loop instead.
When a formatting string has a locale in it an error can occur when outputting. For example when the format string with a locale such as `[$-1010409]#,##0.00;-#,##0.00` appears, a value of 9.98 comes back as $9.98. This is because at https://github.com/PHPOffice/PhpSpreadsheet/blob/1.4.0/src/PhpSpreadsheet/Style/NumberFormat.php#L711 the numberFormat regex will match to the zeros inside the locale ([$-1010409]). Attempts to adjust the numberFormat regex caused regressions in other tests. Adding another step to filter out the locale caused no regression.
Iterators prev() behavior is now consistent with next(), meaning
that it can go out of bounds and it must be validated with valid()
before using it.
Fixes#587Fixes#627
Rowspans/colspans are now respected for each HTML document added to an existing
spreadsheet as a new worksheet. The protected $rowspan class property should
be emptied on each call to `loadIntoExisting`.
Fixes#619Fixes#620