projects / kivitendo-erp.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | compact (merge: cdaddc5 9c477cc)
Merge remote branch 'refs/remotes/wulf/publish_1500_calc_numbers' into calc-in-parse...
authorMoritz Bunkus <m.bunkus@linet-services.de>
Tue, 17 May 2011 10:22:02 +0000 (12:22 +0200)
committerMoritz Bunkus <m.bunkus@linet-services.de>
Tue, 17 May 2011 10:22:02 +0000 (12:22 +0200)
1  2 
SL/Form.pm patch | diff1 | diff2 | blob | history

diff --combined SL/Form.pm
index b2d6645,ad5f0a3..4db9e4b
--- 1/SL/Form.pm
--- 2/SL/Form.pm
+++ b/SL/Form.pm
@@@ -1164,7 -1164,7 +1164,7 @@@ sub parse_amount 
    if (   ($myconfig->{numberformat} eq '1.000,00')
        || ($myconfig->{numberformat} eq '1000,00')) {
      $amount =~ s/\.//g;
-     $amount =~ s/,/\./;
+     $amount =~ s/,/\./g;
    }
  
    if ($myconfig->{numberformat} eq "1'000.00") {
@@@ -1172,10 -1172,17 +1172,17 @@@
    }
  
    $amount =~ s/,//g;
+   # make shure no code wich is not a math expression ends in eval()
+   $amount =~ s/\s//g; 
+   unless($amount =~ /^[-\+]?\d+\.?\d*([-\+\*\/][-\+]?\d+\.?\d*)*$/){
+     return 0;
+   }
  
    $main::lxdebug->leave_sub(2);
  
-   return ($amount * 1);
+   return (eval $amount) * 1 ;
  }
  
  sub round_amount {
@@@ -1873,12 -1880,12 +1880,12 @@@ sub set_payment_options 
    my $dbh = $self->get_standard_dbh($myconfig);
  
    my $query =
 -    qq|SELECT p.terms_netto, p.terms_skonto, p.percent_skonto, p.description_long | .
 +    qq|SELECT p.terms_netto, p.terms_skonto, p.percent_skonto, p.description_long , p.description | .
      qq|FROM payment_terms p | .
      qq|WHERE p.id = ?|;
  
    ($self->{terms_netto}, $self->{terms_skonto}, $self->{percent_skonto},
 -   $self->{payment_terms}) =
 +   $self->{payment_terms}, $self->{payment_description}) =
       selectrow_query($self, $dbh, $query, $self->{payment_id});
  
    if ($transdate eq "") {
Unnamed repository; edit this file 'description' to name the repository.