Shiloh/brotherton-erpnext
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix quote issues (#15497)

Browse Source 
* Fix quotes issues

* Remove frappe.db.escape
- Handle escape in the update_linked_doctypes method
This commit is contained in:
Suraj Shetty 2018-09-26 18:15:53 +05:30 committed by Nabin Hait
parent 171c7d4128
commit 6ea3de9521
4 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
erpnext/accounts/report/budget_variance_report/budget_variance_report.py
View File

@ -78,7 +78,7 @@ def get_cost_centers(filters):
def get_cost_center_target_details(filters): def get_cost_center_target_details(filters):
cond = "" cond = ""
if filters.get("cost_center"): if filters.get("cost_center"):
cond += " and b.cost_center='%s'" % frappe.db.escape(filters.get("cost_center")) cond += " and b.cost_center=%s" % frappe.db.escape(filters.get("cost_center"))
return frappe.db.sql(""" return frappe.db.sql("""
select b.{budget_against} as budget_against, b.monthly_distribution, ba.account, ba.budget_amount select b.{budget_against} as budget_against, b.monthly_distribution, ba.account, ba.budget_amount

4
erpnext/controllers/queries.py
View File

@ -219,7 +219,7 @@ def bom(doctype, txt, searchfield, start, page_len, filters):
def get_project_name(doctype, txt, searchfield, start, page_len, filters): def get_project_name(doctype, txt, searchfield, start, page_len, filters):
cond = '' cond = ''
if filters.get('customer'): if filters.get('customer'):
cond = """(`tabProject`.customer = '%s' or cond = """(`tabProject`.customer = %s or
ifnull(`tabProject`.customer,"")="") and""" %(frappe.db.escape(filters.get("customer"))) ifnull(`tabProject`.customer,"")="") and""" %(frappe.db.escape(filters.get("customer")))
return frappe.db.sql("""select `tabProject`.name from `tabProject` return frappe.db.sql("""select `tabProject`.name from `tabProject`
@ -398,7 +398,7 @@ def warehouse_query(doctype, txt, searchfield, start, page_len, filters):
CONCAT_WS(" : ", "Actual Qty", ifnull( ({sub_query}), 0) ) as actual_qty CONCAT_WS(" : ", "Actual Qty", ifnull( ({sub_query}), 0) ) as actual_qty
from `tabWarehouse` from `tabWarehouse`
where where
`tabWarehouse`.`{key}` like '{txt}' `tabWarehouse`.`{key}` like {txt}
{fcond} {mcond} {fcond} {mcond}
order by order by
`tabWarehouse`.name desc `tabWarehouse`.name desc

2
erpnext/projects/doctype/task/task.py
View File

@ -163,7 +163,7 @@ def check_if_child_exists(name):
def get_project(doctype, txt, searchfield, start, page_len, filters): def get_project(doctype, txt, searchfield, start, page_len, filters):
from erpnext.controllers.queries import get_match_cond from erpnext.controllers.queries import get_match_cond
return frappe.db.sql(""" select name from `tabProject` return frappe.db.sql(""" select name from `tabProject`
where %(key)s like "%(txt)s" where %(key)s like %(txt)s
%(mcond)s %(mcond)s
order by name order by name
limit %(start)s, %(page_len)s """ % {'key': searchfield, limit %(start)s, %(page_len)s """ % {'key': searchfield,

2
erpnext/selling/doctype/customer/customer.py
View File

@ -91,7 +91,7 @@ class Customer(TransactionBase):
def update_customer_groups(self): def update_customer_groups(self):
ignore_doctypes = ["Lead", "Opportunity", "POS Profile", "Tax Rule", "Pricing Rule"] ignore_doctypes = ["Lead", "Opportunity", "POS Profile", "Tax Rule", "Pricing Rule"]
if frappe.flags.customer_group_changed: if frappe.flags.customer_group_changed:
update_linked_doctypes('Customer', frappe.db.escape(self.name), 'Customer Group', update_linked_doctypes('Customer', self.name, 'Customer Group',
self.customer_group, ignore_doctypes) self.customer_group, ignore_doctypes)
def create_primary_contact(self): def create_primary_contact(self):