From 7ccb90064b04b32df0bdd6abd2a4c7b128423d7d Mon Sep 17 00:00:00 2001 From: MarkBaker Date: Thu, 30 Apr 2015 19:07:49 +0100 Subject: [PATCH] Rework of Iterators for existing cells only --- Classes/PHPExcel/Worksheet/CellIterator.php | 101 ++++-------------- .../PHPExcel/Worksheet/ColumnCellIterator.php | 88 +++++++-------- .../PHPExcel/Worksheet/RowCellIterator.php | 80 +++++++------- changelog.txt | 3 +- 4 files changed, 104 insertions(+), 168 deletions(-) diff --git a/Classes/PHPExcel/Worksheet/CellIterator.php b/Classes/PHPExcel/Worksheet/CellIterator.php index 4b968167..77c5d2e3 100644 --- a/Classes/PHPExcel/Worksheet/CellIterator.php +++ b/Classes/PHPExcel/Worksheet/CellIterator.php @@ -35,47 +35,28 @@ * @package PHPExcel_Worksheet * @copyright Copyright (c) 2006 - 2014 PHPExcel (http://www.codeplex.com/PHPExcel) */ -class PHPExcel_Worksheet_CellIterator implements Iterator +abstract class PHPExcel_Worksheet_CellIterator { /** * PHPExcel_Worksheet to iterate * * @var PHPExcel_Worksheet */ - private $_subject; - - /** - * Row index - * - * @var int - */ - private $_rowIndex; + protected $_subject; /** * Current iterator position * - * @var int + * @var mixed */ - private $_position = 0; + protected $_position = null; /** - * Loop only existing cells + * Iterate only existing cells * * @var boolean */ - private $_onlyExistingCells = true; - - /** - * Create a new cell iterator - * - * @param PHPExcel_Worksheet $subject - * @param int $rowIndex - */ - public function __construct(PHPExcel_Worksheet $subject = null, $rowIndex = 1) { - // Set subject and row index - $this->_subject = $subject; - $this->_rowIndex = $rowIndex; - } + protected $_onlyExistingCells = false; /** * Destructor @@ -84,63 +65,6 @@ class PHPExcel_Worksheet_CellIterator implements Iterator unset($this->_subject); } - /** - * Rewind iterator - */ - public function rewind() { - $this->_position = 0; - } - - /** - * Current PHPExcel_Cell - * - * @return PHPExcel_Cell - */ - public function current() { - return $this->_subject->getCellByColumnAndRow($this->_position, $this->_rowIndex); - } - - /** - * Current key - * - * @return int - */ - public function key() { - return $this->_position; - } - - /** - * Next value - */ - public function next() { - ++$this->_position; - } - - /** - * Are there any more PHPExcel_Cell instances available? - * - * @return boolean - */ - public function valid() { - // columnIndexFromString() returns an index based at one, - // treat it as a count when comparing it to the base zero - // position. - $columnCount = PHPExcel_Cell::columnIndexFromString($this->_subject->getHighestColumn()); - - if ($this->_onlyExistingCells) { - // If we aren't looking at an existing cell, either - // because the first column doesn't exist or next() has - // been called onto a nonexistent cell, then loop until we - // find one, or pass the last column. - while ($this->_position < $columnCount && - !$this->_subject->cellExistsByColumnAndRow($this->_position, $this->_rowIndex)) { - ++$this->_position; - } - } - - return $this->_position < $columnCount; - } - /** * Get loop only existing cells * @@ -150,12 +74,23 @@ class PHPExcel_Worksheet_CellIterator implements Iterator return $this->_onlyExistingCells; } + /** + * Validate start/end values for "IterateOnlyExistingCells" mode, and adjust if necessary + * + * @throws PHPExcel_Exception + */ + abstract protected function adjustForExistingOnlyRange() { + } + /** * Set the iterator to loop only existing cells * * @param boolean $value + * @throws PHPExcel_Exception */ public function setIterateOnlyExistingCells($value = true) { - $this->_onlyExistingCells = $value; + $this->_onlyExistingCells = (boolean) $value; + + $this->adjustForExistingOnlyRange(); } } diff --git a/Classes/PHPExcel/Worksheet/ColumnCellIterator.php b/Classes/PHPExcel/Worksheet/ColumnCellIterator.php index ac4c87a2..a9ef49f0 100644 --- a/Classes/PHPExcel/Worksheet/ColumnCellIterator.php +++ b/Classes/PHPExcel/Worksheet/ColumnCellIterator.php @@ -35,49 +35,28 @@ * @package PHPExcel_Worksheet * @copyright Copyright (c) 2006 - 2014 PHPExcel (http://www.codeplex.com/PHPExcel) */ -class PHPExcel_Worksheet_ColumnCellIterator implements Iterator +class PHPExcel_Worksheet_ColumnCellIterator extends PHPExcel_Worksheet_CellIterator implements Iterator { - /** - * PHPExcel_Worksheet to iterate - * - * @var PHPExcel_Worksheet - */ - private $_subject; - /** * Column index * * @var string */ - private $_columnIndex; + protected $_columnIndex; - /** - * Current iterator position - * - * @var int - */ - private $_position = 1; - - /** + /** * Start position * * @var int */ - private $_startRow = 1; + protected $_startRow = 1; /** * End position * * @var int */ - private $_endRow = 1; - - /** - * Loop only existing cells - * - * @var boolean - */ - private $_onlyExistingCells = true; + protected $_endRow = 1; /** * Create a new row iterator @@ -106,10 +85,12 @@ class PHPExcel_Worksheet_ColumnCellIterator implements Iterator * (Re)Set the start row and the current row pointer * * @param integer $startRow The row number at which to start iterating - * @return PHPExcel_Worksheet_RowIterator + * @return PHPExcel_Worksheet_ColumnCellIterator + * @throws PHPExcel_Exception */ public function resetStart($startRow = 1) { $this->_startRow = $startRow; + $this->adjustForExistingOnlyRange(); $this->seek($startRow); return $this; @@ -119,10 +100,12 @@ class PHPExcel_Worksheet_ColumnCellIterator implements Iterator * (Re)Set the end row * * @param integer $endRow The row number at which to stop iterating - * @return PHPExcel_Worksheet_RowIterator + * @return PHPExcel_Worksheet_ColumnCellIterator + * @throws PHPExcel_Exception */ public function resetEnd($endRow = null) { $this->_endRow = ($endRow) ? $endRow : $this->_subject->getHighestRow(); + $this->adjustForExistingOnlyRange(); return $this; } @@ -131,12 +114,14 @@ class PHPExcel_Worksheet_ColumnCellIterator implements Iterator * Set the row pointer to the selected row * * @param integer $row The row number to set the current pointer at - * @return PHPExcel_Worksheet_RowIterator + * @return PHPExcel_Worksheet_ColumnCellIterator * @throws PHPExcel_Exception */ public function seek($row = 1) { if (($row < $this->_startRow) || ($row > $this->_endRow)) { throw new PHPExcel_Exception("Row $row is out of range ({$this->_startRow} - {$this->_endRow})"); + } elseif ($this->_onlyExistingCells && !($this->_subject->cellExistsByColumnAndRow($this->_columnIndex, $row))) { + throw new PHPExcel_Exception('In "IterateOnlyExistingCells" mode and Cell does not exist'); } $this->_position = $row; @@ -151,7 +136,7 @@ class PHPExcel_Worksheet_ColumnCellIterator implements Iterator } /** - * Return the current row in this worksheet + * Return the current cell in this worksheet column * * @return PHPExcel_Worksheet_Row */ @@ -172,7 +157,11 @@ class PHPExcel_Worksheet_ColumnCellIterator implements Iterator * Set the iterator to its next value */ public function next() { - ++$this->_position; + do { + ++$this->_position; + } while (($this->_onlyExistingCells) && + (!$this->_subject->cellExistsByColumnAndRow($this->_columnIndex, $this->_position)) && + ($this->_position <= $this->_endRow)); } /** @@ -183,7 +172,11 @@ class PHPExcel_Worksheet_ColumnCellIterator implements Iterator throw new PHPExcel_Exception("Row is already at the beginning of range ({$this->_startRow} - {$this->_endRow})"); } - --$this->_position; + do { + --$this->_position; + } while (($this->_onlyExistingCells) && + (!$this->_subject->cellExistsByColumnAndRow($this->_columnIndex, $this->_position)) && + ($this->_position >= $this->_startRow)); } /** @@ -196,20 +189,27 @@ class PHPExcel_Worksheet_ColumnCellIterator implements Iterator } /** - * Get loop only existing cells + * Validate start/end values for "IterateOnlyExistingCells" mode, and adjust if necessary * - * @return boolean + * @throws PHPExcel_Exception */ - public function getIterateOnlyExistingCells() { - return $this->_onlyExistingCells; + protected function adjustForExistingOnlyRange() { + if ($this->_onlyExistingCells) { + while ((!$this->_subject->cellExistsByColumnAndRow($this->_columnIndex, $this->_startRow)) && + ($this->_startRow <= $this->_endRow)) { + ++$this->_startRow; + } + if ($this->_startRow > $this->_endRow) { + throw new PHPExcel_Exception('No cells exist within the specified range'); + } + while ((!$this->_subject->cellExistsByColumnAndRow($this->_columnIndex, $this->_endRow)) && + ($this->_endRow >= $this->_startRow)) { + --$this->_endRow; + } + if ($this->_endRow < $this->_startRow) { + throw new PHPExcel_Exception('No cells exist within the specified range'); + } + } } - /** - * Set the iterator to loop only existing cells - * - * @param boolean $value - */ - public function setIterateOnlyExistingCells($value = true) { - $this->_onlyExistingCells = $value; - } } diff --git a/Classes/PHPExcel/Worksheet/RowCellIterator.php b/Classes/PHPExcel/Worksheet/RowCellIterator.php index 048ca9d3..96c6b419 100644 --- a/Classes/PHPExcel/Worksheet/RowCellIterator.php +++ b/Classes/PHPExcel/Worksheet/RowCellIterator.php @@ -35,49 +35,28 @@ * @package PHPExcel_Worksheet * @copyright Copyright (c) 2006 - 2014 PHPExcel (http://www.codeplex.com/PHPExcel) */ -class PHPExcel_Worksheet_RowCellIterator implements Iterator +class PHPExcel_Worksheet_RowCellIterator extends PHPExcel_Worksheet_CellIterator implements Iterator { - /** - * PHPExcel_Worksheet to iterate in - * - * @var PHPExcel_Worksheet - */ - private $_subject; - /** * Row index * * @var int */ - private $_rowIndex; - - /** - * Current iterator position - * - * @var int - */ - private $_position = 0; + protected $_rowIndex; /** * Start position * * @var int */ - private $_startColumn = 0; + protected $_startColumn = 0; /** * End position * * @var int */ - private $_endColumn = 0; - - /** - * Loop only existing cells - * - * @var boolean - */ - private $_onlyExistingCells = true; + protected $_endColumn = 0; /** * Create a new column iterator @@ -107,11 +86,13 @@ class PHPExcel_Worksheet_RowCellIterator implements Iterator * * @param integer $startColumn The column address at which to start iterating * @return PHPExcel_Worksheet_RowCellIterator + * @throws PHPExcel_Exception */ public function resetStart($startColumn = 'A') { $startColumnIndex = PHPExcel_Cell::columnIndexFromString($startColumn) - 1; $this->_startColumn = $startColumnIndex; - $this->seek($startColumn); + $this->adjustForExistingOnlyRange(); + $this->seek(PHPExcel_Cell::stringFromColumnIndex($this->_startColumn)); return $this; } @@ -121,10 +102,12 @@ class PHPExcel_Worksheet_RowCellIterator implements Iterator * * @param string $endColumn The column address at which to stop iterating * @return PHPExcel_Worksheet_RowCellIterator + * @throws PHPExcel_Exception */ public function resetEnd($endColumn = null) { $endColumn = ($endColumn) ? $endColumn : $this->_subject->getHighestColumn(); $this->_endColumn = PHPExcel_Cell::columnIndexFromString($endColumn) - 1; + $this->adjustForExistingOnlyRange(); return $this; } @@ -140,6 +123,8 @@ class PHPExcel_Worksheet_RowCellIterator implements Iterator $column = PHPExcel_Cell::columnIndexFromString($column) - 1; if (($column < $this->_startColumn) || ($column > $this->_endColumn)) { throw new PHPExcel_Exception("Column $column is out of range ({$this->_startColumn} - {$this->_endColumn})"); + } elseif ($this->_onlyExistingCells && !($this->_subject->cellExistsByColumnAndRow($column, $this->_rowIndex))) { + throw new PHPExcel_Exception('In "IterateOnlyExistingCells" mode and Cell does not exist'); } $this->_position = $column; @@ -175,7 +160,11 @@ class PHPExcel_Worksheet_RowCellIterator implements Iterator * Set the iterator to its next value */ public function next() { - ++$this->_position; + do { + ++$this->_position; + } while (($this->_onlyExistingCells) && + (!$this->_subject->cellExistsByColumnAndRow($this->_position, $this->_rowIndex)) && + ($this->_position <= $this->_endColumn)); } /** @@ -192,7 +181,11 @@ class PHPExcel_Worksheet_RowCellIterator implements Iterator ); } - --$this->_position; + do { + --$this->_position; + } while (($this->_onlyExistingCells) && + (!$this->_subject->cellExistsByColumnAndRow($this->_position, $this->_rowIndex)) && + ($this->_position >= $this->_startColumn)); } /** @@ -205,20 +198,27 @@ class PHPExcel_Worksheet_RowCellIterator implements Iterator } /** - * Get loop only existing cells + * Validate start/end values for "IterateOnlyExistingCells" mode, and adjust if necessary * - * @return boolean + * @throws PHPExcel_Exception */ - public function getIterateOnlyExistingCells() { - return $this->_onlyExistingCells; + protected function adjustForExistingOnlyRange() { + if ($this->_onlyExistingCells) { + while ((!$this->_subject->cellExistsByColumnAndRow($this->_startColumn, $this->_rowIndex)) && + ($this->_startColumn <= $this->_endColumn)) { + ++$this->_startColumn; + } + if ($this->_startColumn > $this->_endColumn) { + throw new PHPExcel_Exception('No cells exist within the specified range'); + } + while ((!$this->_subject->cellExistsByColumnAndRow($this->_endColumn, $this->_rowIndex)) && + ($this->_endColumn >= $this->_startColumn)) { + --$this->_endColumn; + } + if ($this->_endColumn < $this->_startColumn) { + throw new PHPExcel_Exception('No cells exist within the specified range'); + } + } } - /** - * Set the iterator to loop only existing cells - * - * @param boolean $value - */ - public function setIterateOnlyExistingCells($value = true) { - $this->_onlyExistingCells = $value; - } } diff --git a/changelog.txt b/changelog.txt index 0d9b937f..3220049a 100644 --- a/changelog.txt +++ b/changelog.txt @@ -58,9 +58,10 @@ Planned for v1.8.1 Improved handling for next/prev - Security: (MBaker) - XML filescan in XML-based Readers to prevent XML Entity Expansion (XEE) (see http://projects.webappsec.org/w/page/13247002/XML%20Entity%20Expansion for an explanation of XEE injection) attacks + Reference CVE-2015-3542 - Identification of problem courtesy of Dawid Golunski (Pentest Ltd.) -2014-03-02 (v1.8.0): + 2014-03-02 (v1.8.0): - Bugfix: (MBaker) Work item CP19830 - Undefined variable: fileHandle in CSV Reader - Bugfix: (MBaker) Work item CP19968 - Out of memory in style/supervisor.php - Bugfix: (MBaker) - Style error with merged cells in PDF Writer