diff options
| author | xuri <xuri.me@gmail.com> | 2021-08-15 00:06:40 +0800 |
|---|---|---|
| committer | xuri <xuri.me@gmail.com> | 2021-08-15 00:06:40 +0800 |
| commit | 48c16de8bf74df0fa94a30d29e2e7e3446d48433 (patch) | |
| tree | 329a2e4ab896982581bd348a1700d75aeb40a517 /sheet.go | |
| parent | f6f14f507ee1adf4883cb1b12f27932a63afb286 (diff) | |
Improve security and simplify code
- Make variable name more semantic
- Reduce cyclomatic complexities for the formula calculate function
- Support specified unzip size limit on open file options, avoid zip bombs vulnerability attack
- Typo fix for documentation and error message
Diffstat (limited to 'sheet.go')
| -rw-r--r-- | sheet.go | 8 |
1 files changed, 4 insertions, 4 deletions
@@ -480,7 +480,7 @@ func (f *File) SetSheetBackground(sheet, picture string) error { if !ok { return ErrImgExt } - file, _ := ioutil.ReadFile(picture) + file, _ := ioutil.ReadFile(filepath.Clean(picture)) name := f.addMedia(file, ext) sheetRels := "xl/worksheets/_rels/" + strings.TrimPrefix(f.sheetMap[trimSheetName(sheet)], "xl/worksheets/") + ".rels" rID := f.addRels(sheetRels, SourceRelationshipImage, strings.Replace(name, "xl", "..", 1), "") @@ -655,13 +655,13 @@ func (f *File) SetSheetVisible(name string, visible bool) error { } } for k, v := range content.Sheets.Sheet { - xlsx, err := f.workSheetReader(v.Name) + ws, err := f.workSheetReader(v.Name) if err != nil { return err } tabSelected := false - if len(xlsx.SheetViews.SheetView) > 0 { - tabSelected = xlsx.SheetViews.SheetView[0].TabSelected + if len(ws.SheetViews.SheetView) > 0 { + tabSelected = ws.SheetViews.SheetView[0].TabSelected } if v.Name == name && count > 1 && !tabSelected { content.Sheets.Sheet[k].State = "hidden" |