Merge branch 'master' into issue797

oleibman · web-flow · commit cfc8b8c26ffd · 2025-02-03T17:50:15.000-08:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,12 +5,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com)
 and this project adheres to [Semantic Versioning](https://semver.org).
 
-## TBD - 3.9.0
+## TBD - 4.0.0
 
 ### Added
 
-- Methods to get style for row or column. [PR #4317](https://github.com/PHPOffice/PhpSpreadsheet/pull/4317)
-- Method for duplicating worksheet in spreadsheet. [PR #4315](https://github.com/PHPOffice/PhpSpreadsheet/pull/4315)
+- Pdf Charts and Drawings. [Discussion #4129](https://github.com/PHPOffice/PhpSpreadsheet/discussions/4129) [Discussion #4168](https://github.com/PHPOffice/PhpSpreadsheet/discussions/4168) [PR #4327](https://github.com/PHPOffice/PhpSpreadsheet/pull/4327)
 
 ### Changed
 
@@ -26,6 +25,18 @@ and this project adheres to [Semantic Versioning](https://semver.org).
 
 ### Fixed
 
+- Xls writer Parser Mishandling True/False Argument. [Issue #4331](https://github.com/PHPOffice/PhpSpreadsheet/issues/4331) [PR #4333](https://github.com/PHPOffice/PhpSpreadsheet/pull/4333)
+
+## 2025-01-26 - 3.9.0
+
+### Added
+
+- Methods to get style for row or column. [PR #4317](https://github.com/PHPOffice/PhpSpreadsheet/pull/4317)
+- Method for duplicating worksheet in spreadsheet. [PR #4315](https://github.com/PHPOffice/PhpSpreadsheet/pull/4315)
+
+### Fixed
+
+- Security patch for control characters in protocol.
 - Ods Reader Sheet Names with Period. [Issue #4311](https://github.com/PHPOffice/PhpSpreadsheet/issues/4311) [PR #4313](https://github.com/PHPOffice/PhpSpreadsheet/pull/4313)
 - Mpdf and Tcpdf Hidden Columns and Merged Cells. [Issue #4319](https://github.com/PHPOffice/PhpSpreadsheet/issues/4319) [PR #4320](https://github.com/PHPOffice/PhpSpreadsheet/pull/4320)
 - Html Writer Allow mailto. [Issue #4316](https://github.com/PHPOffice/PhpSpreadsheet/issues/4316) [PR #4322](https://github.com/PHPOffice/PhpSpreadsheet/pull/4322)
diff --git a/composer.lock b/composer.lock
diff --git a/samples/Chart/32_Chart_read_write_PDF.php b/samples/Chart/32_Chart_read_write_PDF.php
@@ -37,6 +37,9 @@
     $reader->setIncludeCharts(true);
     $spreadsheet = $reader->load($inputFileName);
 
+    $helper->log('Merge chart cells (needed only for Pdf)');
+    $spreadsheet->mergeChartCellsForPdf();
+
     $helper->log('Iterate worksheets looking at the charts');
     foreach ($spreadsheet->getWorksheetIterator() as $worksheet) {
         $sheetName = $worksheet->getTitle();
diff --git a/samples/Pdf/21f_Drawing_mpdf.php b/samples/Pdf/21f_Drawing_mpdf.php
@@ -0,0 +1,50 @@
+<?php
+
+use PhpOffice\PhpSpreadsheet\Spreadsheet;
+use PhpOffice\PhpSpreadsheet\Worksheet\Drawing;
+use PhpOffice\PhpSpreadsheet\Writer\Pdf\Mpdf;
+
+require __DIR__ . '/../Header.php';
+require_once __DIR__ . '/Mpdf2.php';
+
+$spreadsheet = new Spreadsheet();
+$sheet = $spreadsheet->getActiveSheet();
+
+$sheet->getCell('A1')->setValue('A1');
+$sheet->getCell('B1')->setValue('B');
+$sheet->getCell('C1')->setValue('C');
+$sheet->getCell('D1')->setValue('D');
+$sheet->getCell('E1')->setValue('E');
+$sheet->getCell('F1')->setValue('F');
+$sheet->getCell('G1')->setValue('G');
+$sheet->getCell('A2')->setValue('A2');
+$sheet->getCell('A3')->setValue('A3');
+$sheet->getCell('A4')->setValue('A4');
+$sheet->getCell('A5')->setValue('A5');
+$sheet->getCell('A6')->setValue('A6');
+$sheet->getCell('A7')->setValue('A7');
+$sheet->getCell('A8')->setValue('A8');
+
+$helper->log('Add drawing to worksheet');
+$drawing = new Drawing();
+$drawing->setName('Blue Square');
+$path = __DIR__ . DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR . 'images/blue_square.png';
+$drawing->setPath($path);
+$drawing->setResizeProportional(false);
+$drawing->setWidth(320);
+$drawing->setCoordinates('B2');
+$drawing->setCoordinates2('G6');
+$drawing->setWorksheet($sheet, true);
+
+$helper->log('Merge drawing cells for Pdf');
+$spreadsheet->mergeDrawingCellsForPdf();
+
+$helper->log('Write to Mpdf');
+$writer = new Mpdf($spreadsheet);
+$filename = $helper->getFileName(__FILE__, 'pdf');
+$writer->save($filename);
+$helper->log("Saved $filename");
+if (PHP_SAPI !== 'cli') {
+    echo '<a href="/download.php?type=pdf&name=' . basename($filename) . '">Download ' . basename($filename) . '</a><br />';
+}
+$spreadsheet->disconnectWorksheets();
diff --git a/src/PhpSpreadsheet/Spreadsheet.php b/src/PhpSpreadsheet/Spreadsheet.php
@@ -1636,4 +1636,52 @@ public function setValueBinder(?IValueBinder $valueBinder): self
 
         return $this;
     }
+
+    /**
+     * All the PDF writers treat charts as if they occupy a single cell.
+     * This will be better most of the time.
+     * It is not needed for any other output type.
+     * It changes the contents of the spreadsheet, so you might
+     * be better off cloning the spreadsheet and then using
+     * this method on, and then writing, the clone.
+     */
+    public function mergeChartCellsForPdf(): void
+    {
+        foreach ($this->workSheetCollection as $worksheet) {
+            foreach ($worksheet->getChartCollection() as $chart) {
+                $br = $chart->getBottomRightCell();
+                $tl = $chart->getTopLeftCell();
+                if ($br !== '' && $br !== $tl) {
+                    if (!$worksheet->cellExists($br)) {
+                        $worksheet->getCell($br)->setValue(' ');
+                    }
+                    $worksheet->mergeCells("$tl:$br");
+                }
+            }
+        }
+    }
+
+    /**
+     * All the PDF writers do better with drawings than charts.
+     * This will be better some of the time.
+     * It is not needed for any other output type.
+     * It changes the contents of the spreadsheet, so you might
+     * be better off cloning the spreadsheet and then using
+     * this method on, and then writing, the clone.
+     */
+    public function mergeDrawingCellsForPdf(): void
+    {
+        foreach ($this->workSheetCollection as $worksheet) {
+            foreach ($worksheet->getDrawingCollection() as $drawing) {
+                $br = $drawing->getCoordinates2();
+                $tl = $drawing->getCoordinates();
+                if ($br !== '' && $br !== $tl) {
+                    if (!$worksheet->cellExists($br)) {
+                        $worksheet->getCell($br)->setValue(' ');
+                    }
+                    $worksheet->mergeCells("$tl:$br");
+                }
+            }
+        }
+    }
 }
diff --git a/src/PhpSpreadsheet/Worksheet/Drawing.php b/src/PhpSpreadsheet/Worksheet/Drawing.php
@@ -103,7 +103,7 @@ public function setPath(string $path, bool $verifyFile = true, ?ZipArchive $zip
 
         $this->path = '';
         // Check if a URL has been passed. https://stackoverflow.com/a/2058596/1252979
-        if (filter_var($path, FILTER_VALIDATE_URL)) {
+        if (filter_var($path, FILTER_VALIDATE_URL) || (preg_match('/^([\\w\\s\\x00-\\x1f]+):/u', $path) && !preg_match('/^([\\w]+):/u', $path))) {
             if (!preg_match('/^(http|https|file|ftp|s3):/', $path)) {
                 throw new PhpSpreadsheetException('Invalid protocol for linked drawing');
             }
diff --git a/src/PhpSpreadsheet/Writer/Html.php b/src/PhpSpreadsheet/Writer/Html.php
@@ -1601,9 +1601,10 @@ private function generateRow(Worksheet $worksheet, array $values, int $row, stri
                 $url = $worksheet->getHyperlink($coordinate)->getUrl();
                 $urlDecode1 = html_entity_decode($url, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
                 $urlTrim = Preg::replace('/^\\s+/u', '', $urlDecode1);
-                $parseScheme = Preg::isMatch('/^([\\w\\s]+):/u', strtolower($urlTrim), $matches);
+                $parseScheme = Preg::isMatch('/^([\\w\\s\\x00-\\x1f]+):/u', strtolower($urlTrim), $matches);
                 if ($parseScheme && !in_array($matches[1], ['http', 'https', 'file', 'ftp', 'mailto', 's3'], true)) {
                     $cellData = htmlspecialchars($url, Settings::htmlEntityFlags());
+                    $cellData = self::replaceControlChars($cellData);
                 } else {
                     $tooltip = $worksheet->getHyperlink($coordinate)->getTooltip();
                     $tooltipOut = empty($tooltip) ? '' : (' title="' . htmlspecialchars($tooltip) . '"');
@@ -1658,6 +1659,20 @@ private function generateRow(Worksheet $worksheet, array $values, int $row, stri
         return $html;
     }
 
+    private static function replaceNonAscii(array $matches): string
+    {
+        return '&#' . mb_ord($matches[0], 'UTF-8') . ';';
+    }
+
+    private static function replaceControlChars(string $convert): string
+    {
+        return (string) preg_replace_callback(
+            '/[\\x00-\\x1f]/',
+            [self::class, 'replaceNonAscii'],
+            $convert
+        );
+    }
+
     /**
      * Takes array where of CSS properties / values and converts to CSS string.
      */
diff --git a/src/PhpSpreadsheet/Writer/Xls/Parser.php b/src/PhpSpreadsheet/Writer/Xls/Parser.php
@@ -1624,7 +1624,9 @@ public function toReversePolish(array $tree = []): string
             }
 
             // add its left subtree and return.
-            return $left_tree . $this->convertFunction($tree['value'], $tree['right']);
+            if ($left_tree !== '' || $tree['right'] !== '') {
+                return $left_tree . $this->convertFunction($tree['value'], $tree['right'] ?: 0);
+            }
         }
         $converted_tree = $this->convert($tree['value']);
 
diff --git a/tests/PhpSpreadsheetTests/Reader/Html/HtmlImage2Test.php b/tests/PhpSpreadsheetTests/Reader/Html/HtmlImage2Test.php
@@ -6,6 +6,7 @@
 
 use PhpOffice\PhpSpreadsheet\Exception as SpreadsheetException;
 use PhpOffice\PhpSpreadsheet\Worksheet\Drawing;
+use PHPUnit\Framework\Attributes\DataProvider;
 use PHPUnit\Framework\TestCase;
 
 class HtmlImage2Test extends TestCase
@@ -49,11 +50,11 @@ public function testCantInsertImageNotFound(): void
         self::assertCount(0, $drawingCollection);
     }
 
-    public function testCannotInsertImageBadProtocol(): void
+    #[DataProvider('providerBadProtocol')]
+    public function testCannotInsertImageBadProtocol(string $imagePath): void
     {
         $this->expectException(SpreadsheetException::class);
         $this->expectExceptionMessage('Invalid protocol for linked drawing');
-        $imagePath = 'httpx://phpspreadsheet.readthedocs.io/en/latest/topics/images/01-03-filter-icon-1.png';
         $html = '<table>
                     <tr>
                         <td><img src="' . $imagePath . '" alt="test image voilà"></td>
@@ -62,4 +63,17 @@ public function testCannotInsertImageBadProtocol(): void
         $filename = HtmlHelper::createHtml($html);
         HtmlHelper::loadHtmlIntoSpreadsheet($filename, true);
     }
+
+    public static function providerBadProtocol(): array
+    {
+        return [
+            'unknown protocol' => ['httpx://example.com/image.png'],
+            'embedded whitespace' => ['ht tp://example.com/image.png'],
+            'control character' => ["\x14http://example.com/image.png"],
+            'mailto' => ['mailto:xyz@example.com'],
+            'mailto whitespace' => ['mail to:xyz@example.com'],
+            'phar' => ['phar://example.com/image.phar'],
+            'phar control' => ["\x14phar://example.com/image.phar"],
+        ];
+    }
 }
diff --git a/tests/PhpSpreadsheetTests/Writer/Html/BadHyperlinkTest.php b/tests/PhpSpreadsheetTests/Writer/Html/BadHyperlinkTest.php
@@ -5,6 +5,7 @@
 namespace PhpOffice\PhpSpreadsheetTests\Writer\Html;
 
 use PhpOffice\PhpSpreadsheet\Reader\Xlsx as XlsxReader;
+use PhpOffice\PhpSpreadsheet\Reader\Xml as XmlReader;
 use PhpOffice\PhpSpreadsheet\Writer\Html as HtmlWriter;
 use PHPUnit\Framework\TestCase;
 
@@ -17,7 +18,18 @@ public function testBadHyperlink(): void
         $spreadsheet = $reader->load($infile);
         $writer = new HtmlWriter($spreadsheet);
         $html = $writer->generateHtmlAll();
-        self::assertStringContainsString("<td class=\"column0 style1 f\">jav\tascript:alert()</td>", $html);
+        self::assertStringContainsString('<td class="column0 style1 f">jav&#9;ascript:alert()</td>', $html);
+        $spreadsheet->disconnectWorksheets();
+    }
+
+    public function testControlCharacter(): void
+    {
+        $reader = new XmlReader();
+        $infile = 'tests/data/Reader/Xml/sec-w24f.dontuse';
+        $spreadsheet = $reader->load($infile);
+        $writer = new HtmlWriter($spreadsheet);
+        $html = $writer->generateHtmlAll();
+        self::assertStringContainsString('<td class="column0 style0 f">&#20;j&#13;avascript:alert(1)</td>', $html);
         $spreadsheet->disconnectWorksheets();
     }
 }
diff --git a/tests/PhpSpreadsheetTests/Writer/Xls/Issue4331Test.php b/tests/PhpSpreadsheetTests/Writer/Xls/Issue4331Test.php
@@ -0,0 +1,56 @@
+<?php
+
+declare(strict_types=1);
+
+namespace PhpOffice\PhpSpreadsheetTests\Writer\Xls;
+
+use PhpOffice\PhpSpreadsheet\Spreadsheet;
+use PhpOffice\PhpSpreadsheetTests\Functional\AbstractFunctional;
+
+class Issue4331Test extends AbstractFunctional
+{
+    public function testIssue4331(): void
+    {
+        $spreadsheet = new Spreadsheet();
+        $sheet = $spreadsheet->getActiveSheet();
+        $c3 = '=VLOOKUP(B3,$B$10:$C$13,2,FALSE)';
+        $d3 = '=VLOOKUP("intermediate",$B$10:$C$13,2,TRUE)';
+        $c4 = '=VLOOKUP(B3,$B$10:$C$13,2,FALSE())';
+        $d4 = '=VLOOKUP("intermediate",$B$10:$C$13,2,TRUE())';
+        $sheet->fromArray(
+            [
+                ['level', 'result'],
+                ['medium', $c3, $d3],
+                [null, $c4, $d4],
+            ],
+            null,
+            'B2',
+            true
+        );
+        $sheet->fromArray(
+            [
+                ['high', 6],
+                ['low', 2],
+                ['medium', 4],
+                ['none', 0],
+            ],
+            null,
+            'B10',
+            true
+        );
+
+        $reloadedSpreadsheet = $this->writeAndReload($spreadsheet, 'Xls');
+        $spreadsheet->disconnectWorksheets();
+
+        $worksheet = $reloadedSpreadsheet->getActiveSheet();
+        self::assertSame($c3, $worksheet->getCell('C3')->getValue());
+        self::assertSame(4, $worksheet->getCell('C3')->getCalculatedValue());
+        self::assertSame($d3, $worksheet->getCell('D3')->getValue());
+        self::assertSame(6, $worksheet->getCell('D3')->getCalculatedValue());
+        self::assertSame($c4, $worksheet->getCell('C4')->getValue());
+        self::assertSame(4, $worksheet->getCell('C4')->getCalculatedValue());
+        self::assertSame($d4, $worksheet->getCell('D4')->getValue());
+        self::assertSame(6, $worksheet->getCell('D4')->getCalculatedValue());
+        $reloadedSpreadsheet->disconnectWorksheets();
+    }
+}
diff --git a/tests/data/Reader/Xml/sec-w24f.dontuse b/tests/data/Reader/Xml/sec-w24f.dontuse
@@ -0,0 +1,65 @@
+<?xml version="1.0"?> 
+<?mso-application progid="Excel.Sheet"?> 
+<Workbook xmlns="urn:schemas-microsoft-com:office:spreadsheet" 
+ xmlns:o="urn:schemas-microsoft-com:office:office" 
+ xmlns:x="urn:schemas-microsoft-com:office:excel" 
+ xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" 
+ xmlns:html="http://www.w3.org/TR/REC-html40"> 
+ <DocumentProperties xmlns="urn:schemas-microsoft-com:office:office"> 
+  <Author>author</Author> 
+  <LastAuthor>author</LastAuthor> 
+  <Created>2015-06-05T18:19:34Z</Created> 
+  <LastSaved>2024-12-25T10:16:07Z</LastSaved> 
+  <Version>16.00</Version> 
+ </DocumentProperties> 
+ <OfficeDocumentSettings xmlns="urn:schemas-microsoft-com:office:office"> 
+  <AllowPNG/> 
+ </OfficeDocumentSettings> 
+ <ExcelWorkbook xmlns="urn:schemas-microsoft-com:office:excel"> 
+  <WindowHeight>11020</WindowHeight> 
+  <WindowWidth>19420</WindowWidth> 
+  <WindowTopX>32767</WindowTopX> 
+  <WindowTopY>32767</WindowTopY> 
+  <ProtectStructure>False</ProtectStructure> 
+  <ProtectWindows>False</ProtectWindows> 
+ </ExcelWorkbook> 
+ <Styles> 
+  <Style ss:ID="Default" ss:Name="Normal"> 
+   <Alignment ss:Vertical="Bottom"/> 
+   <Borders/> 
+   <Font ss:FontName="Calibri" x:Family="Swiss" ss:Size="11" ss:Color="#000000"/> 
+   <Interior/> 
+   <NumberFormat/> 
+   <Protection/> 
+  </Style> 
+  <Style ss:ID="s16"> 
+   <NumberFormat ss:Format="General Date"/> 
+  </Style> 
+ </Styles> 
+ <Worksheet ss:Name="Лист1"> 
+  <Table ss:ExpandedColumnCount="2" ss:ExpandedRowCount="6" x:FullColumns="1" 
+   x:FullRows="1" ss:DefaultRowHeight="14.5"> 
+   <Column ss:AutoFitWidth="0" ss:Width="194"/> 
+   <Row> 
+     <Cell ss:Formula="=HYPERLINK (CHAR(20) &amp; &quot;j&quot; &amp; CHAR(13) &amp; &quot;avascript:alert(1)&quot;)"><Data ss:Type="String"></Data></Cell> 
+   </Row> 
+  </Table> 
+  <WorksheetOptions xmlns="urn:schemas-microsoft-com:office:excel"> 
+   <PageSetup> 
+    <Header x:Margin="0.3"/> 
+    <Footer x:Margin="0.3"/> 
+    <PageMargins x:Bottom="0.75" x:Left="0.7" x:Right="0.7" x:Top="0.75"/> 
+   </PageSetup> 
+   <Selected/> 
+   <TopRowVisible>1</TopRowVisible> 
+   <Panes> 
+    <Pane> 
+     <Number>3</Number> 
+     <ActiveRow>6</ActiveRow> 
+    </Pane> 
+   </Panes> 
+   <ProtectObjects>False</ProtectObjects> 
+   <ProtectScenarios>False</ProtectScenarios> 
+  </WorksheetOptions> 
+ </Worksheet>
+</Workbook>

Original file line number	Diff line number	Diff line change
`@@ -103,7 +103,7 @@ public function setPath(string $path, bool $verifyFile = true, ?ZipArchive $zip`
`103`	`103`
`104`	`104`	`$this->path = '';`
`105`	`105`	`// Check if a URL has been passed. https://stackoverflow.com/a/2058596/1252979`
`106`		`- if (filter_var($path, FILTER_VALIDATE_URL)) {`
	`106`	`+ if (filter_var($path, FILTER_VALIDATE_URL) \|\| (preg_match('/^([\\w\\s\\x00-\\x1f]+):/u', $path) && !preg_match('/^([\\w]+):/u', $path))) {`
`107`	`107`	`if (!preg_match('/^(http\|https\|file\|ftp\|s3):/', $path)) {`
`108`	`108`	`throw new PhpSpreadsheetException('Invalid protocol for linked drawing');`
`109`	`109`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1624,7 +1624,9 @@ public function toReversePolish(array $tree = []): string`
`1624`	`1624`	`}`
`1625`	`1625`
`1626`	`1626`	`// add its left subtree and return.`
`1627`		`- return $left_tree . $this->convertFunction($tree['value'], $tree['right']);`
	`1627`	`+ if ($left_tree !== '' \|\| $tree['right'] !== '') {`
	`1628`	`+ return $left_tree . $this->convertFunction($tree['value'], $tree['right'] ?: 0);`
	`1629`	`+ }`
`1628`	`1630`	`}`
`1629`	`1631`	`$converted_tree = $this->convert($tree['value']);`
`1630`	`1632`