From 399c761fe1537f3524ee42126aea3699a7d7c2eb Mon Sep 17 00:00:00 2001 From: Thomas Mudrunka Date: Sat, 25 May 2013 02:26:15 +0200 Subject: [PATCH] Handlovani zapornejch cisel v bance --- assistants/bank.inc.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/assistants/bank.inc.php b/assistants/bank.inc.php index 4c64d0d..7e3cf52 100644 --- a/assistants/bank.inc.php +++ b/assistants/bank.inc.php @@ -9,6 +9,7 @@ function bank_transaction($ctx, $from, $to, $comment, $amount=0) { $author=$ctx->db->quote($ctx->db->auth->get_user_id()); $from=$ctx->db->quote(bank_name($from)); $to=$ctx->db->quote(bank_name($to)); + $amount=$ctx->db->quote($amount); $comment=trim($comment); if(strlen($comment)<4) die("Komentář musí mít alespoň 4 znaky!"); @@ -33,6 +34,7 @@ if(isset($_POST['create_account'])) { $this->post_redirect_get("$URL_INTERNAL","Účet byl vytvořen"); } if(isset($_POST['transaction'])) { + if(!is_numeric($_POST['amount']) || $_POST['amount'] < 0) $this->post_redirect_get("$URL_INTERNAL","Lze převádět jen kladné částky", true); bank_transaction($this, $_POST['account_from'], $_POST['account_to'], $_POST['comment'], $_POST['amount']); $this->post_redirect_get("$URL_INTERNAL","Transakce byla provedena"); //TODO redirect na account_from } -- 2.30.2