From 399c761fe1537f3524ee42126aea3699a7d7c2eb Mon Sep 17 00:00:00 2001
From: Thomas Mudrunka <tomas@mudrunka.cz>
Date: Sat, 25 May 2013 02:26:15 +0200
Subject: [PATCH] Handlovani zapornejch cisel v bance

---
 assistants/bank.inc.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/assistants/bank.inc.php b/assistants/bank.inc.php
index 4c64d0d..7e3cf52 100644
--- a/assistants/bank.inc.php
+++ b/assistants/bank.inc.php
@@ -9,6 +9,7 @@ function bank_transaction($ctx, $from, $to, $comment, $amount=0) {
 	$author=$ctx->db->quote($ctx->db->auth->get_user_id());
 	$from=$ctx->db->quote(bank_name($from));
 	$to=$ctx->db->quote(bank_name($to));
+	$amount=$ctx->db->quote($amount);
 
 	$comment=trim($comment);
 	if(strlen($comment)<4) die("Komentář musí mít alespoň 4 znaky!");
@@ -33,6 +34,7 @@ if(isset($_POST['create_account'])) {
 	$this->post_redirect_get("$URL_INTERNAL","Účet byl vytvořen");
 }
 if(isset($_POST['transaction'])) {
+	if(!is_numeric($_POST['amount']) || $_POST['amount'] < 0) $this->post_redirect_get("$URL_INTERNAL","Lze převádět jen kladné částky", true);
 	bank_transaction($this, $_POST['account_from'], $_POST['account_to'], $_POST['comment'], $_POST['amount']);
 	$this->post_redirect_get("$URL_INTERNAL","Transakce byla provedena"); //TODO redirect na account_from
 }
-- 
2.30.2