fix: Ignore sql injections

2019-04-22 21:08:29 +05:30 · 2019-04-22 21:08:29 +05:30 · e3ea806390
commit e3ea806390
parent d5e7bf8f0f
1 changed files with 1 additions and 1 deletions
--- a/erpnext/stock/report/inactive_items/inactive_items.py
+++ b/erpnext/stock/report/inactive_items/inactive_items.py
@ -117,7 +117,7 @@ def get_sales_details(filters):
 		DATEDIFF(CURDATE(), {date_field}) as days_since_last_order
 		from `tab{doctype}` s, `tab{doctype} Item` si
 		where s.name = si.parent and s.docstatus = 1
-		group by si.name order by days_since_last_order """
+		group by si.name order by days_since_last_order """ #nosec
 		.format(date_field = date_field, doctype = filters['based_on']), as_dict=1)

 	for d in sales_data: