Security update of sql statements, a couple of smaller fixes.

[fa-stable.git] / gl / includes / db / gl_db_banking.inc

diff --git a/gl/includes/db/gl_db_banking.inc b/gl/includes/db/gl_db_banking.inc
index 903b22b5ff0a24fe6bf3b96b0c1acedc07f14d83..528690007eedd2d054822fb68706da5af5037635 100644 (file)
--- a/gl/includes/db/gl_db_banking.inc
+++ b/gl/includes/db/gl_db_banking.inc
@@ -18,7 +18,7 @@ function add_exchange_variation($trans_type, $trans_no, $date_, $acc_id, $accoun
                $date_ = Today();
        $rate = get_exchange_rate_from_home_currency($currency, $date_);
        $result = db_query("SELECT SUM(amount) FROM ".TB_PREF."bank_trans WHERE 
-               bank_act='$acc_id' AND trans_date<='".date2sql($date_)."'", 
+               bank_act=".db_escape($acc_id)." AND trans_date<='".date2sql($date_)."'", 
                "Transactions for account $account could not be calculated");
        $row = db_fetch_row($result);
        $foreign_amount = $row[0];
@@ -203,7 +203,7 @@ function add_bank_transaction($trans_type, $from_account, $items, $date_,
                $amount = $gl_item->amount;
                $ex_rate = get_exchange_rate_from_home_currency($currency, $date_);
                        
-               add_gl_tax_details($gl_item->code_id, $trans_type, $trans_no, $amount,
+               add_gl_tax_details($gl_item->code_id, $trans_type, $trans_no, -$amount,
                        $ex_rate, $date_, $memo_);
        }