nsinnovations/erpnext
2
0
Fork 0
mirror of https://github.com/frappe/erpnext.git synced 2026-05-07 15:25:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: using query.walk() for escaping

Browse Source 
(cherry picked from commit 5ea131c763)
This commit is contained in:
ljain112
2024-12-17 18:49:38 +05:30
committed by Mergify
parent 8a9c457d37
commit 3a7e335d4b
1 changed files with 2 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
erpnext/accounts/report/financial_statements.py
View File

@@ -526,8 +526,6 @@ def get_accounting_entries(
query = apply_additional_conditions(doctype, query, from_date, ignore_closing_entries, filters) query = apply_additional_conditions(doctype, query, from_date, ignore_closing_entries, filters)
query = query.where(gl_entry.account.isin(accounts)) query = query.where(gl_entry.account.isin(accounts))
query = query.get_sql()
from frappe.desk.reportview import build_match_conditions from frappe.desk.reportview import build_match_conditions
match_conditions = build_match_conditions(doctype) match_conditions = build_match_conditions(doctype)
@@ -535,9 +533,9 @@ def get_accounting_entries(
if match_conditions: if match_conditions:
query += "and" + match_conditions query += "and" + match_conditions
entries = frappe.db.sql(query, as_dict=True) query, params = query.walk()
return entries return frappe.db.sql(query, params, as_dict=True)
def apply_additional_conditions(doctype, query, from_date, ignore_closing_entries, filters): def apply_additional_conditions(doctype, query, from_date, ignore_closing_entries, filters):