From 16aba71da0a77407221b315de7b5757fdac2fe94 Mon Sep 17 00:00:00 2001
From: Nabin Hait <nabinhait@gmail.com>
Date: Thu, 21 Aug 2014 19:02:02 +0530
Subject: [PATCH] Escaped item group value in pricing rule condition

---
 erpnext/accounts/doctype/pricing_rule/pricing_rule.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/erpnext/accounts/doctype/pricing_rule/pricing_rule.py b/erpnext/accounts/doctype/pricing_rule/pricing_rule.py
index 076cccc179..94ad6f1357 100644
--- a/erpnext/accounts/doctype/pricing_rule/pricing_rule.py
+++ b/erpnext/accounts/doctype/pricing_rule/pricing_rule.py
@@ -169,8 +169,8 @@ def get_pricing_rules(args):
 
 			if parent_groups:
 				if allow_blank: parent_groups.append('')
-				condition = " ifnull("+field+", '') in ('" + "', '".join(parent_groups)+"')"
-
+				condition = " ifnull("+field+", '') in ('" + \
+					"', '".join([d.replace("'", "\\'").replace('"', '\\"') for d in parent_groups])+"')"
 		return condition
 
 
@@ -201,7 +201,7 @@ def get_pricing_rules(args):
 			and ifnull({transaction_type}, 0) = 1 {conditions}
 		order by priority desc, name desc""".format(
 			item_group_condition=item_group_condition,
-			transaction_type=args.transaction_type, conditions=conditions), args, as_dict=1)
+			transaction_type=args.transaction_type, conditions=conditions), args, as_dict=1, debug=1)
 
 def filter_pricing_rules(args, pricing_rules):
 	# filter for qty