chore: release v2.4

- Add theme system (Dark/Light palettes, ModernTheme, ThemeManager) - Add InputDialog, Spinner common view - Add DuplicatesCsvExportService - Refresh views, dialogs, and view models across tabs - Update localization strings (en/fr) - Tweak services (transfer, permissions, search, user access, ownership elevation, bulk operations) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-20 11:23:11 +02:00
parent 8f30a60d2a
commit 12dd1de9f2
93 changed files with 8708 additions and 1159 deletions
@@ -0,0 +1,47 @@
+namespace SharepointToolbox.Services.Export;
+
+/// <summary>
+/// CSV field sanitization. Adds RFC 4180 quoting plus formula-injection
+/// protection: Excel and other spreadsheet apps treat cells starting with
+/// '=', '+', '-', '@', tab, or CR as formulas. Prefixing with a single
+/// quote neutralizes the formula while remaining readable.
+/// </summary>
+internal static class CsvSanitizer
+{
+    /// <summary>
+    /// Escapes a value for inclusion in a CSV row. Always wraps in double
+    /// quotes. Doubles internal quotes per RFC 4180. Prepends an apostrophe
+    /// when the value begins with a character a spreadsheet would evaluate.
+    /// </summary>
+    public static string Escape(string? value)
+    {
+        if (string.IsNullOrEmpty(value)) return "\"\"";
+        var safe = NeutralizeFormulaPrefix(value).Replace("\"", "\"\"");
+        return $"\"{safe}\"";
+    }
+
+    /// <summary>
+    /// Minimal quoting variant: only wraps in quotes when the value contains
+    /// a delimiter, quote, or newline. Still guards against formula injection.
+    /// </summary>
+    public static string EscapeMinimal(string? value)
+    {
+        if (string.IsNullOrEmpty(value)) return string.Empty;
+        var safe = NeutralizeFormulaPrefix(value);
+        if (safe.Contains(',') || safe.Contains('"') || safe.Contains('\n') || safe.Contains('\r'))
+            return $"\"{safe.Replace("\"", "\"\"")}\"";
+        return safe;
+    }
+
+    private static string NeutralizeFormulaPrefix(string value)
+    {
+        if (value.Length == 0) return value;
+        char first = value[0];
+        if (first == '=' || first == '+' || first == '-' || first == '@'
+            || first == '\t' || first == '\r')
+        {
+            return "'" + value;
+        }
+        return value;
+    }
+}