From: Moritz Bunkus <m.bunkus@linet-services.de>
Date: Tue, 17 May 2011 10:22:02 +0000 (+0200)
Subject: Merge remote branch 'refs/remotes/wulf/publish_1500_calc_numbers' into calc-in-parse... 
X-Git-Tag: release-2.6.3~25^2~21^2^2~1
X-Git-Url: http://wagnertech.de/gitweb/gitweb.cgi/kivitendo-erp.git/commitdiff_plain/300f3739cfe93d10a867a778a1430068c00c32a8?hp=-c

Merge remote branch 'refs/remotes/wulf/publish_1500_calc_numbers' into calc-in-parse-amount
---

300f3739cfe93d10a867a778a1430068c00c32a8
diff --combined SL/Form.pm
index b2d6645e2,ad5f0a3cf..4db9e4bd4
--- a/SL/Form.pm
+++ b/SL/Form.pm
@@@ -1164,7 -1164,7 +1164,7 @@@ sub parse_amount 
    if (   ($myconfig->{numberformat} eq '1.000,00')
        || ($myconfig->{numberformat} eq '1000,00')) {
      $amount =~ s/\.//g;
-     $amount =~ s/,/\./;
+     $amount =~ s/,/\./g;
    }
  
    if ($myconfig->{numberformat} eq "1'000.00") {
@@@ -1172,10 -1172,17 +1172,17 @@@
    }
  
    $amount =~ s/,//g;
+   # make shure no code wich is not a math expression ends in eval()
+ 
+   $amount =~ s/\s//g; 
+ 
+   unless($amount =~ /^[-\+]?\d+\.?\d*([-\+\*\/][-\+]?\d+\.?\d*)*$/){
+     return 0;
+   }
  
    $main::lxdebug->leave_sub(2);
  
-   return ($amount * 1);
+   return (eval $amount) * 1 ;
  }
  
  sub round_amount {
@@@ -1873,12 -1880,12 +1880,12 @@@ sub set_payment_options 
    my $dbh = $self->get_standard_dbh($myconfig);
  
    my $query =
 -    qq|SELECT p.terms_netto, p.terms_skonto, p.percent_skonto, p.description_long | .
 +    qq|SELECT p.terms_netto, p.terms_skonto, p.percent_skonto, p.description_long , p.description | .
      qq|FROM payment_terms p | .
      qq|WHERE p.id = ?|;
  
    ($self->{terms_netto}, $self->{terms_skonto}, $self->{percent_skonto},
 -   $self->{payment_terms}) =
 +   $self->{payment_terms}, $self->{payment_description}) =
       selectrow_query($self, $dbh, $query, $self->{payment_id});
  
    if ($transdate eq "") {