fix for code injection

bin/extract_vba

@@ -0,0 +1,123 @@
+#!/usr/bin/perl
+
+#######################################################################
+#
+# extract_vba - A utility to extract a vbaProject.bin binary from an
+# Excel 2007+ xlsm file for insertion into an Excel::Writer::XLSX file.
+#
+# reverse('�'), September 2007, John McNamara, [email protected]
+#
+# Documentation after __END__
+#
+
+
+use strict;
+use warnings;
+use Getopt::Long;
+use Pod::Usage;
+use Archive::Zip;
+
+# Ignore Archive::Zip error messages. Use its return codes only.
+Archive::Zip::setErrorHandler( sub { } );
+
+my $help        = 0;
+my $filename    = $ARGV[0];
+my $vba_project = 'vbaProject.bin';
+
+
+# Use Getopt to read the command-line and Pod::Usage to handle usage
+# and documentation.
+GetOptions(
+    'help|?' => \$help,
+) or pod2usage( 2 );
+
+pod2usage( -verbose => 2 ) if $help;
+pod2usage() if @ARGV == 0 && -t STDIN;
+
+
+# Use Archive::Zip to handle the Excel xlsm/zip file.
+my $zip   = Archive::Zip->new();
+my $error = $zip->read( $filename );
+
+if ( $error == 3 ) {
+    die "File '$filename' doesn't appear to be an 'xlsxm/zip' file.\n";
+}
+elsif ( $error != 0 ) {
+    die "Couldn't read '$filename': $!.\n";
+}
+
+# Extract the vbaProject.bin from the Excel xlsm/zip file.
+$error = $zip->extractMemberWithoutPaths( 'xl/' . $vba_project );
+
+if ( !$error ) {
+    print "Extracted '$vba_project' successfully\n";
+}
+else {
+    die "Failed to extract '$vba_project' from $filename.\n";
+}
+
+
+# The mod data on vbaProject.bin isn't generally set correctly in the xlsm/zip
+# file. This can cause issues on Windows so reset it to the current data.
+my $mtime = time;
+utime $mtime, $mtime, $vba_project;
+
+
+__END__
+
+
+=head1 NAME
+
+extract_vba - A utility to extract a VBA project from an Excel 2007+ xlsm file.
+
+=head1 DESCRIPTION
+
+This utility is used  to extract the VBA project binary from an Excel 2007+ xlsm file. The VBA project can then be added to an L<Excel::Writer::XLSX> file to enable it to have macros.
+
+An C<xlsm> file is a version of an Excel C<xlsx> file that contains an additional VBA project binary file. The C<xlsm> file format is a collection of mainly XML files in a ZIP container.
+
+The extracted VBA project is an OLE Compound Document in binary format. It is named C<vbaProject.bin> and is generally located in the C<xl> directory of the C<xlsm> file.
+
+See the C<add_vba_project()> section of the  L<Excel::Writer::XLSX> documentation for more details.
+
+Note: you can also extract the VBA project from an C<xlsm> file using the standard Linux C<unzip> command:
+
+    unzip -j macro01.xlsm xl/vbaProject.bin
+
+On Windows you can use any suitable Unzip application.
+
+
+=head1 SYNOPSIS
+
+    $ extract_vba file.xlsm
+    Extracted 'vbaProject.bin' successfully
+
+    $ extract_vba -h # For help.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<--help or -h>
+
+Print the help documentation.
+
+=back
+
+
+=head1 AUTHOR
+
+John McNamara [email protected]
+
+
+=head1 VERSION
+
+Version 0.01.
+
+=head1 COPYRIGHT
+
+(c) MMXV, John McNamara.
+
+All Rights Reserved. This program is free software. It may be used, redistributed and/or modified under the same terms as Perl itself.
+
+=cut

bin/ss2tk

@@ -1,7 +1,7 @@
 #!/usr/bin/perl
 
 # ss2tk: show SpreadSheet file in Tk::TableMatrix::Spreadsheet (*)
-#	  (m)'17 [2017-07-03] Copyright H.M.Brand 2005-2018
+#	  (m)'17 [2017-07-03] Copyright H.M.Brand 2005-2021
 
 use strict;
 use warnings;

bin/ssdiff

@@ -1,36 +1,49 @@
 #!/usr/bin/perl
 
-use strict;
+use 5.14.0;
 use warnings;
 
+our $VERSION = "0.03";
+our $CMD = $0 =~ s{.*/}{}r;
+
 sub usage {
     my $err = shift and select STDERR;
-    print "usage: $0 [--verbose[=1]] file.xls file.xlsx\n";
+    print "usage: $CMD [--verbose[=1]] file.xls file.xlsx\n";
     exit $err;
     } # usage
 
+use Spreadsheet::Read;
+use List::Util   qw( max );
 use Getopt::Long qw(:config bundling);
-my $opt_v = 1;
 GetOptions (
     "help|?"		=> sub { usage (0); },
-    "v|verbose:2"	=> \$opt_v,
+    "V|version"		=> sub { print "$CMD [$VERSION]\n"; exit 0; },
+
+    "ccdiff!"		=> \ my $opt_cc,
+
+    "v|verbose:2"	=> \(my $opt_v = 1),
     ) or usage (1);
 
 my $file1 = shift or usage (1);
 my $file2 = shift or usage (1);
 
 binmode STDOUT, ":encoding(utf-8)";
 
-use List::Util qw( max );
-use Spreadsheet::Read;
-my $ss1 = ReadData ($file1) or die "Cannot read $file1: $!\n";
-my $ss2 = ReadData ($file2) or die "Cannot read $file2: $!\n";
+my $ss1 = Spreadsheet::Read->new ($file1) or die "Cannot read $file1: $!\n";
+my $ss2 = Spreadsheet::Read->new ($file2) or die "Cannot read $file2: $!\n";
 
-print "< $file1\t($ss1->[0]{sheets} sheets)\n";
-print "> $file2\t($ss2->[0]{sheets} sheets)\n";
-foreach my $s (1 .. max map { $_->[0]{sheets} } $ss1, $ss2) {
-    my $s1 = $ss1->[$s];
-    my $s2 = $ss2->[$s];
+say for $ss1->sheets;
+if ($opt_cc) {
+    require App::ccdiff;
+    $@ || $App::ccdiff::VERSION lt "0.29" and
+	die "App::ccdiff-0.29 or higher required for --cc\n"
+    }
+
+print "< $file1\t(", scalar $ss1->sheets, " sheets)\n";
+print "> $file2\t(", scalar $ss2->sheets, " sheets)\n";
+foreach my $s (1 .. max map { scalar $_->sheets } $ss1, $ss2) {
+    my $s1 = $ss1->sheet ($s);
+    my $s2 = $ss2->sheet ($s);
     unless ($s1) {
 	print "$s: not in $file1\n";
 	last;
@@ -41,21 +54,33 @@ foreach my $s (1 .. max map { $_->[0]{sheets} } $ss1, $ss2) {
 	}
 
     printf "Sheet %d\n\t< %5d x %5d %s\n\t> %5d x %5d %s\n", $s,
-	$s1->{maxcol}, $s1->{maxrow}, $s1->{label},
-	$s2->{maxcol}, $s2->{maxrow}, $s2->{label};
+	$s1->maxcol, $s1->maxrow, $s1->label,
+	$s2->maxcol, $s2->maxrow, $s2->label;
+
+    if ($opt_cc) {
+	my @c;
+	foreach my $ss ($s1, $s2) {
+	    push @c => [ map { join ("|" => @$_) . "\n" }
+		[ map { $ss->col2label ($_) } 1 .. $ss->maxcol ],
+		map { [ $ss->row ($_) ] }     1 .. $ss->maxrow ];
+	    }
+
+	App::ccdiff::ccdiff (@c, { header => 0, unified => 3, "utf-8" => 1 });
+	next;
+	}
 
-    my $mc = max map { $_->{maxcol} } $s1, $s2;
-    foreach my $r (1 ..  max map { $_->{maxrow} } $s1, $s2) {
-	if ($r > $s1->{maxrow}) {
+    my $mc = max map { $_->maxcol } $s1, $s2;
+    foreach my $r (1 ..  max map { $_->maxrow } $s1, $s2) {
+	if ($r > $s1->maxrow) {
 	    print "$s: EOS in $file1 at row $r\n";
 	    last;
 	    }
-	if ($r > $s2->{maxrow}) {
+	if ($r > $s2->maxrow) {
 	    print "$s: EOS in $file2 at row $r\n";
 	    last;
 	    }
-	my @r1 = Spreadsheet::Read::row ($s1, $r);
-	my @r2 = Spreadsheet::Read::row ($s2, $r);
+	my @r1 = $s1->row ($r);
+	my @r2 = $s2->row ($r);
 	foreach my $c (1 ..  $mc) {
 	    my $c1 = $r1[$c];
 	    my $c2 = $r2[$c];