Skip Menu |
 

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the Spreadsheet-ParseExcel CPAN distribution.

Maintainer(s)' notes

If you are reporting a bug in Spreadsheet::ParseExcel here are some pointers

1) State the issues as clearly and as concisely as possible. A simple program or Excel test file (see below) will often explain the issue better than a lot of text.

2) Provide information on your system, version of perl and module versions. The following program will generate everything that is required. Put this information in your bug report.

    #!/usr/bin/perl -w

    print "\n    Perl version   : $]";
    print "\n    OS name        : $^O";
    print "\n    Module versions: (not all are required)\n";

    my @modules = qw(
                      Spreadsheet::ParseExcel
                      Scalar::Util
                      Unicode::Map
                      Spreadsheet::WriteExcel
                      Parse::RecDescent
                      File::Temp
                      OLE::Storage_Lite
                      IO::Stringy
                    );

    for my $module (@modules) {
        my $version;
        eval "require $module";

        if (not $@) {
            $version = $module->VERSION;
            $version = '(unknown)' if not defined $version;
        }
        else {
            $version = '(not installed)';
        }

        printf "%21s%-24s\t%s\n", "", $module, $version;
    }

    __END__

3) Upgrade to the latest version of Spreadsheet::ParseExcel (or at least test on a system with an upgraded version). The issue you are reporting may already have been fixed.

4) Create a small example program that demonstrates your problem. The program should be as small as possible. A few lines of codes are worth tens of lines of text when trying to describe a bug.

5) Supply an Excel file that demonstrates the problem. This is very important. If the file is big, or contains confidential information, try to reduce it down to the smallest Excel file that represents the issue. If you don't wish to post a file here then send it to me directly: jmcnamara@cpan.org

6) Say if the test file was created by Excel, OpenOffice, Gnumeric or something else. Say which version of that application you used.

7) If you are submitting a patch you should check with the maintainer whether the issue has already been patched or if a fix is in the works. Patches should be accompanied by test cases.

Asking a question

If you would like to ask a more general question there is the Spreadsheet::ParseExcel Google Group.

Report information
The Basics
Id: 51033
Status: resolved
Worked: 5 hours (300 min)
Priority: 0/
Queue: Spreadsheet-ParseExcel

People
Owner: Nobody in particular
Requestors: mohammed.chaudhry [...] census.gov
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: ParseExcel kills system if handed a protected workbook
Date: Sun, 1 Nov 2009 17:56:17 -0500
To: bug-Spreadsheet-ParseExcel [...] rt.cpan.org
From: mohammed.chaudhry [...] census.gov
Hi John, We're currently using Spreadsheet::ParseExcel for a production web application. The user uploads an Excel file, we pull the data and populate a database. Everything works great (thanks!), unless the user decides to protect the workbook. I am using Excel 2000 for this example. Tools->Protection->Protect Workbook->Structure (supply password) This will cause ParseExcel to throw a great number of warnings, but those I'm catching with an eval, so no big deal. Tools->Protection->Protect Workbook->Structure & Windows (supply password) Now, not even an eval works. It brings my server to its knees and continues to consume a large amount of system resources. This means a couple 'evil' users can cause a DOS attack. Here are the module versions: Perl version : 5.010000 OS name : linux Module versions: (not all are required) Spreadsheet::ParseExcel 0.55 Scalar::Util 1.19 Unicode::Map (not installed) Spreadsheet::WriteExcel (not installed) Parse::RecDescent 1.94 File::Temp 0.20 OLE::Storage_Lite 0.18 IO::Stringy 2.110 Sample program that can cause the problem: package KP::Util::ExcelParser; use strict; use warnings; use 5.010; use Spreadsheet::ParseExcel; sub parse { my( $class, $file ) = @_; return 0 unless ( -f -r $file ); my $parser = Spreadsheet::ParseExcel->new(); my $workbook; eval { local $SIG{'__WARN__'} = sub { }; $workbook = $parser->Parse($file); }; return 0 if $@; } 1; I think I read somewhere that ParseExcel won't deal with password protected files, but this file will open without asking for a password. Attached is sample file that causes the problem. Password to 'unprotect' is 'abcdefg' Thanks for any help. Even if the module just returned an error code on protected files, that would at least eliminate DOS attacks. -- Mo (See attached file: KPTemplate1c.xls)
Download KPTemplate1c.xls
application/msexcel 131.5k

Message body not shown because it is not plain text.

Download (untitled) / with headers
text/plain 108b
Hi, This is a known issue. I am working on a fix and I will let you know when it is available. John. --
Download (untitled) / with headers
text/plain 306b
This issue has been fixed in version 0.56. You can now trap parse errors as follows: my $parser = Spreadsheet::ParseExcel->new(); my $workbook = $parser->parse('Book1.xls'); if ( !defined $workbook ) { die $parser->error(), ".\n"; } See the docs for more information. John. --


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.