[Fix] Patch broken if serial no has single quote (#10262)

2026-06-02 19:59:12 +00:00 · 2017-08-03 17:38:03 +05:30
parent ee5ff805e9
commit 046e1a6e28
1 changed files with 2 additions and 2 deletions
--- a/erpnext/patches/v8_0/set_sales_invoice_serial_number_from_delivery_note.py
+++ b/erpnext/patches/v8_0/set_sales_invoice_serial_number_from_delivery_note.py
@@ -26,7 +26,7 @@ def execute():
 		if not sales_invoice or not serial_nos:
 			continue
-		serial_nos = ["'%s'"%no for no in serial_nos.split("\n")]
+		serial_nos = ["'%s'"%frappe.db.escape(no) for no in serial_nos.split("\n")]
 		frappe.db.sql("""
 			UPDATE 
@@ -36,7 +36,7 @@ def execute():
 			WHERE
 				name in ({serial_nos})
 			""".format(
-				sales_invoice=sales_invoice,
+				sales_invoice=frappe.db.escape(sales_invoice),
 				serial_nos=",".join(serial_nos)
 			)
 		)