Index: /lib/functions.inc.php
===================================================================
--- /lib/functions.inc.php	(revision 7498)
+++ /lib/functions.inc.php	(revision 7499)
@@ -525,4 +525,13 @@
 				break;
 			
+			case WPSG_SANITIZE_COSTKEY:
+				
+				$filtered = preg_replace('/(\d)|(\:)|(,)|(\|)|(\,)/', '', $val);
+				
+				if (trim($filtered) === '') $bReturn = true;
+				else $bReturn = false;
+				
+				break;
+				
 			case WPSG_SANITIZE_HTML:
 				
Index: /mods/wpsg_mod_versandarten.class.php
===================================================================
--- /mods/wpsg_mod_versandarten.class.php	(revision 7498)
+++ /mods/wpsg_mod_versandarten.class.php	(revision 7499)
@@ -183,14 +183,15 @@
 										
 				}
-				else if ($_REQUEST['field'] == 'kosten')
-				{
-
-					$_REQUEST['value'] = wpsg_tf(wpsg_sinput("key", $_REQUEST['value'], "isFloat"));
-
-					$this->db->UpdateQuery(WPSG_TBL_VA, array(
-						'kosten' => wpsg_q($_REQUEST['value'])
-					), "`id` = '".wpsg_q($_REQUEST['va_id'])."'");
-					
-					die($_REQUEST['value']);
+				else if ($_REQUEST['field'] == 'kosten') {
+
+					if (wpsg_checkInput($_REQUEST['value'], WPSG_SANITIZE_COSTKEY)) {
+					
+						$this->db->UpdateQuery(WPSG_TBL_VA, array(
+							'kosten' => wpsg_q($_REQUEST['value'])
+						), "`id` = '".wpsg_q($_REQUEST['va_id'])."'");
+											
+						die($_REQUEST['value']);
+						
+					} else { die(__('UngÃŒltige Eingabe')); }
 					
 				}
Index: /wpshopgermany.php
===================================================================
--- /wpshopgermany.php	(revision 7498)
+++ /wpshopgermany.php	(revision 7499)
@@ -88,5 +88,6 @@
 	define('WPSG_SANITIZE_ARRAY_INT', 14);
 	define('WPSG_SANITIZE_HTML', 15);
- 	
+ 	define('WPSG_SANITIZE_COSTKEY', 16);
+	
 	// Ist in Multiblog manchma nicht definiert :? Sonst ist hier das Verzeichnis drin
 	if (!defined('SITECOOKIEPATH')) define('SITECOOKIEPATH', '/');