Merge pull request from GHSA-7rq4-qcpw-74gq

* Create custom ModelResource subclass

- Strips illegal starting characters from string cells
- Prevents formula injection

* Update all existing ModelResource classes to base off InvenTreeResource

* Handle more complex case where an illegal char is hidden behind another one

InvenTree/part/admin.py

@@ -5,14 +5,14 @@ from django.contrib import admin
 import import_export.widgets as widgets
 from import_export.admin import ImportExportModelAdmin
 from import_export.fields import Field
-from import_export.resources import ModelResource
 
 import part.models as models
 from company.models import SupplierPart
+from InvenTree.admin import InvenTreeResource
 from stock.models import StockLocation
 
 
-class PartResource(ModelResource):
+class PartResource(InvenTreeResource):
     """Class for managing Part data import/export."""
 
     # ForeignKey fields
@@ -92,7 +92,7 @@ class PartAdmin(ImportExportModelAdmin):
     ]
 
 
-class PartCategoryResource(ModelResource):
+class PartCategoryResource(InvenTreeResource):
     """Class for managing PartCategory data import/export."""
 
     parent = Field(attribute='parent', widget=widgets.ForeignKeyWidget(models.PartCategory))
@@ -157,7 +157,7 @@ class PartTestTemplateAdmin(admin.ModelAdmin):
     autocomplete_fields = ('part',)
 
 
-class BomItemResource(ModelResource):
+class BomItemResource(InvenTreeResource):
     """Class for managing BomItem data import/export."""
 
     level = Field(attribute='level', readonly=True)
@@ -266,7 +266,7 @@ class ParameterTemplateAdmin(ImportExportModelAdmin):
     search_fields = ('name', 'units')
 
 
-class ParameterResource(ModelResource):
+class ParameterResource(InvenTreeResource):
     """Class for managing PartParameter data import/export."""
 
     part = Field(attribute='part', widget=widgets.ForeignKeyWidget(models.Part))