Commit 7e7f9d55 authored by Carsten  Rose's avatar Carsten Rose
Browse files

Implements and fixes #7747. Import Excel: restrict reading to explicit named worksheets

parent fb907848
Pipeline #1408 passed with stage
in 2 minutes and 12 seconds
This diff is collapsed.
......@@ -337,6 +337,10 @@ const ERROR_DND_EMPTY_REORDER_SQL = 2700;
// Form
const ERROR_FORM_RESERVED_NAME = 2800;
// Import (Excel, ODS, ...)
const ERROR_IMPORT_MISSING_EXPLICIT_TYPE = 2900;
const ERROR_IMPORT_LIST_SHEET_NAMES = 2901;
//
// Store Names: Identifier
//
......@@ -1040,6 +1044,10 @@ const FE_IMPORT_TYPE_XLS = 'xls';
const FE_IMPORT_TYPE_XLSX = 'xlsx';
const FE_IMPORT_TYPE_ODS = 'ods';
const FE_IMPORT_TYPE_CSV = 'csv';
const FE_IMPORT_NAMED_SHEETS_ONLY = 'importNamedSheetsOnly';
const FE_IMPORT_READ_DATA_ONLY = 'importSetReadDataOnly';
const FE_IMPORT_LIST_SHEET_NAMES = 'importListSheetNames';
const FE_IMAGE_SOURCE = 'imageSource'; // Image source for a fabric element
const FE_DEFAULT_PEN_COLOR = 'defaultPenColor'; // Default pen color for a fabric element
......
......@@ -369,7 +369,7 @@ class Save {
}
$column = $formElement[FE_NAME];
$pathFileName = $this->doUpload($formElement, ($formValues[$column]??''), $sip, $modeUpload);
$pathFileName = $this->doUpload($formElement, ($formValues[$column] ?? ''), $sip, $modeUpload);
if ($modeUpload == UPLOAD_MODE_DELETEOLD && $pathFileName == '') {
$pathFileNameTmp = ''; // see '4'
......@@ -661,9 +661,25 @@ class Save {
* @throws \PhpOffice\PhpSpreadsheet\Reader\Exception
*/
private function doImport($formElement, $fileName) {
$importNamedSheetsOnly = array();
Support::setIfNotSet($formElement, FE_IMPORT_TYPE, FE_IMPORT_TYPE_AUTO);
if (!empty($formElement[FE_IMPORT_NAMED_SHEETS_ONLY])) {
$importNamedSheetsOnly = explode(',', $formElement[FE_IMPORT_NAMED_SHEETS_ONLY]);
}
if ($formElement[FE_IMPORT_TYPE] === FE_IMPORT_TYPE_AUTO) {
$list = [FE_IMPORT_LIST_SHEET_NAMES, FE_IMPORT_READ_DATA_ONLY, FE_IMPORT_LIST_SHEET_NAMES];
foreach ($list as $token) {
if (isset($formElement[$token])) {
throw new UserFormException('If ' . $token .
' is given, an explicit document type (like ' . FE_IMPORT_TYPE . '=xlsx) should be set.', ERROR_IMPORT_MISSING_EXPLICIT_TYPE);
}
}
}
switch ($formElement[FE_IMPORT_TYPE]) {
case FE_IMPORT_TYPE_AUTO:
$spreadsheet = \PhpOffice\PhpSpreadsheet\IOFactory::load($fileName);
......@@ -675,6 +691,23 @@ class Save {
case FE_IMPORT_TYPE_ODS:
$inputFileType = ucfirst($formElement[FE_IMPORT_TYPE]);
$reader = \PhpOffice\PhpSpreadsheet\IOFactory::createReader($inputFileType);
// setReadDataOnly
if (($formElement[FE_IMPORT_READ_DATA_ONLY] ?? '0') != '0') {
$reader->setReadDataOnly(true);
}
// setLoadSheetsOnly
if (!empty ($importNamedSheetsOnly)) {
$reader->setLoadSheetsOnly($importNamedSheetsOnly);
}
if (($formElement[FE_IMPORT_LIST_SHEET_NAMES] ?? '0') != '0') {
$sheetNames = $reader->listWorksheetNames($fileName);
throw new UserFormException("Worksheets: " . implode(', ', $sheetNames),
ERROR_IMPORT_LIST_SHEET_NAMES);
}
$spreadsheet = $reader->load($fileName);
break;
......@@ -685,7 +718,7 @@ class Save {
$tableName = $formElement[FE_IMPORT_TO_TABLE];
$regions = OnArray::trimArray(explode('|', $formElement[FE_IMPORT_REGION] ?? ''));
$columnNames = OnArray::trimArray(explode(',', $formElement[FE_IMPORT_TO_COLUMNS]));
$columnNames = OnArray::trimArray(explode(',', $formElement[FE_IMPORT_TO_COLUMNS] ?? ''));
$importMode = $formElement[FE_IMPORT_MODE] ?? FE_IMPORT_MODE_APPEND;
foreach ($regions as $region) {
......@@ -789,7 +822,8 @@ class Save {
* @throws UserFormException
* @throws UserReportException
*/
private function copyUploadFile(array $formElement, array $statusUpload) {
private
function copyUploadFile(array $formElement, array $statusUpload) {
$pathFileName = '';
if (!isset($statusUpload[FILES_TMP_NAME]) || $statusUpload[FILES_TMP_NAME] === '') {
......@@ -852,7 +886,8 @@ class Save {
* @throws UserFormException
* @throws UserReportException
*/
private function autoOrient(array $formElement, $pathFileName) {
private
function autoOrient(array $formElement, $pathFileName) {
// 'autoOrient' wished?
if (!isset($formElement[FE_FILE_AUTO_ORIENT]) || $formElement[FE_FILE_AUTO_ORIENT] == '0') {
......@@ -893,7 +928,8 @@ class Save {
* @throws UserFormException
* @throws UserReportException
*/
private function splitUpload(array $formElement, $pathFileName, $chmod, array $statusUpload) {
private
function splitUpload(array $formElement, $pathFileName, $chmod, array $statusUpload) {
if (empty($formElement[FE_FILE_SPLIT]) || $statusUpload[FILES_TYPE] != MIME_TYPE_SPLIT_CAPABLE) {
return;
......@@ -1016,7 +1052,8 @@ class Save {
* @throws UserFormException
* @throws UserReportException
*/
private function doUploadSlave(array $fe, $modeUpload) {
private
function doUploadSlave(array $fe, $modeUpload) {
$sql = '';
$flagUpdateSlaveId = false;
$flagSlaveDeleted = false;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment