Shiloh/brotherton-erpnext
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[minor] Escape special characters (#11855)

Browse Source
This commit is contained in:
rohitwaghchaure 2017-12-06 13:16:06 +05:30 committed by Nabin Hait
parent 6a418f2a9b
commit 1b16bca843
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
erpnext/setup/doctype/item_group/item_group.py
View File

@ -81,7 +81,7 @@ class ItemGroup(NestedSet, WebsiteGenerator):
@frappe.whitelist(allow_guest=True)
def get_product_list_for_group(product_group=None, start=0, limit=10, search=None):
child_groups = ", ".join(['"' + i[0] + '"' for i in get_child_groups(product_group)])
child_groups = ", ".join(['"' + frappe.db.escape(i[0]) + '"' for i in get_child_groups(product_group)])
# base query
query = """select name, item_name, item_code, route, image, website_image, thumbnail, item_group,