From 53d05e1f806b560e2ed3bed2cc540310aaed7d47 Mon Sep 17 00:00:00 2001 From: Moritz Bunkus Date: Wed, 13 May 2015 12:16:59 +0200 Subject: [PATCH] Form::parse_amount: Parsen als Oktalzahlen verhindern --- SL/Form.pm | 4 ++ t/form/parse_amount.t | 129 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 133 insertions(+) create mode 100644 t/form/parse_amount.t diff --git a/SL/Form.pm b/SL/Form.pm index 0aad56ef5..e597786ec 100644 --- a/SL/Form.pm +++ b/SL/Form.pm @@ -947,6 +947,10 @@ sub parse_amount { # Make sure no code wich is not a math expression ends up in eval(). return 0 unless $amount =~ /^ [\s \d \( \) \- \+ \* \/ \. ]* $/x; + + # Prevent numbers from being parsed as octals; + $amount =~ s{ (?{numberformat} = '1.000,00'; + +is($::form->parse_amount($config, '12345'), 12345, '12345 (numberformat: 1.000,00)'); +is($::form->parse_amount($config, '1.234,5'), 1234.5, '1.234,5 (numberformat: 1.000,00)'); +is($::form->parse_amount($config, '9.871.234,5'), 9871234.5, '9.871.234,5 (numberformat: 1.000,00)'); +is($::form->parse_amount($config, '1234,5'), 1234.5, '1234,5 (numberformat: 1.000,00)'); +is($::form->parse_amount($config, '012345'), 12345, '012345 (numberformat: 1.000,00)'); +is($::form->parse_amount($config, '01.234,5'), 1234.5, '01.234,5 (numberformat: 1.000,00)'); +is($::form->parse_amount($config, '01234,5'), 1234.5, '01234,5 (numberformat: 1.000,00)'); +is($::form->parse_amount($config, '09.871.234,5'), 9871234.5, '09.871.234,5 (numberformat: 1.000,00)'); + +$config->{numberformat} = '1000,00'; + +is($::form->parse_amount($config, '12345'), 12345, '12345 (numberformat: 1000,00)'); +is($::form->parse_amount($config, '1.234,5'), 1234.5, '1.234,5 (numberformat: 1000,00)'); +is($::form->parse_amount($config, '9.871.234,5'), 9871234.5, '9.871.234,5 (numberformat: 1000,00)'); +is($::form->parse_amount($config, '1234,5'), 1234.5, '1234,5 (numberformat: 1000,00)'); +is($::form->parse_amount($config, '012345'), 12345, '012345 (numberformat: 1000,00)'); +is($::form->parse_amount($config, '01.234,5'), 1234.5, '01.234,5 (numberformat: 1000,00)'); +is($::form->parse_amount($config, '01234,5'), 1234.5, '01234,5 (numberformat: 1000,00)'); +is($::form->parse_amount($config, '09.871.234,5'), 9871234.5, '09.871.234,5 (numberformat: 1000,00)'); + +$config->{numberformat} = '1,000.00'; + +is($::form->parse_amount($config, '12345'), 12345, '12345 (numberformat: 1,000.00)'); +is($::form->parse_amount($config, '1,234.5'), 1234.5, '1,234.5 (numberformat: 1,000.00)'); +is($::form->parse_amount($config, '9,871,234.5'), 9871234.5, '9,871,234,5 (numberformat: 1,000.00)'); +is($::form->parse_amount($config, '1234.5'), 1234.5, '1234.5 (numberformat: 1,000.00)'); +is($::form->parse_amount($config, '012345'), 12345, '012345 (numberformat: 1,000.00)'); +is($::form->parse_amount($config, '01,234.5'), 1234.5, '01,234.5 (numberformat: 1,000.00)'); +is($::form->parse_amount($config, '01234.5'), 1234.5, '01234.5 (numberformat: 1,000.00)'); +is($::form->parse_amount($config, '09,871,234.5'), 9871234.5, '09,871,234,5 (numberformat: 1,000.00)'); + +$config->{numberformat} = '1000.00'; + +is($::form->parse_amount($config, '12345'), 12345, '12345 (numberformat: 1000.00)'); +is($::form->parse_amount($config, '1,234.5'), 1234.5, '1,234.5 (numberformat: 1000.00)'); +is($::form->parse_amount($config, '9,871,234.5'), 9871234.5, '9,871,234,5 (numberformat: 1000.00)'); +is($::form->parse_amount($config, '1234.5'), 1234.5, '1234.5 (numberformat: 1000.00)'); +is($::form->parse_amount($config, '012345'), 12345, '012345 (numberformat: 1000.00)'); +is($::form->parse_amount($config, '01,234.5'), 1234.5, '01,234.5 (numberformat: 1000.00)'); +is($::form->parse_amount($config, '01234.5'), 1234.5, '01234.5 (numberformat: 1000.00)'); +is($::form->parse_amount($config, '09,871,234.5'), 9871234.5, '09,871,234,5 (numberformat: 1000.00)'); + +# Negative numbers +$config->{numberformat} = '1.000,00'; + +is($::form->parse_amount($config, '-12345'), -12345, '-12345 (numberformat: 1.000,00)'); +is($::form->parse_amount($config, '-1.234,5'), -1234.5, '-1.234,5 (numberformat: 1.000,00)'); +is($::form->parse_amount($config, '-9.871.234,5'), -9871234.5, '-9.871.234,5 (numberformat: 1.000,00)'); +is($::form->parse_amount($config, '-1234,5'), -1234.5, '-1234,5 (numberformat: 1.000,00)'); +is($::form->parse_amount($config, '-012345'), -12345, '-012345 (numberformat: 1.000,00)'); +is($::form->parse_amount($config, '-01.234,5'), -1234.5, '-01.234,5 (numberformat: 1.000,00)'); +is($::form->parse_amount($config, '-01234,5'), -1234.5, '-01234,5 (numberformat: 1.000,00)'); +is($::form->parse_amount($config, '-09.871.234,5'), -9871234.5, '-09.871.234,5 (numberformat: 1.000,00)'); + +$config->{numberformat} = '1000,00'; + +is($::form->parse_amount($config, '-12345'), -12345, '-12345 (numberformat: 1000,00)'); +is($::form->parse_amount($config, '-1.234,5'), -1234.5, '-1.234,5 (numberformat: 1000,00)'); +is($::form->parse_amount($config, '-9.871.234,5'), -9871234.5, '-9.871.234,5 (numberformat: 1000,00)'); +is($::form->parse_amount($config, '-1234,5'), -1234.5, '-1234,5 (numberformat: 1000,00)'); +is($::form->parse_amount($config, '-012345'), -12345, '-012345 (numberformat: 1000,00)'); +is($::form->parse_amount($config, '-01.234,5'), -1234.5, '-01.234,5 (numberformat: 1000,00)'); +is($::form->parse_amount($config, '-01234,5'), -1234.5, '-01234,5 (numberformat: 1000,00)'); +is($::form->parse_amount($config, '-09.871.234,5'), -9871234.5, '-09.871.234,5 (numberformat: 1000,00)'); + +$config->{numberformat} = '1,000.00'; + +is($::form->parse_amount($config, '-12345'), -12345, '-12345 (numberformat: 1,000.00)'); +is($::form->parse_amount($config, '-1,234.5'), -1234.5, '-1,234.5 (numberformat: 1,000.00)'); +is($::form->parse_amount($config, '-9,871,234.5'), -9871234.5, '-9,871,234,5 (numberformat: 1,000.00)'); +is($::form->parse_amount($config, '-1234.5'), -1234.5, '-1234.5 (numberformat: 1,000.00)'); +is($::form->parse_amount($config, '-012345'), -12345, '-012345 (numberformat: 1,000.00)'); +is($::form->parse_amount($config, '-01,234.5'), -1234.5, '-01,234.5 (numberformat: 1,000.00)'); +is($::form->parse_amount($config, '-01234.5'), -1234.5, '-01234.5 (numberformat: 1,000.00)'); +is($::form->parse_amount($config, '-09,871,234.5'), -9871234.5, '-09,871,234,5 (numberformat: 1,000.00)'); + +$config->{numberformat} = '1000.00'; + +is($::form->parse_amount($config, '-12345'), -12345, '-12345 (numberformat: 1000.00)'); +is($::form->parse_amount($config, '-1,234.5'), -1234.5, '-1,234.5 (numberformat: 1000.00)'); +is($::form->parse_amount($config, '-9,871,234.5'), -9871234.5, '-9,871,234,5 (numberformat: 1000.00)'); +is($::form->parse_amount($config, '-1234.5'), -1234.5, '-1234.5 (numberformat: 1000.00)'); +is($::form->parse_amount($config, '-012345'), -12345, '-012345 (numberformat: 1000.00)'); +is($::form->parse_amount($config, '-01,234.5'), -1234.5, '-01,234.5 (numberformat: 1000.00)'); +is($::form->parse_amount($config, '-01234.5'), -1234.5, '-01234.5 (numberformat: 1000.00)'); +is($::form->parse_amount($config, '-09,871,234.5'), -9871234.5, '-09,871,234,5 (numberformat: 1000.00)'); + +# Calculations +$config->{numberformat} = '1.000,00'; + +is($::form->parse_amount($config, '47/2+3,5*(4+5)'), 55, '47/2+3,5*(4+5) (numberformat: 1.000,00)'); +is($::form->parse_amount($config, '047/002+003,05*(04+000005)'), 50.95, '047/002+003,05*(04+000005) (numberformat: 1.000,00)'); +is($::form->parse_amount($config, '47 / 2+ 3,5*( 4 + 5)'), 55, '47 / 2+ 3.,*( 4 + 5) (numberformat: 1.000,00)'); +is($::form->parse_amount($config, '047/ 002+ 003,05 * (04 +000005)'), 50.95, '047/ 002+ 003,05 * (04 +000005) (numberformat: 1.000,00)'); + +$config->{numberformat} = '1,000.00'; + +is($::form->parse_amount($config, '47/2+3.5*(4+5)'), 55, '47/2+3.5*(4+5) (numberformat: 1,000.00)'); +is($::form->parse_amount($config, '047/002+003.05*(04+000005)'), 50.95, '047/002+003.05*(04+000005) (numberformat: 1,000.00)'); +is($::form->parse_amount($config, '47 / 2+ 3.5*( 4 + 5)'), 55, '47 / 2+ 3.5*( 4 + 5) (numberformat: 1,000.00)'); +is($::form->parse_amount($config, '047/ 002+ 003.05 * (04 +000005)'), 50.95, '047/ 002+ 003.05 * (04 +000005) (numberformat: 1,000.00)'); + +# Weird edge cases + +$config->{numberformat} = '1.000,00'; + +is($::form->parse_amount($config, '-0+1'), 1, '-0+1 (numberformat: 1.000,00)'); +is($::form->parse_amount($config, '-0+9'), 9, '-0+9 (numberformat: 1.000,00)'); +is($::form->parse_amount($config, '20*0'), 0, '20*0 (numberformat: 1.000,00)'); +is($::form->parse_amount($config, '20*0123'), 2460, '20*0123 (numberformat: 1.000,00)'); +is($::form->parse_amount($config, '010+010'), 20, '010+010 (numberformat: 1.000,00)'); +is($::form->parse_amount($config, '+(010*2)'), 20, '+(010*2) (numberformat: 1.000,00)'); + +done_testing; + +1; -- 2.20.1