X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=SL%2FForm.pm;h=582d2aff8edc33ee04ca949fd389de145558d644;hb=0ecaba2bd92a6a217c9c6f281e3c825c01c3975d;hp=b2d6645e241cbd77e4bf6e0cd2f54e947ff81a4f;hpb=05fce3a92d3f4efbf13c110f17296d2aa38a1290;p=kivitendo-erp.git

diff --git a/SL/Form.pm b/SL/Form.pm
index b2d6645e2..582d2aff8 100644
--- a/SL/Form.pm
+++ b/SL/Form.pm
@@ -1164,7 +1164,7 @@ sub parse_amount {
   if (   ($myconfig->{numberformat} eq '1.000,00')
       || ($myconfig->{numberformat} eq '1000,00')) {
     $amount =~ s/\.//g;
-    $amount =~ s/,/\./;
+    $amount =~ s/,/\./g;
   }
 
   if ($myconfig->{numberformat} eq "1'000.00") {
@@ -1175,7 +1175,9 @@ sub parse_amount {
 
   $main::lxdebug->leave_sub(2);
 
-  return ($amount * 1);
+  # Make sure no code wich is not a math expression ends up in eval().
+  return 0 unless $amount =~ /^ [\s \d \( \) \- \+ \* \/ \. ]* $/x;
+  return scalar(eval($amount)) * 1 ;
 }
 
 sub round_amount {