From ba6ad7f5be20b9d23346a439d1e0092857553d66 Mon Sep 17 00:00:00 2001 From: pateljannat Date: Thu, 22 Apr 2021 11:19:44 +0530 Subject: [PATCH] fix: escape for format and msg for working hours if not set --- .../project_profitability/project_profitability.py | 13 +++++++++---- erpnext/regional/india/utils.py | 2 +- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/erpnext/projects/report/project_profitability/project_profitability.py b/erpnext/projects/report/project_profitability/project_profitability.py index 405c6fd344..7703b81cf7 100644 --- a/erpnext/projects/report/project_profitability/project_profitability.py +++ b/erpnext/projects/report/project_profitability/project_profitability.py @@ -25,6 +25,11 @@ def get_data(filters): def get_rows(filters): conditions = get_conditions(filters) standard_working_hours = frappe.db.get_single_value("HR Settings", "standard_working_hours") + if not standard_working_hours: + hr_settings = "HR Settings" + frappe.msgprint(_("The metrics for this report are calculated based on the Standard Working Hours. Please set Standard Working Hours in {0}.").format(hr_settings)) + return [] + sql = """ SELECT * @@ -89,7 +94,7 @@ def get_conditions(filters): conditions = [] if filters.get("company"): - conditions.append("tabTimesheet.company='{0}'".format(filters.get("company"))) + conditions.append("tabTimesheet.company={0}".format(frappe.db.escape(filters.get("company")))) if filters.get("start_date"): conditions.append("tabTimesheet.start_date>='{0}'".format(filters.get("start_date"))) @@ -98,13 +103,13 @@ def get_conditions(filters): conditions.append("tabTimesheet.end_date<='{0}'".format(filters.get("end_date"))) if filters.get("customer_name"): - conditions.append("si.customer_name='{0}'".format(filters.get("customer_name"))) + conditions.append("si.customer_name={0}".format(frappe.db.escape(filters.get("customer_name")))) if filters.get("employee"): - conditions.append("tabTimesheet.employee='{0}'".format(filters.get("employee"))) + conditions.append("tabTimesheet.employee={0}".format(frappe.db.escape(filters.get("employee")))) if filters.get("project"): - conditions.append("tabTimesheet.parent_project='{0}'".format(filters.get("project"))) + conditions.append("tabTimesheet.parent_project={0}".format(frappe.db.escape(filters.get("project")))) conditions = " and ".join(conditions) return conditions diff --git a/erpnext/regional/india/utils.py b/erpnext/regional/india/utils.py index 0c757e962d..6338056698 100644 --- a/erpnext/regional/india/utils.py +++ b/erpnext/regional/india/utils.py @@ -161,7 +161,7 @@ def validate_document_name(doc, method=None): # Date was chosen as start of next FY to avoid irritating current users. if country != "India" or getdate(doc.posting_date) < getdate("2021-04-01"): return - print(doc.name) + if len(doc.name) > 16: frappe.throw(_("Maximum length of document number should be 16 characters as per GST rules. Please change the naming series."))