Document Security - Coverage, Testing, and Bug-fixing#2128
Merged
MarkBaker merged 3 commits intoPHPOffice:masterfrom May 29, 2021
Merged
Document Security - Coverage, Testing, and Bug-fixing#2128MarkBaker merged 3 commits intoPHPOffice:masterfrom
MarkBaker merged 3 commits intoPHPOffice:masterfrom
Conversation
Having a parallel project to complete cover Document Properties, I turned my attention to to Document Security. As happens, this particular change grew a bit over time. Coverage and Testing Changes: - Since the Security object has no members which are themselves objects, there is no need for a deep clone. The untested __clone method is removed. - Almost all of the coverage for the Security Object came about through samples 11 and 41, not through formal tests with assertions. Formal tests have been added. - All methods now use type-hinting via the function signature rather than doc block. - Coverage is now 100%. <!-- end of coverage and testing changes list --> Bug: - Xlsx Reader was not evaluating the Lock values correctly. This revelation came as a result of the new tests ... - Which showed that Xlsx Reader was testing SimpleXmlElement as a boolean rather than the stringified version of that ... - Which didn't matter all that much because Xlsx Writer was writing the values as 'true' or 'false' rather than '1' or '0', and (bool) 'false' is true. - Xlsx Reader clearly needed a change. I was trying to avoid that while awaiting the namespacing change. At least this is restricted to a very small self-contained piece of the code. - It is less clear whether Xlsx Writer should be changed. It is true that Excel itself uses 1/0 when writing; however it is equally true that it recognizes true/false as well as 1/0 when reading. For now, I have left Xlsx Writer alone to limit the change to what is absolutely needed. <!-- end of bug list --> Other Changes: - I was at a complete loss as to what "lock revisions" was supposed to do, and it took a while to find anything on the web that explained it. Thank you, openpyxl, for coming through. I have documented it for PhpSpreadsheet now. <!-- end of other changes list --> Miscellaneous Note: - There remains no support for Document Security in Xls Reader or Writer (nor in any of the other readers/writers except Xlsx). - No Phpstan baseline changes, possibly for the first time in any of my PRs since Phpstan was introduced.
MarkBaker
approved these changes
May 29, 2021
Member
That's a quirky twist... openpyxl was inspired by the then PHPExcel, and I spent a lot of time with the original developer Eric going through the document specs explaining aspects to him.... it's nice to see that openpyxl now helps explain things for PHPSpreadsheet
I was never able to figure out how security was handled for Xls; it should have been similar enough, but I could never get it working |
BlackyTay
pushed a commit
to BlackyTay/PhpSpreadsheet
that referenced
this pull request
Aug 8, 2025
Having a parallel project to complete cover Document Properties, I turned my attention to to Document Security. As happens, this particular change grew a bit over time. Coverage and Testing Changes: - Since the Security object has no members which are themselves objects, there is no need for a deep clone. The untested __clone method is removed. - Almost all of the coverage for the Security Object came about through samples 11 and 41, not through formal tests with assertions. Formal tests have been added. - All methods now use type-hinting via the function signature rather than doc block. - Coverage is now 100%. <!-- end of coverage and testing changes list --> Bug: - Xlsx Reader was not evaluating the Lock values correctly. This revelation came as a result of the new tests ... - Which showed that Xlsx Reader was testing SimpleXmlElement as a boolean rather than the stringified version of that ... - Which didn't matter all that much because Xlsx Writer was writing the values as 'true' or 'false' rather than '1' or '0', and (bool) 'false' is true. - Xlsx Reader clearly needed a change. I was trying to avoid that while awaiting the namespacing change. At least this is restricted to a very small self-contained piece of the code. - It is less clear whether Xlsx Writer should be changed. It is true that Excel itself uses 1/0 when writing; however it is equally true that it recognizes true/false as well as 1/0 when reading. For now, I have left Xlsx Writer alone to limit the change to what is absolutely needed. <!-- end of bug list --> Other Changes: - I was at a complete loss as to what "lock revisions" was supposed to do, and it took a while to find anything on the web that explained it. Thank you, openpyxl, for coming through. I have documented it for PhpSpreadsheet now. <!-- end of other changes list --> Miscellaneous Note: - There remains no support for Document Security in Xls Reader or Writer (nor in any of the other readers/writers except Xlsx). - No Phpstan baseline changes, possibly for the first time in any of my PRs since Phpstan was introduced. Co-authored-by: Mark Baker <mark@lange.demon.co.uk>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Having a parallel project to complete cover Document Properties, I turned my attention to to Document Security. As happens, this particular change grew a bit over time.
Coverage and Testing Changes:
Bug:
Other Changes:
Miscellaneous Note:
This is:
Checklist:
Why this change is needed?