[fix] escape quote in Accounts Receivable

2015-01-08 18:26:53 +05:30 · 2015-01-08 18:26:53 +05:30 · 015fa7a1d1
commit 015fa7a1d1
parent 7620efc9ad
1 changed files with 1 additions and 1 deletions
--- a/erpnext/accounts/report/accounts_receivable/accounts_receivable.py
+++ b/erpnext/accounts/report/accounts_receivable/accounts_receivable.py
@ -149,7 +149,7 @@ class AccountsReceivableReport(object):
 			if not account_map:
 				frappe.throw(_("No Customer Accounts found."))
 			else:
-				accounts_list = ['"{0}"'.format(ac.replace('"', '\"')) for ac in account_map]
+				accounts_list = ["'{0}'".format(frappe.db.escape(ac)) for ac in account_map]
 				conditions.append("account in ({0})".format(", ".join(accounts_list)))

 		return " and ".join(conditions), values