Escape quotations in CSV imports properly (#1929)

* Parse quotes in imports

* Update invalid CSV for test

Author: zachgoll

app/controllers/import/uploads_controller.rb

@@ -29,10 +29,8 @@ def csv_str
     end
 
     def csv_valid?(str)
-      require "csv"
-
       begin
-        csv = CSV.parse(str || "", headers: true, col_sep: upload_params[:col_sep])
+        csv = Import.parse_csv_str(str, col_sep: upload_params[:col_sep])
         return false if csv.headers.empty?
         return false if csv.count == 0
         true

app/models/import.rb

@@ -34,6 +34,18 @@ class Import < ApplicationRecord
   has_many :accounts, dependent: :destroy
   has_many :entries, dependent: :destroy, class_name: "Account::Entry"
 
+  class << self
+    def parse_csv_str(csv_str, col_sep: ",")
+      CSV.parse(
+        (csv_str || "").strip,
+        headers: true,
+        col_sep: col_sep,
+        converters: [ ->(str) { str&.strip } ],
+        liberal_parsing: true
+      )
+    end
+  end
+
   def publish_later
     raise "Import is not publishable" unless publishable?
 
@@ -178,12 +190,7 @@ def default_currency
     end
 
     def parsed_csv
-      @parsed_csv ||= CSV.parse(
-        (raw_file_str || "").strip,
-        headers: true,
-        col_sep: col_sep,
-        converters: [ ->(str) { str&.strip } ]
-      )
+      @parsed_csv ||= self.class.parse_csv_str(raw_file_str, col_sep: col_sep)
     end
 
     def sanitize_number(value)

test/fixtures/files/imports/invalid.csv

@@ -1,3 +1 @@
-name,age
-"John Doe,23
-"Jane Doe",25
+name,description,amount,currency