Bug: Double-quote characters are not properly escaped in exported CSV files

  • Hi,

    I noticed that double-quote characters are escaped with backslash character rather than with an extra double-quote character as required for CSV format: https://en.wikipedia.org/wiki/Comma-separated_values#Basic_rules

    Also, I don’t think end-of-line characters should be escaped with backslash – according to the Wikipedia article (and my experience) quoting of the entire string should be enough.

    So I think that instead of (in flamingo_csv_row()):

    $input = esc_sql( $input );
$input = sprintf( '"%s"', $input );
$row[] = $input;

    This should be enough:

    // Escape double-quotes in $input and quote the entire string:
$row[] = sprintf( '"%s"', str_replace('"', '""', $input) );

    Cheers,
    ?eslav

Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Bug: Double-quote characters are not properly escaped in exported CSV files’ is closed to new replies.

Tags