Berechnung in Zahlenfelder: Erlaubte Zeichen auf Klammern ausgeweitet

author Moritz Bunkus <m.bunkus@linet-services.de>

Tue, 17 May 2011 10:34:33 +0000 (12:34 +0200)

committer Moritz Bunkus <m.bunkus@linet-services.de>

Tue, 17 May 2011 10:34:33 +0000 (12:34 +0200)
author Moritz Bunkus <m.bunkus@linet-services.de>
Tue, 17 May 2011 10:34:33 +0000 (12:34 +0200)
committer Moritz Bunkus <m.bunkus@linet-services.de>
Tue, 17 May 2011 10:34:33 +0000 (12:34 +0200)
diff --git a/SL/Form.pm b/SL/Form.pm

index 4db9e4b..582d2af 100644 (file)
--- a/SL/Form.pm
+++ b/SL/Form.pm
@@ -1172,17 +1172,12 @@ sub parse_amount {
    }
  
    $amount =~ s/,//g;
-  # make shure no code wich is not a math expression ends in eval()
-
-  $amount =~ s/\s//g; 
-
-  unless($amount =~ /^[-\+]?\d+\.?\d*([-\+\*\/][-\+]?\d+\.?\d*)*$/){
-    return 0;
-  }
  
    $main::lxdebug->leave_sub(2);
  
-  return (eval $amount) * 1 ;
+  # Make sure no code wich is not a math expression ends up in eval().
+  return 0 unless $amount =~ /^ [\s \d \( \) \- \+ \* \/ \. ]* $/x;
+  return scalar(eval($amount)) * 1 ;
  }
  
  sub round_amount {
diff --git a/js/common.js b/js/common.js

index 279ff8d..298d5a2 100644 (file)
--- a/js/common.js
+++ b/js/common.js
@@ -58,7 +58,7 @@ function check_right_number_format(input_name) {
    if(decpoint && decpoint == ','){
      test_val = test_val.replace(/,/g, '.');
    }
-  var forbidden = test_val.match(/[^-\+\/\*\.0-9\ ]/g );
+  var forbidden = test_val.match(/[^\s\d\(\)\-\+\*\/\.]/g);
    if (forbidden && forbidden.length > 0 ){
      return show_alert_and_focus(input_name, wrongNumberFormat);
    }
author	Moritz Bunkus <m.bunkus@linet-services.de>
	Tue, 17 May 2011 10:34:33 +0000 (12:34 +0200)
committer	Moritz Bunkus <m.bunkus@linet-services.de>
	Tue, 17 May 2011 10:34:33 +0000 (12:34 +0200)
SL/Form.pm		patch \| blob \| history
js/common.js		patch \| blob \| history