I don't know if anybody has seen this before, but you can add negative items to your shopping cart.
Thankfully with paypal or google it doesn't deduct cash out of our account. But if someone in the shipping department isn't paying attention, they could easily ship out products without realizing that it was a negative payment.
Also, the process went through via manual checkout, which we do not have enabled.
I just wanted everybody to be aware. I would expect that a php statement could prevent the - symbol from being entered into the form, or at least remove it if it shows up.