fix: escape company field

2020-08-07 14:52:50 +05:30 · 2020-08-07 14:52:50 +05:30 · 8118dd9e62
commit 8118dd9e62
parent 4c4c0df7bd
1 changed files with 1 additions and 1 deletions
--- a/erpnext/accounts/party.py
+++ b/erpnext/accounts/party.py
@ -611,7 +611,7 @@ def get_partywise_advanced_payment_amount(party_type, posting_date = None, futur
 			cond = "posting_date <= '{0}'".format(posting_date)

 	if company:
-		cond += "and company = '{0}'".format(company)
+		cond += "and company = '{0}'".format(frappe.db.escape(company))

 	data = frappe.db.sql(""" SELECT party, sum({0}) as amount
 		FROM `tabGL Entry`