From ae3d4c2c0f541b17a02decb9872220b8121cf16d Mon Sep 17 00:00:00 2001
From: Moritz Bunkus <m.bunkus@linet-services.de>
Date: Tue, 17 May 2011 12:34:33 +0200
Subject: [PATCH] Berechnung in Zahlenfelder: Erlaubte Zeichen auf Klammern
 ausgeweitet

---
 SL/Form.pm   | 11 +++--------
 js/common.js |  2 +-
 2 files changed, 4 insertions(+), 9 deletions(-)

diff --git a/SL/Form.pm b/SL/Form.pm
index 4db9e4bd4..582d2aff8 100644
--- a/SL/Form.pm
+++ b/SL/Form.pm
@@ -1172,17 +1172,12 @@ sub parse_amount {
   }
 
   $amount =~ s/,//g;
-  # make shure no code wich is not a math expression ends in eval()
-
-  $amount =~ s/\s//g; 
-
-  unless($amount =~ /^[-\+]?\d+\.?\d*([-\+\*\/][-\+]?\d+\.?\d*)*$/){
-    return 0;
-  }
 
   $main::lxdebug->leave_sub(2);
 
-  return (eval $amount) * 1 ;
+  # Make sure no code wich is not a math expression ends up in eval().
+  return 0 unless $amount =~ /^ [\s \d \( \) \- \+ \* \/ \. ]* $/x;
+  return scalar(eval($amount)) * 1 ;
 }
 
 sub round_amount {
diff --git a/js/common.js b/js/common.js
index 279ff8dae..298d5a2cb 100644
--- a/js/common.js
+++ b/js/common.js
@@ -58,7 +58,7 @@ function check_right_number_format(input_name) {
   if(decpoint && decpoint == ','){
     test_val = test_val.replace(/,/g, '.');
   }
-  var forbidden = test_val.match(/[^-\+\/\*\.0-9\ ]/g );
+  var forbidden = test_val.match(/[^\s\d\(\)\-\+\*\/\.]/g);
   if (forbidden && forbidden.length > 0 ){
     return show_alert_and_focus(input_name, wrongNumberFormat);
   } 
-- 
2.20.1