Merge pull request from GHSA-7rq4-qcpw-74gq

* Create custom ModelResource subclass

- Strips illegal starting characters from string cells
- Prevents formula injection

* Update all existing ModelResource classes to base off InvenTreeResource

* Handle more complex case where an illegal char is hidden behind another one

InvenTree/stock/admin.py

@@ -5,10 +5,10 @@ from django.contrib import admin
 import import_export.widgets as widgets
 from import_export.admin import ImportExportModelAdmin
 from import_export.fields import Field
-from import_export.resources import ModelResource
 
 from build.models import Build
 from company.models import Company, SupplierPart
+from InvenTree.admin import InvenTreeResource
 from order.models import PurchaseOrder, SalesOrder
 from part.models import Part
 
@@ -16,7 +16,7 @@ from .models import (StockItem, StockItemAttachment, StockItemTestResult,
                      StockItemTracking, StockLocation)
 
 
-class LocationResource(ModelResource):
+class LocationResource(InvenTreeResource):
     """Class for managing StockLocation data import/export."""
 
     parent = Field(attribute='parent', widget=widgets.ForeignKeyWidget(StockLocation))
@@ -68,7 +68,7 @@ class LocationAdmin(ImportExportModelAdmin):
     ]
 
 
-class StockItemResource(ModelResource):
+class StockItemResource(InvenTreeResource):
     """Class for managing StockItem data import/export."""
 
     # Custom managers for ForeignKey fields