NF12 Protection for CSV exports

From iDempiere en

Feature: Protection for CSV exports

Goal: Security

Developer: Carlos Ruiz

Sponsor: Trek Global

Description:

iDempiere now provices a security measure to prevent command injection or potential information disclosing when users open a CSV file generated from a document in Microsoft Excel, Google Docs, LibreOffice, etc.

By default, iDempiere adds a space before the following characters at the export to CSV or a CSV archive - also separated by semicolons SSV, or tabs:

  • = (Equal)
  • + (Plus)
  • - (Minus)
  • @ (At)

The additional space prevents the values that contain these characters from being interpreted as formulas, consequently, causing a security issue on your system.

You can disable this protection for CSV exports setting the SysConfig key CSV_EXPORT_SANITIZATION to N .


Technical Info: IDEMPIERE-6844

Retrieved from "https://wiki.idempiere.org/w-en/index.php?title=NF12_Protection_for_CSV_exports&oldid=23672"
Cookies help us deliver our services. By using our services, you agree to our use of cookies.
GNU-Lizenz für freie Dokumentation 1.3 oder höher
Powered by MediaWiki