From dd9031432a98d60413003ee7fee0f62ccec2d600 Mon Sep 17 00:00:00 2001
From: zuiko <zuiko@free.fr>
Date: Fri, 15 Jan 2021 10:29:31 +0100
Subject: [PATCH 1/2] Update functions.lib.php

Fix #15820
function price2num
add underscore and - in the pattern in instruction
$amount = preg_replace('/[a-zA-Z\/\\\*\(\)\<\>]/', '', $amount);
as this:
$amount = preg_replace('/[a-zA-Z\/\\\*\(\)\<\>\_\-]/', '', $amount);
in order to cover some constantes cases as 20% (TX_NORMAL) or 10% (TX_REDUIT) for example where underscore or - can be used.

I don't know if other characters have to be added to this pattern.
---
 htdocs/core/lib/functions.lib.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index 31d51ff290e..38494f3f986 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -4863,7 +4863,7 @@ function price2num($amount, $rounding = '', $option = 0)
 	if ($option != 1) {	// If not a PHP number or unknown, we change or clean format
 		//print 'PP'.$amount.' - '.$dec.' - '.$thousand.' - '.intval($amount).'<br>';
 		if (!is_numeric($amount)) {
-			$amount = preg_replace('/[a-zA-Z\/\\\*\(\)\<\>]/', '', $amount);
+			$amount = preg_replace('/[a-zA-Z\/\\\*\(\)\<\>\_\-]/', '', $amount);
 		}
 
 		if ($option == 2 && $thousand == '.' && preg_match('/\.(\d\d\d)$/', (string) $amount)) {	// It means the . is used as a thousand separator and string come frominput data, so 1.123 is 1123

From e5c932d3f4f43916a13fc342b867c95692572b49 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Sat, 16 Jan 2021 16:50:34 +0100
Subject: [PATCH 2/2] Update functions.lib.php

---
 htdocs/core/lib/functions.lib.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index 38494f3f986..a714d7a6886 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -4863,7 +4863,7 @@ function price2num($amount, $rounding = '', $option = 0)
 	if ($option != 1) {	// If not a PHP number or unknown, we change or clean format
 		//print 'PP'.$amount.' - '.$dec.' - '.$thousand.' - '.intval($amount).'<br>';
 		if (!is_numeric($amount)) {
-			$amount = preg_replace('/[a-zA-Z\/\\\*\(\)\<\>\_\-]/', '', $amount);
+			$amount = preg_replace('/[a-zA-Z\/\\\*\(\)\<\>\_]/', '', $amount);
 		}
 
 		if ($option == 2 && $thousand == '.' && preg_match('/\.(\d\d\d)$/', (string) $amount)) {	// It means the . is used as a thousand separator and string come frominput data, so 1.123 is 1123