caxlsx 3.0.1 → 3.0.2

data/examples/colored_links.rb

@@ -1,59 +1,45 @@
-require 'axlsx' 
+require 'axlsx'
 
-############################### 
-# Function to output results data row to summary spreadsheet 
-def outputRow (sid, type) 
+p = Axlsx::Package.new
+wb = p.workbook
 
-  $sumSheet.add_row [ sid, type, "1", "2", "3", "4", "5" ], :style => $black_cell 
+#   Each style only needs to be declared once in the workbook.
+s = wb.styles
+title_cell = s.add_style sz: 14, alignment: { horizontal: :center }
+black_cell = s.add_style sz: 10, alignment: { horizontal: :center }
+blue_link = s.add_style fg_color: '0000FF'
+
+# Create summary sheet
+sum_sheet = wb.add_worksheet name: 'Summary'
+sum_sheet.add_row ['Test Results'], sz: 16
+sum_sheet.add_row
+sum_sheet.add_row
+sum_sheet.add_row ['Note: Blue cells below are links to the Log sheet'], sz: 10
+sum_sheet.add_row
+sum_sheet.add_row ['ID', 'Type', 'Match', 'Mismatch', 'Diffs', 'Errors', 'Result'], style: title_cell
+
+sum_sheet.column_widths 10, 10, 1 0, 11, 10, 10, 10
+
+# Starting data row in summary spreadsheet (after header info)
+current_row = 7
+
+# Create Log Sheet
+log_sheet = wb.add_worksheet name: 'Log'
+log_sheet.column_widths 10
+log_sheet.add_row ['Log Detail'], sz: 16
+log_sheet.add_row
+
+# Add rows to summary sheet
+(1..10).each do |sid|
+  sum_sheet.add_row [sid, 'test', '1', '2', '3', '4', '5'], style: black_cell
 
   if sid.odd?
-    link = "A#{$curRow}" 
-    puts "outputRow: sid: #{sid}, link: #{link}" 
-    # Setting the style for the link will apply the xf that we created in the Main Program block
-    $sumSheet[link].style = $blue_link
-    $sumSheet.add_hyperlink :location => "'Log'!A#{$curRow}", :target => :sheet, :ref => link 
+    link = "A#{current_row}"
+    sum_sheet[link].style = blue_link
+    sum_sheet.add_hyperlink location: "'Log'!A#{current_row}", target: :sheet, ref: link
   end
-  $curRow += 1 
-end 
 
-############################## 
-#   Main Program 
+  current_row += 1
+end
 
-$package = Axlsx::Package.new 
-$workbook = $package.workbook 
-##  We want to create our sytles outside of the outputRow method
-#   Each style only needs to be declared once in the workbook.
-$workbook.styles do |s|
-  $black_cell = s.add_style :sz => 10, :alignment => { :horizontal=> :center } 
-  $blue_link = s.add_style :fg_color => '0000FF'
-end 
-
-
-# Create summary sheet 
-$sumSheet = $workbook.add_worksheet(:name => 'Summary') 
-$sumSheet.add_row ["Test Results"], :sz => 16 
-$sumSheet.add_row 
-$sumSheet.add_row 
-$sumSheet.add_row ["Note: Blue cells below are links to the Log sheet"], :sz => 10 
-$sumSheet.add_row 
-$workbook.styles do |s| 
-  black_cell = s.add_style :sz => 14, :alignment => { :horizontal=> :center } 
-  $sumSheet.add_row ["ID","Type","Match","Mismatch","Diffs","Errors","Result"], :style => black_cell 
-end 
-$sumSheet.column_widths 10, 10, 10, 11, 10, 10, 10 
-
-# Starting data row in summary spreadsheet (after header info) 
-$curRow = 7 
-
-# Create Log Sheet 
-$logSheet = $workbook.add_worksheet(:name => 'Log') 
-$logSheet.column_widths 10 
-$logSheet.add_row ['Log Detail'], :sz => 16 
-$logSheet.add_row 
-
-# Add rows to summary sheet 
-for i in 1..10 do 
-  outputRow(i, 'test') 
-end 
-
-$package.serialize 'where_is_my_color.xlsx'
+p.serialize 'where_is_my_color.xlsx'

data/examples/example.rb

@@ -21,6 +21,7 @@ examples << :images
 examples << :format_dates
 examples << :mbcs
 examples << :formula
+examples << :escape_formulas
 examples << :auto_filter
 examples << :sheet_protection
 examples << :data_types
@@ -364,6 +365,21 @@ if examples.include? :formula
 end
 ##```
 
+##Escaping formulas for cells
+#```ruby
+if examples.include? :escape_formulas
+  wb.add_worksheet(:name => "Escaping Formulas") do |sheet|
+    sheet.add_row [1, 2, 3, "=SUM(A2:C2)"], escape_formulas: true
+    sheet.add_row [
+      "=IF(2+2=4,4,5)",
+      "=IF(13+13=4,4,5)",
+      "=IF(99+99=4,4,5)"
+    ], escape_formulas: [true, false, true]
+  end
+  p.serialize("escaped_formulas.xlsx")
+end
+##```
+
 ##Auto Filter
 
 #```ruby
@@ -882,4 +898,3 @@ if examples.include? :tab_color
   p.serialize 'tab_color.xlsx'
 end
 ##```
-

data/lib/axlsx.rb

@@ -9,8 +9,6 @@ require 'axlsx/util/validators.rb'
 require 'axlsx/util/accessors.rb'
 require 'axlsx/util/serialized_attributes'
 require 'axlsx/util/options_parser'
-# to be included with parsable intitites.
-#require 'axlsx/util/parser.rb'
 require 'axlsx/util/mime_type_utils'
 
 require 'axlsx/stylesheet/styles.rb'

data/lib/axlsx/drawing/bar_chart.rb

@@ -1,7 +1,7 @@
 # encoding: UTF-8
 module Axlsx
 
-  # The BarChart is a three dimentional barchart (who would have guessed?) that you can add to your worksheet.
+  # The BarChart is a two dimentional barchart that you can add to your worksheet.
   # @see Worksheet#add_chart
   # @see Chart#add_series
   # @see Package#serialize
@@ -49,7 +49,7 @@ module Axlsx
       @grouping ||= :clustered
     end
 
-    # The shabe of the bars or columns
+    # The shape of the bars or columns
     # must be one of  [:cone, :coneToMax, :box, :cylinder, :pyramid, :pyramidToMax]
     # @return [Symbol]
     def shape
@@ -106,7 +106,7 @@ module Axlsx
     end
     alias :gapDepth= :gap_depth=
 
-    # The shabe of the bars or columns
+    # The shape of the bars or columns
     # must be one of  [:cone, :coneToMax, :box, :cylinder, :pyramid, :pyramidToMax]
     def shape=(v)
       RestrictionValidator.validate "BarChart.shape", [:cone, :coneToMax, :box, :cylinder, :pyramid, :pyramidToMax], v

data/lib/axlsx/drawing/bar_series.rb

@@ -15,9 +15,8 @@ module Axlsx
     # @return [Array, SimpleTypedList]
     attr_reader :labels
 
-    # The shabe of the bars or columns
-    # must be one of  [:percentStacked, :clustered, :standard, :stacked]
-    # @return [Symbol]
+    # The shape of the bars or columns
+    # @return [Symbol] must be one of [:cone, :coneToMax, :box, :cylinder, :pyramid, :pyramidToMax]
     attr_reader :shape
 
     # An array of rgb colors to apply to your bar chart.
@@ -41,8 +40,7 @@ module Axlsx
     # @see colors
     def colors=(v) DataTypeValidator.validate "BarSeries.colors", [Array], v; @colors = v end
 
-    # The shabe of the bars or columns
-    # must be one of  [:cone, :coneToMax, :box, :cylinder, :pyramid, :pyramidToMax]
+    # @see shape
     def shape=(v)
       RestrictionValidator.validate "BarSeries.shape", [:cone, :coneToMax, :box, :cylinder, :pyramid, :pyramidToMax], v
       @shape = v

data/lib/axlsx/drawing/d_lbls.rb

@@ -55,7 +55,7 @@ module Axlsx
 
     # @see DLbls#d_lbl_pos
     # Assigns the label postion for this data labels on this chart.
-    # Allowed positions are :bestFilt, :b, :ctr, :inBase, :inEnd, :l,
+    # Allowed positions are :bestFit, :b, :ctr, :inBase, :inEnd, :l,
     # :outEnd, :r and :t
     # The default is :bestFit
     # @param [Symbol] label_position the postion you want to use.

data/lib/axlsx/drawing/series_title.rb

@@ -7,13 +7,15 @@ module Axlsx
     # @param [String] str
     # @return [String]
     def to_xml_string(str = '')
+      clean_value = Axlsx::trust_input ? @text.to_s : ::CGI.escapeHTML(Axlsx::sanitize(@text.to_s))
+
       str << '<c:tx>'
       str << '<c:strRef>'
       str << ('<c:f>' << Axlsx::cell_range([@cell]) << '</c:f>')
       str << '<c:strCache>'
       str << '<c:ptCount val="1"/>'
       str << '<c:pt idx="0">'
-      str << ('<c:v>' << @text << '</c:v>')
+      str << ('<c:v>' << clean_value << '</c:v>')
       str << '</c:pt>'
       str << '</c:strCache>'
       str << '</c:strRef>'

data/lib/axlsx/drawing/title.rb

@@ -62,6 +62,7 @@ module Axlsx
     def to_xml_string(str = '')
       str << '<c:title>'
       unless @text.empty?
+        clean_value = Axlsx::trust_input ? @text.to_s : ::CGI.escapeHTML(Axlsx::sanitize(@text.to_s))
         str << '<c:tx>'
         if @cell.is_a?(Cell)
           str << '<c:strRef>'
@@ -69,7 +70,7 @@ module Axlsx
           str << '<c:strCache>'
           str << '<c:ptCount val="1"/>'
           str << '<c:pt idx="0">'
-          str << ('<c:v>' << @text << '</c:v>')
+          str << ('<c:v>' << clean_value << '</c:v>')
           str << '</c:pt>'
           str << '</c:strCache>'
           str << '</c:strRef>'
@@ -80,7 +81,7 @@ module Axlsx
             str << '<a:p>'
               str << '<a:r>'
                 str << ('<a:rPr sz="' << @text_size.to_s << '"/>')
-                str << ('<a:t>' << @text.to_s << '</a:t>')
+                str << ('<a:t>' << clean_value << '</a:t>')
               str << '</a:r>'
             str << '</a:p>'
           str << '</c:rich>'

data/lib/axlsx/package.rb

@@ -1,7 +1,7 @@
 # encoding: utf-8
 module Axlsx
   # Package is responsible for managing all the bits and peices that Open Office XML requires to make a valid
-  # xlsx document including valdation and serialization.
+  # xlsx document including validation and serialization.
   class Package
     include Axlsx::OptionsParser
 
@@ -68,13 +68,6 @@ module Axlsx
       @workbook
     end
 
-    #def self.parse(input, confirm_valid = false)
-    #  p = Package.new
-    #  z = Zip::File.open(input)
-    #  p.workbook = Workbook.parse z.get_entry(WORKBOOK_PN)
-    #  p
-    #end
-
     # @see workbook
     def workbook=(workbook) DataTypeValidator.validate :Package_workbook, Workbook, workbook; @workbook = workbook; end
 
@@ -139,7 +132,7 @@ module Axlsx
     #   dcterms and xml namespaces. Those remote schema are included in this gem, and the original files have been altered to
     #   refer to the local versions.
     #
-    #   If by chance you are able to creat a package that does not validate it indicates that the internal
+    #   If by chance you are able to create a package that does not validate it indicates that the internal
     #   validation is not robust enough and needs to be improved. Please report your errors to the gem author.
     # @see http://www.ecma-international.org/publications/standards/Ecma-376.htm
     # @example
@@ -171,7 +164,7 @@ module Axlsx
         end
         unless part[:path].nil?
           zip.put_next_entry(zip_entry_for_part(part))
-          zip.write IO.read(part[:path])
+          zip.write IO.read(part[:path], mode: "rb")
         end
       end
       zip
@@ -355,4 +348,3 @@ module Axlsx
     end
   end
 end
-

data/lib/axlsx/stylesheet/font.rb

@@ -76,7 +76,10 @@ module Axlsx
     attr_reader :i
 
     # Indicates if the font should be rendered underlined
-    # @return [Boolean]
+    # It must be one of :none, :single, :double, :singleAccounting, :doubleAccounting, true, false
+    # @return [String]
+    # @note
+    #  true or false is for backwards compatibility and is reassigned to :single or :none respectively
     attr_reader :u
 
     # Indicates if the font should be rendered with a strikthrough
@@ -118,7 +121,12 @@ module Axlsx
     # @see i
     def i=(v) Axlsx::validate_boolean v; @i = v end
     # @see u
-    def u=(v) Axlsx::validate_boolean v; @u = v end
+    def u=(v)
+      v = :single if (v == true || v == 1 || v == :true || v == 'true')
+      v = :none if (v == false || v == 0 || v == :false || v == 'false')
+      Axlsx::validate_cell_u v
+      @u = v
+    end
     # @see strike
     def strike=(v) Axlsx::validate_boolean v; @strike = v end
     # @see outline

data/lib/axlsx/util/validators.rb

@@ -92,7 +92,7 @@ module Axlsx
 
   # Requires that the value is a Integer or Float and is greater or equal to 0
   # @param [Any] v The value validated
-  # @raise [ArgumentError] raised if the value is not a Fixnun, Integer, Float value greater or equal to 0
+  # @raise [ArgumentError] raised if the value is not a Integer, Float value greater or equal to 0
   # @return [Boolean] true if the data is valid
   def self.validate_unsigned_numeric(v)
     DataTypeValidator.validate(:unsigned_numeric, Numeric, v, UINT_VALIDATOR)

data/lib/axlsx/version.rb

@@ -1,5 +1,5 @@
 module Axlsx
 
   # The current version
-  VERSION = "3.0.1"
+  VERSION = "3.0.2"
 end

data/lib/axlsx/workbook/workbook.rb

@@ -197,15 +197,6 @@ require 'axlsx/workbook/worksheet/selection.rb'
       @worksheets[index] if index
     end
 
-    # lets come back to this later when we are ready for parsing.
-    #def self.parse entry
-    #  io = entry.get_input_stream
-    #  w = self.new
-    #  w.parser_xml = Nokogiri::XML(io.read)
-    #  w.parse_string :date1904, "//xmlns:workbookPr/@date1904"
-    #  w
-    #end
-
     # Creates a new Workbook
     # The recomended way to work with workbooks is via Package#workbook
     # @option options [Boolean] date1904. If this is not specified, date1904 is set to false. Office 2011 for Mac defaults to false.

data/lib/axlsx/workbook/worksheet/cell.rb

@@ -12,7 +12,7 @@ module Axlsx
 
     # @param [Row] row The row this cell belongs to.
     # @param [Any] value The value associated with this cell.
-    # @option options [Symbol] type The intended data type for this cell. If not specified the data type will be determined internally based on the vlue provided.
+    # @option options [Symbol] type The intended data type for this cell. If not specified the data type will be determined internally based on the value provided.
     # @option options [Integer] style The index of the cellXfs item to be applied to this cell. If not specified, the default style (0) will be applied.
     # @option options [String] font_name
     # @option options [Integer] charset
@@ -30,6 +30,10 @@ module Axlsx
     # @option options [String] color an 8 letter rgb specification
     # @option options [Number] formula_value The value to cache for a formula cell.
     # @option options [Symbol] scheme must be one of :none, major, :minor
+    # @option options [Boolean] escape_formulas - Whether to treat a value starting with an equal
+    #    sign as formula (default) or as simple string.
+    #    Allowing user generated data to be interpreted as formulas can be dangerous
+    #   (see https://www.owasp.org/index.php/CSV_Injection for details).
     def initialize(row, value = nil, options = {})
       @row = row
       # Do not use instance vars if not needed to use less RAM
@@ -38,6 +42,8 @@ module Axlsx
       type = options.delete(:type) || cell_type_from_value(value)
       self.type = type unless type == :string
 
+      escape_formulas = options[:escape_formulas]
+      self.escape_formulas = escape_formulas unless escape_formulas.nil?
 
       val = options.delete(:style)
       self.style = val unless val.nil? || val == 0
@@ -102,6 +108,18 @@ module Axlsx
       self.value = @value unless !defined?(@value) || @value.nil?
     end
 
+    # Whether to treat a value starting with an equal
+    #    sign as formula (default) or as simple string.
+    #    Allowing user generated data to be interpreted as formulas can be dangerous
+    #   (see https://www.owasp.org/index.php/CSV_Injection for details).
+    # @return [Boolean]
+    attr_reader :escape_formulas
+
+    def escape_formulas=(v)
+      Axlsx.validate_boolean(v)
+      @escape_formulas = v
+    end
+
     # The value of this cell.
     # @return [String, Integer, Float, Time, Boolean] casted value based on cell's type attribute.
     attr_reader :value
@@ -324,6 +342,8 @@ module Axlsx
     end
 
     def is_formula?
+      return false if escape_formulas
+
       type == :string && @value.to_s.start_with?(?=)
     end
 
@@ -353,6 +373,7 @@ module Axlsx
     # @return [Float]
     def autowidth
       return if is_formula? || value.nil?
+
       if contains_rich_text?
         string_width('', font_size) + value.autowidth
       elsif styles.cellXfs[style].alignment && styles.cellXfs[style].alignment.wrap_text
@@ -389,7 +410,7 @@ module Axlsx
     #  - scaling is not linear as font sizes increase
     def string_width(string, font_size)
       font_scale = font_size / 10.0
-      (string.to_s.count(Worksheet::THIN_CHARS) + 3.0) * font_scale
+      (string.to_s.size + 3) * font_scale
     end
 
     # we scale the font size if bold style is applied to either the style font or

data/lib/axlsx/workbook/worksheet/col.rb

@@ -4,6 +4,10 @@ module Axlsx
   # The Col class defines column attributes for columns in sheets.
   class Col
 
+    # Maximum column width limit in MS Excel is 255 characters
+    # https://support.microsoft.com/en-us/office/excel-specifications-and-limits-1672b34d-7043-467e-8e27-269d656771c3
+    MAX_WIDTH = 255
+
     include Axlsx::OptionsParser
     include Axlsx::SerializedAttributes
     # Create a new Col objects
@@ -111,10 +115,10 @@ module Axlsx
       # TODO!!!
       #Axlsx.validate_unsigned_numeric(v) unless v == nil
       @custom_width = @best_fit = v != nil
-      @width = v
+      @width = v.nil? ? v : [v, MAX_WIDTH].min
     end
 
-    # updates the width for this col based on the cells autowidth and 
+    # updates the width for this col based on the cells autowidth and
     # an optionally specified fixed width
     # @param [Cell] cell The cell to use in updating this col's width
     # @param [Integer] fixed_width If this is specified the width is set
@@ -127,8 +131,8 @@ module Axlsx
       elsif use_autowidth
        cell_width = cell.autowidth
        self.width = cell_width unless (width || 0) > (cell_width || 0)
-      end 
-    end 
+      end
+    end
 
     # Serialize this columns data to an xml string
     # @param [String] str