nsinnovations/erpnext
2
0
Fork 0
mirror of https://github.com/frappe/erpnext.git synced 2026-05-26 16:34:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: sql injection (#20817)

Browse Source
This commit is contained in:
Don-Leopardo
2020-03-16 14:05:01 -03:00
committed by GitHub
parent d2a2837034
commit 0dcd5a0f34
4 changed files with 16 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
erpnext/regional/india/utils.py
View File

@@ -464,7 +464,7 @@ def get_gstins_for_company(company):
`tabDynamic Link`.parent = `tabAddress`.name and
`tabDynamic Link`.parenttype = 'Address' and
`tabDynamic Link`.link_doctype = 'Company' and
`tabDynamic Link`.link_name = '{0}'""".format(company))
`tabDynamic Link`.link_name = %(company)s""", {"company": company})
return company_gstins
def get_address_details(data, doc, company_address, billing_address):