Merge branch 'master' of lx-office.linet-services.de:lx-office-erp

[mfinanz.git] / SL / Form.pm

diff --git a/SL/Form.pm b/SL/Form.pm
index ad5f0a3cfa59d28b95134ee8ed0d9acc0c6761e2..64412e15e87b7a61912b121091db82d952ec6e11 100644 (file)
--- a/SL/Form.pm
+++ b/SL/Form.pm
@@ -258,6 +258,16 @@ sub new {
 
   bless $self, $type;
 
+  $main::lxdebug->leave_sub();
+
+  return $self;
+}
+
+sub read_cgi_input {
+  $main::lxdebug->enter_sub();
+
+  my ($self) = @_;
+
   $self->_input_to_hash($ENV{QUERY_STRING}) if $ENV{QUERY_STRING};
   $self->_input_to_hash($ARGV[0])           if @ARGV && $ARGV[0];
 
@@ -268,6 +278,12 @@ sub new {
     $uploads = $self->_request_to_hash($content);
   }
 
+  if ($self->{RESTORE_FORM_FROM_SESSION_ID}) {
+    my %temp_form;
+    $::auth->restore_form_from_session(delete $self->{RESTORE_FORM_FROM_SESSION_ID}, form => \%temp_form);
+    $self->_input_to_hash(join '&', map { $self->escape($_) . '=' . $self->escape($temp_form{$_}) } keys %temp_form);
+  }
+
   my $db_charset   = $::lx_office_conf{system}->{dbcharset};
   $db_charset    ||= Common::DEFAULT_CHARSET;
 
@@ -819,7 +835,6 @@ sub _prepare_html_template {
 
   $additional_params->{"conf_dbcharset"}              = $::lx_office_conf{system}->{dbcharset};
   $additional_params->{"conf_webdav"}                 = $::lx_office_conf{features}->{webdav};
-  $additional_params->{"conf_lizenzen"}               = $::lx_office_conf{features}->{lizenzen};
   $additional_params->{"conf_latex_templates"}        = $::lx_office_conf{print_templates}->{latex};
   $additional_params->{"conf_opendocument_templates"} = $::lx_office_conf{print_templates}->{opendocument};
   $additional_params->{"conf_vertreter"}              = $::lx_office_conf{features}->{vertreter};
@@ -995,6 +1010,16 @@ sub write_trigger {
   return $jsscript;
 }    #end sub write_trigger
 
+sub _store_redirect_info_in_session {
+  my ($self) = @_;
+
+  return unless $self->{callback} =~ m:^ ( [^\?/]+ \.pl ) \? (.+) :x;
+
+  my ($controller, $params) = ($1, $2);
+  my $form                  = { map { map { $self->unescape($_) } split /=/, $_, 2 } split m/\&/, $params };
+  $self->{callback}         = "${controller}?RESTORE_FORM_FROM_SESSION_ID=" . $::auth->save_form_in_session(form => $form);
+}
+
 sub redirect {
   $main::lxdebug->enter_sub();
 
@@ -1004,6 +1029,7 @@ sub redirect {
     $self->info($msg);
 
   } else {
+    $self->_store_redirect_info_in_session;
     print $::form->redirect_header($self->{callback});
   }
 
@@ -1172,17 +1198,12 @@ sub parse_amount {
   }
 
   $amount =~ s/,//g;
-  # make shure no code wich is not a math expression ends in eval()
-
-  $amount =~ s/\s//g; 
-
-  unless($amount =~ /^[-\+]?\d+\.?\d*([-\+\*\/][-\+]?\d+\.?\d*)*$/){
-    return 0;
-  }
 
   $main::lxdebug->leave_sub(2);
 
-  return (eval $amount) * 1 ;
+  # Make sure no code wich is not a math expression ends up in eval().
+  return 0 unless $amount =~ /^ [\s \d \( \) \- \+ \* \/ \. ]* $/x;
+  return scalar(eval($amount)) * 1 ;
 }
 
 sub round_amount {
@@ -1880,12 +1901,12 @@ sub set_payment_options {
   my $dbh = $self->get_standard_dbh($myconfig);
 
   my $query =
-    qq|SELECT p.terms_netto, p.terms_skonto, p.percent_skonto, p.description_long | .
+    qq|SELECT p.terms_netto, p.terms_skonto, p.percent_skonto, p.description_long , p.description | .
     qq|FROM payment_terms p | .
     qq|WHERE p.id = ?|;
 
   ($self->{terms_netto}, $self->{terms_skonto}, $self->{percent_skonto},
-   $self->{payment_terms}) =
+   $self->{payment_terms}, $self->{payment_description}) =
      selectrow_query($self, $dbh, $query, $self->{payment_id});
 
   if ($transdate eq "") {