Shiloh/brotherton-erpnext
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix quote issues (#15497)

Browse Source 
* Fix quotes issues

* Remove frappe.db.escape
- Handle escape in the update_linked_doctypes method
This commit is contained in:
Suraj Shetty 2018-09-26 18:15:53 +05:30 committed by Nabin Hait
parent 171c7d4128
commit 6ea3de9521
4 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
erpnext/accounts/report/budget_variance_report/budget_variance_report.py
View File

@ -65,20 +65,20 @@ def get_columns(filters):
return columns + [_("Total Target") + ":Float:120", _("Total Actual") + ":Float:120", return columns + [_("Total Target") + ":Float:120", _("Total Actual") + ":Float:120",
_("Total Variance") + ":Float:120"] _("Total Variance") + ":Float:120"]
def get_cost_centers(filters): def get_cost_centers(filters):
cond = "and 1=1" cond = "and 1=1"
if filters.get("budget_against") == "Cost Center": if filters.get("budget_against") == "Cost Center":
cond = "order by lft" cond = "order by lft"
return frappe.db.sql_list("""select name from `tab{tab}` where company=%s return frappe.db.sql_list("""select name from `tab{tab}` where company=%s
{cond}""".format(tab=filters.get("budget_against"), cond=cond), filters.get("company")) {cond}""".format(tab=filters.get("budget_against"), cond=cond), filters.get("company"))
#Get cost center & target details #Get cost center & target details
def get_cost_center_target_details(filters): def get_cost_center_target_details(filters):
cond = "" cond = ""
if filters.get("cost_center"): if filters.get("cost_center"):
cond += " and b.cost_center='%s'" % frappe.db.escape(filters.get("cost_center")) cond += " and b.cost_center=%s" % frappe.db.escape(filters.get("cost_center"))
return frappe.db.sql(""" return frappe.db.sql("""
select b.{budget_against} as budget_against, b.monthly_distribution, ba.account, ba.budget_amount select b.{budget_against} as budget_against, b.monthly_distribution, ba.account, ba.budget_amount
@ -106,7 +106,7 @@ def get_actual_details(name, filters):
if filters.get("budget_against") == "Cost Center": if filters.get("budget_against") == "Cost Center":
cc_lft, cc_rgt = frappe.db.get_value("Cost Center", name, ["lft", "rgt"]) cc_lft, cc_rgt = frappe.db.get_value("Cost Center", name, ["lft", "rgt"])
cond = "lft>='{lft}' and rgt<='{rgt}'".format(lft = cc_lft, rgt=cc_rgt) cond = "lft>='{lft}' and rgt<='{rgt}'".format(lft = cc_lft, rgt=cc_rgt)
ac_details = frappe.db.sql("""select gl.account, gl.debit, gl.credit, ac_details = frappe.db.sql("""select gl.account, gl.debit, gl.credit,
MONTHNAME(gl.posting_date) as month_name, b.{budget_against} as budget_against MONTHNAME(gl.posting_date) as month_name, b.{budget_against} as budget_against
from `tabGL Entry` gl, `tabBudget Account` ba, `tabBudget` b from `tabGL Entry` gl, `tabBudget Account` ba, `tabBudget` b
@ -115,7 +115,7 @@ def get_actual_details(name, filters):
and b.docstatus = 1 and b.docstatus = 1
and ba.account=gl.account and ba.account=gl.account
and b.{budget_against} = gl.{budget_against} and b.{budget_against} = gl.{budget_against}
and gl.fiscal_year=%s and gl.fiscal_year=%s
and b.{budget_against}=%s and b.{budget_against}=%s
and exists(select name from `tab{tab}` where name=gl.{budget_against} and {cond}) group by gl.name and exists(select name from `tab{tab}` where name=gl.{budget_against} and {cond}) group by gl.name
""".format(tab = filters.budget_against, budget_against = budget_against, cond = cond), """.format(tab = filters.budget_against, budget_against = budget_against, cond = cond),
@ -136,7 +136,7 @@ def get_cost_center_account_month_map(filters):
for ccd in cost_center_target_details: for ccd in cost_center_target_details:
actual_details = get_actual_details(ccd.budget_against, filters) actual_details = get_actual_details(ccd.budget_against, filters)
for month_id in range(1, 13): for month_id in range(1, 13):
month = datetime.date(2013, month_id, 1).strftime('%B') month = datetime.date(2013, month_id, 1).strftime('%B')
@ -150,7 +150,7 @@ def get_cost_center_account_month_map(filters):
if ccd.monthly_distribution else 100.0/12 if ccd.monthly_distribution else 100.0/12
tav_dict.target = flt(ccd.budget_amount) * month_percentage / 100 tav_dict.target = flt(ccd.budget_amount) * month_percentage / 100
for ad in actual_details.get(ccd.account, []): for ad in actual_details.get(ccd.account, []):
if ad.month_name == month: if ad.month_name == month:
tav_dict.actual += flt(ad.debit) - flt(ad.credit) tav_dict.actual += flt(ad.debit) - flt(ad.credit)

4
erpnext/controllers/queries.py
View File

@ -219,7 +219,7 @@ def bom(doctype, txt, searchfield, start, page_len, filters):
def get_project_name(doctype, txt, searchfield, start, page_len, filters): def get_project_name(doctype, txt, searchfield, start, page_len, filters):
cond = '' cond = ''
if filters.get('customer'): if filters.get('customer'):
cond = """(`tabProject`.customer = '%s' or cond = """(`tabProject`.customer = %s or
ifnull(`tabProject`.customer,"")="") and""" %(frappe.db.escape(filters.get("customer"))) ifnull(`tabProject`.customer,"")="") and""" %(frappe.db.escape(filters.get("customer")))
return frappe.db.sql("""select `tabProject`.name from `tabProject` return frappe.db.sql("""select `tabProject`.name from `tabProject`
@ -398,7 +398,7 @@ def warehouse_query(doctype, txt, searchfield, start, page_len, filters):
CONCAT_WS(" : ", "Actual Qty", ifnull( ({sub_query}), 0) ) as actual_qty CONCAT_WS(" : ", "Actual Qty", ifnull( ({sub_query}), 0) ) as actual_qty
from `tabWarehouse` from `tabWarehouse`
where where
`tabWarehouse`.`{key}` like '{txt}' `tabWarehouse`.`{key}` like {txt}
{fcond} {mcond} {fcond} {mcond}
order by order by
`tabWarehouse`.name desc `tabWarehouse`.name desc

2
erpnext/projects/doctype/task/task.py
View File

@ -163,7 +163,7 @@ def check_if_child_exists(name):
def get_project(doctype, txt, searchfield, start, page_len, filters): def get_project(doctype, txt, searchfield, start, page_len, filters):
from erpnext.controllers.queries import get_match_cond from erpnext.controllers.queries import get_match_cond
return frappe.db.sql(""" select name from `tabProject` return frappe.db.sql(""" select name from `tabProject`
where %(key)s like "%(txt)s" where %(key)s like %(txt)s
%(mcond)s %(mcond)s
order by name order by name
limit %(start)s, %(page_len)s """ % {'key': searchfield, limit %(start)s, %(page_len)s """ % {'key': searchfield,

2
erpnext/selling/doctype/customer/customer.py
View File

@ -91,7 +91,7 @@ class Customer(TransactionBase):
def update_customer_groups(self): def update_customer_groups(self):
ignore_doctypes = ["Lead", "Opportunity", "POS Profile", "Tax Rule", "Pricing Rule"] ignore_doctypes = ["Lead", "Opportunity", "POS Profile", "Tax Rule", "Pricing Rule"]
if frappe.flags.customer_group_changed: if frappe.flags.customer_group_changed:
update_linked_doctypes('Customer', frappe.db.escape(self.name), 'Customer Group', update_linked_doctypes('Customer', self.name, 'Customer Group',
self.customer_group, ignore_doctypes) self.customer_group, ignore_doctypes)
def create_primary_contact(self): def create_primary_contact(self):