SQL injection fix

[fa-stable.git] / gl / includes / db / gl_db_rates.inc

diff --git a/gl/includes/db/gl_db_rates.inc b/gl/includes/db/gl_db_rates.inc
index 1355e1b72c705a6930f9cc9d68212b7c7a61bae7..fa5926b6559fa04a67d548c1eefc4f6302f18405 100644 (file)
--- a/gl/includes/db/gl_db_rates.inc
+++ b/gl/includes/db/gl_db_rates.inc
@@ -69,7 +69,19 @@ function delete_exchange_rate($rate_id)
        db_query($sql, "could not delete exchange rate $rate_id");              
 }
 
-//---------------------------------------------------------------------------------------------
+//-----------------------------------------------------------------------------
+//     Retrieve exchange rate as of date $date from external source (usually inet)
+//
+function retrieve_exrate($curr_b, $date)
+{
+       global $Hooks;
+
+       if (method_exists($Hooks, 'retrieve_exrate'))
+               return $Hooks->retrieve_exrate($curr_b, $date);
+       else
+               return get_ecb_rate($curr_b);
+}
+//-----------------------------------------------------------------------------
 
 function get_ecb_rate($curr_b) 
 {
@@ -97,7 +109,7 @@ function get_ecb_rate($curr_b)
           } while( ($contents == '') && $retry--);
           
        } else {
-               $handle = @fopen($ecb_filename, 'rb');
+               $handle = @fopen("http://".$ecb_site.$ecb_filename, 'rb');
                if ($handle) {
                        do 
                        {