fix: escape fields for Payroll Entry (#22994)

This commit is contained in:
Rucha Mahabal 2020-08-11 13:12:00 +05:30 committed by GitHub
parent b7bc34047a
commit 19b51762ef
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -90,7 +90,7 @@ class PayrollEntry(Document):
cond = ''
for f in ['company', 'branch', 'department', 'designation']:
if self.get(f):
cond += " and t1." + f + " = '" + self.get(f).replace("'", "\'") + "'"
cond += " and t1." + f + " = " + frappe.db.escape(self.get(f))
return cond