From 4b6d1a34533cbe073fa65a2daaca1c6cc49c1329 Mon Sep 17 00:00:00 2001
From: Alexey Kopytko <alexey@kopytko.ru>
Date: Thu, 16 Jun 2016 12:05:40 +0900
Subject: [PATCH] Escape filename used in Content-Disposition header

---
 Spreadsheet/Excel/Writer.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Spreadsheet/Excel/Writer.php b/Spreadsheet/Excel/Writer.php
index 8141cb2..8bb710c 100644
--- a/Spreadsheet/Excel/Writer.php
+++ b/Spreadsheet/Excel/Writer.php
@@ -65,6 +65,7 @@ class Spreadsheet_Excel_Writer extends Spreadsheet_Excel_Writer_Workbook
     */
     public function send($filename)
     {
+        $filename = addslashes($filename);
         header("Content-type: application/vnd.ms-excel");
         header("Content-Disposition: attachment; filename=\"$filename\"");
         header("Expires: 0");