fix: escaped warehouse value for sql query (#26049)

2021-06-15 12:44:04 +05:30 · 2021-06-15 12:44:04 +05:30 · b5a1491176
commit b5a1491176
parent 5149101045
1 changed files with 2 additions and 5 deletions
--- a/erpnext/controllers/stock_controller.py
+++ b/erpnext/controllers/stock_controller.py
@ -558,11 +558,8 @@ def future_sle_exists(args):
 	or_conditions = []
 	for warehouse, items in warehouse_items_map.items():
 		or_conditions.append(
-			"warehouse = '{}' and item_code in ({})".format(
-				warehouse,
-				", ".join(frappe.db.escape(item) for item in items)
-			)
-		)
+			f"""warehouse = {frappe.db.escape(warehouse)}
+				and item_code in ({', '.join(frappe.db.escape(item) for item in items)})""")

 	return frappe.db.sql("""
 		select name