From c1db0fc1e90b33881c696fab8b24fe8a920b5a32 Mon Sep 17 00:00:00 2001
From: Juerd Waalboer <juerd@tnx.nl>
Date: Wed, 27 Feb 2013 23:12:13 +0100
Subject: [PATCH] Treat product database as user input.

---
 plugins/market   | 6 ++++--
 plugins/products | 9 ++++++---
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/plugins/market b/plugins/market
index 9045fff..496241b 100755
--- a/plugins/market
+++ b/plugins/market
@@ -22,8 +22,10 @@ sub command :Tab(market) {
         my ($username, $id, $seller, $space, $description) = @$fields;
 
         next if $command ne $id;
-        next if $space  < 0;
-        next if $seller < 0;
+
+        $username = parse_user($username) or next;
+        $seller   = parse_amount($seller) or next;
+        $space    = parse_amount($space)  or next;
 
         $cart->add(undef, -($seller + $space), $description);
         $cart->add($username, 0+$seller, "\$you bought $description")
diff --git a/plugins/products b/plugins/products
index f278f7a..0dc6758 100755
--- a/plugins/products
+++ b/plugins/products
@@ -20,10 +20,13 @@ sub command :Tab(edit) {
     chomp @$_ for @products;
 
     for my $fields (@products) {
-        next if $command ne $fields->[0];
-        next if $fields->[1] < 0;
+        my ($id, $price, $description) = @$fields;
 
-        $cart->add(undef, 0 - $fields->[1], $fields->[2]);
+        next if $command ne $id;
+
+        $price = parse_amount($price) or next;
+
+        $cart->add(undef, -$price, $description);
         return ACCEPT;
     }