From d59ca2b3ff5c4772ec86ac14e5867cce3f64326e Mon Sep 17 00:00:00 2001 From: Wulf Coulmann Date: Wed, 10 Nov 2010 19:31:31 +0100 Subject: [PATCH] add number calculation in number form fields --- SL/Form.pm | 11 +++++++++-- js/common.js | 37 +++++++++++++++++++------------------ 2 files changed, 28 insertions(+), 20 deletions(-) diff --git a/SL/Form.pm b/SL/Form.pm index cef5995ab..ad5f0a3cf 100644 --- a/SL/Form.pm +++ b/SL/Form.pm @@ -1164,7 +1164,7 @@ sub parse_amount { if ( ($myconfig->{numberformat} eq '1.000,00') || ($myconfig->{numberformat} eq '1000,00')) { $amount =~ s/\.//g; - $amount =~ s/,/\./; + $amount =~ s/,/\./g; } if ($myconfig->{numberformat} eq "1'000.00") { @@ -1172,10 +1172,17 @@ sub parse_amount { } $amount =~ s/,//g; + # make shure no code wich is not a math expression ends in eval() + + $amount =~ s/\s//g; + + unless($amount =~ /^[-\+]?\d+\.?\d*([-\+\*\/][-\+]?\d+\.?\d*)*$/){ + return 0; + } $main::lxdebug->leave_sub(2); - return ($amount * 1); + return (eval $amount) * 1 ; } sub round_amount { diff --git a/js/common.js b/js/common.js index 86b869c3c..f568782cd 100644 --- a/js/common.js +++ b/js/common.js @@ -48,27 +48,28 @@ function check_right_number_format(input_name) { if(decpoint == thpoint) { return show_alert_and_focus(input_name, wrongNumberFormat); } - if(decpoint == ',') { - var decnumbers = input_name.value.split(','); + var test_val = input_name.value; + if(thpoint && thpoint == ','){ + test_val = test_val.replace(/,/g, ''); } - else { - var decnumbers = input_name.value.split('.'); - } - if(decnumbers.length == 2) { - if(decnumbers[1].length > 2) { - /* return show_alert_and_focus(input_name, wrongNumberFormat); */ - } + if(thpoint && thpoint == '.'){ + test_val = test_val.replace(/\./g, ''); } - else { - if(decnumbers.length > 2) { - return show_alert_and_focus(input_name, wrongNumberFormat); - } - if(!thpoint) { - if(decnumbers[0].match(/\D/)) { - return show_alert_and_focus(input_name, wrongNumberFormat); - } - } + if(thpoint && decpoint == ','){ + test_val = test_val.replace(/,/g, '.'); } + + var forbidden = test_val.match(/[^-\+\/\*\.0-9\ ]/g ); + if (forbidden && forbidden.length > 0 ){ + return show_alert_and_focus(input_name, wrongNumberFormat); + } + + try{ + eval(test_val); + }catch(err){ + return show_alert_and_focus(input_name, wrongNumberFormat); + } + } function check_right_date_format(input_name) { -- 2.20.1