vj4 icon indicating copy to clipboard operation
vj4 copied to clipboard

Published 20 hours ago verified publisher icon vijos

CSV injection when exporting contest results

Open twd2 opened this issue 6 years ago • 3 comments

... if any username, display name or problem name has some commas or other dangerous characters.

twd2 avatar Dec 17 '18 09:12 twd2

...fields aren't escaped?

moesoha avatar Dec 17 '18 09:12 moesoha

No.

twd2 avatar Dec 17 '18 09:12 twd2

The code is written by @twd2: https://github.com/vijos/vj4/commit/4e41a220e05499458bafeec844fa2337b2e47f26#diff-68fca75dca4bddc4316158ccd8d3e075R331

We should rewrite it using csv.writer or csv.DictWriter.

iceboy233 avatar Dec 18 '18 01:12 iceboy233