Shiloh/brotherton-erpnext
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(stock): Escaping issue in stock ledger report

Browse Source
This commit is contained in:
Nabin Hait 2019-01-25 17:07:29 +05:30
parent cce96758fc
commit 1187d61b56
1 changed files with 15 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
erpnext/stock/report/stock_ledger/stock_ledger.py
View File

@ -110,15 +110,21 @@ def get_item_details(items, sl_entries, include_uom):
cf_field = cf_join = "" cf_field = cf_join = ""
if include_uom: if include_uom:
cf_field = ", ucd.conversion_factor" cf_field = ", ucd.conversion_factor"
cf_join = "left join `tabUOM Conversion Detail` ucd on ucd.parent=item.name and ucd.uom=%(include_uom)s" cf_join = "left join `tabUOM Conversion Detail` ucd on ucd.parent=item.name and ucd.uom='%s'" \
% frappe.db.escape(include_uom)
for item in frappe.db.sql(""" item_codes = ', '.join(['"' + frappe.db.escape(i, percent=False) + '"' for i in items])
select item.name, item.item_name, item.description, item.item_group, item.brand, item.stock_uom{cf_field} res = frappe.db.sql("""
from `tabItem` item select
item.name, item.item_name, item.description, item.item_group, item.brand, item.stock_uom {cf_field}
from
`tabItem` item
{cf_join} {cf_join}
where item.name in ({names}) where
""".format(cf_field=cf_field, cf_join=cf_join, names=', '.join(['"' + frappe.db.escape(i, percent=False) + '"' for i in items])), item.name in ({item_codes})
{"include_uom": include_uom}, as_dict=1): """.format(cf_field=cf_field, cf_join=cf_join, item_codes=item_codes), as_dict=1)
for item in res:
item_details.setdefault(item.name, item) item_details.setdefault(item.name, item)
return item_details return item_details