Shiloh/brotherton-erpnext
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[fix] Escaping strings with percentage

Browse Source
This commit is contained in:
Nabin Hait 2016-02-19 12:45:57 +05:30
parent 6e8eaf097a
commit 1a99cb8bfe
4 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
erpnext/accounts/utils.py
View File

@ -105,11 +105,11 @@ def get_balance_on(account=None, date=None, party_type=None, party=None, in_acco
if acc.account_currency == frappe.db.get_value("Company", acc.company, "default_currency"):
in_account_currency = False
else:
cond.append("""gle.account = "%s" """ % (frappe.db.escape(account), ))
cond.append("""gle.account = "%s" """ % (frappe.db.escape(account, percent=False), ))
if party_type and party:
cond.append("""gle.party_type = "%s" and gle.party = "%s" """ %
(frappe.db.escape(party_type), frappe.db.escape(party)))
(frappe.db.escape(party_type), frappe.db.escape(party, percent=False)))
if account or (party_type and party):
if in_account_currency:

3
erpnext/manufacturing/doctype/bom/bom.py
View File

@ -12,7 +12,8 @@ from operator import itemgetter
class BOM(Document):
def autoname(self):
last_name = frappe.db.sql("""select max(name) from `tabBOM`
where name like "BOM/{0}/%%" and item=%s""".format(frappe.db.escape(self.item)), self.item)
where name like "BOM/{0}/%%" and item=%s
""".format(frappe.db.escape(self.item, percent=False)), self.item)
if last_name:
idx = cint(cstr(last_name[0][0]).split('/')[-1].split('-')[0]) + 1
else:

2
erpnext/stock/report/stock_balance/stock_balance.py
View File

@ -66,7 +66,7 @@ def get_conditions(filters):
frappe.throw(_("'To Date' is required"))
if filters.get("item_code"):
conditions += " and item_code = '%s'" % frappe.db.escape(filters.get("item_code"))
conditions += " and item_code = '%s'" % frappe.db.escape(filters.get("item_code"), percent=False)
return conditions

4
erpnext/stock/report/stock_projected_qty/stock_projected_qty.py
View File

@ -73,7 +73,7 @@ def get_item_map(item_code):
condition = ""
if item_code:
condition = 'and item_code = "{0}"'.format(frappe.db.escape(item_code))
condition = 'and item_code = "{0}"'.format(frappe.db.escape(item_code, percent=False))
items = frappe.db.sql("""select * from `tabItem` item
where is_stock_item = 1
@ -85,7 +85,7 @@ def get_item_map(item_code):
condition = ""
if item_code:
condition = 'where parent="{0}"'.format(frappe.db.escape(item_code))
condition = 'where parent="{0}"'.format(frappe.db.escape(item_code, percent=False))
reorder_levels = frappe._dict()
for ir in frappe.db.sql("""select * from `tabItem Reorder` {condition}""".format(condition=condition), as_dict=1):