From fe93ea56b612b22c69cc501bc94467a42dfe2b9c Mon Sep 17 00:00:00 2001
From: Nabin Hait <nabinhait@gmail.com>
Date: Fri, 16 Jan 2015 15:38:47 +0530
Subject: [PATCH] Minor fixes: escaped characters

---
 erpnext/utilities/doctype/note/note.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/erpnext/utilities/doctype/note/note.py b/erpnext/utilities/doctype/note/note.py
index 2db4137ddd..e076af4073 100644
--- a/erpnext/utilities/doctype/note/note.py
+++ b/erpnext/utilities/doctype/note/note.py
@@ -27,7 +27,7 @@ def get_permission_query_conditions(user):
 	return """(`tabNote`.public=1 or `tabNote`.owner="{user}" or exists (
 		select name from `tabNote User`
 			where `tabNote User`.parent=`tabNote`.name
-			and `tabNote User`.user="{user}"))""".format(user=user)
+			and `tabNote User`.user="{user}"))""".format(user=frappe,db.escape(user))
 
 def has_permission(doc, ptype, user):
 	if doc.public == 1 or user == "Administrator":