nsinnovations/erpnext
2
0
Fork 0
mirror of https://github.com/frappe/erpnext.git synced 2026-05-04 22:18:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

[fix] Escape values in queries

Browse Source
This commit is contained in:
Nabin Hait
2015-06-27 12:51:00 +05:30
parent dfac6848cc
commit 93cdee4503
7 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
erpnext/projects/doctype/task/task.py
View File

@@ -141,7 +141,7 @@ def get_project(doctype, txt, searchfield, start, page_len, filters):
%(mcond)s
order by name
limit %(start)s, %(page_len)s """ % {'key': searchfield,
'txt': "%%%s%%" % txt, 'mcond':get_match_cond(doctype),
'txt': "%%%s%%" % frappe.db.escape(txt), 'mcond':get_match_cond(doctype),
'start': start, 'page_len': page_len})