diff --git a/erpnext/__version__.py b/erpnext/__version__.py index e6cafee3478..b0b41d353db 100644 --- a/erpnext/__version__.py +++ b/erpnext/__version__.py @@ -1,2 +1,2 @@ from __future__ import unicode_literals -__version__ = '5.0.28' +__version__ = '5.0.29' diff --git a/erpnext/accounts/doctype/purchase_invoice/purchase_invoice.py b/erpnext/accounts/doctype/purchase_invoice/purchase_invoice.py index 3f34020d122..660b221e7bd 100644 --- a/erpnext/accounts/doctype/purchase_invoice/purchase_invoice.py +++ b/erpnext/accounts/doctype/purchase_invoice/purchase_invoice.py @@ -410,4 +410,4 @@ def get_expense_account(doctype, txt, searchfield, start, page_len, filters): and tabAccount.company = '%(company)s' and tabAccount.%(key)s LIKE '%(txt)s' %(mcond)s""" % {'company': filters['company'], 'key': searchfield, - 'txt': "%%%s%%" % txt, 'mcond':get_match_cond(doctype)}) + 'txt': "%%%s%%" % frappe.db.escape(txt), 'mcond':get_match_cond(doctype)}) diff --git a/erpnext/accounts/doctype/sales_invoice/pos.py b/erpnext/accounts/doctype/sales_invoice/pos.py index 7d5613de273..2c5bb12fdb7 100644 --- a/erpnext/accounts/doctype/sales_invoice/pos.py +++ b/erpnext/accounts/doctype/sales_invoice/pos.py @@ -36,7 +36,7 @@ def get_items(price_list, sales_or_purchase, item=None): if(locate(%(_name)s, i.item_name), locate(%(_name)s, i.item_name), 99999), if(locate(%(_name)s, i.variant_of), locate(%(_name)s, i.variant_of), 99999), if(locate(%(_name)s, i.item_group), locate(%(_name)s, i.item_group), 99999),""" - args["name"] = "%%%s%%" % item + args["name"] = "%%%s%%" % frappe.db.escape(item) args["_name"] = item.replace("%", "") # locate function is used to sort by closest match from the beginning of the value diff --git a/erpnext/accounts/doctype/sales_invoice/sales_invoice.py b/erpnext/accounts/doctype/sales_invoice/sales_invoice.py index abe58cea85d..87f723d4f82 100644 --- a/erpnext/accounts/doctype/sales_invoice/sales_invoice.py +++ b/erpnext/accounts/doctype/sales_invoice/sales_invoice.py @@ -611,7 +611,7 @@ def get_income_account(doctype, txt, searchfield, start, page_len, filters): and tabAccount.company = '%(company)s' and tabAccount.%(key)s LIKE '%(txt)s' %(mcond)s""" % {'company': filters['company'], 'key': searchfield, - 'txt': "%%%s%%" % txt, 'mcond':get_match_cond(doctype)}) + 'txt': "%%%s%%" % frappe.db.escape(txt), 'mcond':get_match_cond(doctype)}) @frappe.whitelist() def make_delivery_note(source_name, target_doc=None): diff --git a/erpnext/controllers/queries.py b/erpnext/controllers/queries.py index 898dd23b342..4f35fea38a1 100644 --- a/erpnext/controllers/queries.py +++ b/erpnext/controllers/queries.py @@ -194,7 +194,7 @@ def bom(doctype, txt, searchfield, start, page_len, filters): and tabBOM.is_active=1 and tabBOM.%(key)s like "%(txt)s" %(fcond)s %(mcond)s - limit %(start)s, %(page_len)s """ % {'key': searchfield, 'txt': "%%%s%%" % txt, + limit %(start)s, %(page_len)s """ % {'key': searchfield, 'txt': "%%%s%%" % frappe.db.escape(txt), 'fcond': get_filters_cond(doctype, filters, conditions), 'mcond':get_match_cond(doctype), 'start': start, 'page_len': page_len}) @@ -207,7 +207,7 @@ def get_project_name(doctype, txt, searchfield, start, page_len, filters): where `tabProject`.status not in ("Completed", "Cancelled") and %(cond)s `tabProject`.name like "%(txt)s" %(mcond)s order by `tabProject`.name asc - limit %(start)s, %(page_len)s """ % {'cond': cond,'txt': "%%%s%%" % txt, + limit %(start)s, %(page_len)s """ % {'cond': cond,'txt': "%%%s%%" % frappe.db.escape(txt), 'mcond':get_match_cond(doctype),'start': start, 'page_len': page_len}) def get_delivery_notes_to_be_billed(doctype, txt, searchfield, start, page_len, filters): diff --git a/erpnext/hooks.py b/erpnext/hooks.py index ec57c80d731..d9262d483cf 100644 --- a/erpnext/hooks.py +++ b/erpnext/hooks.py @@ -5,7 +5,7 @@ app_publisher = "Frappe Technologies Pvt. Ltd. and Contributors" app_description = "Open Source Enterprise Resource Planning for Small and Midsized Organizations" app_icon = "icon-th" app_color = "#e74c3c" -app_version = "5.0.28" +app_version = "5.0.29" error_report_email = "support@erpnext.com" diff --git a/erpnext/manufacturing/doctype/bom/bom.json b/erpnext/manufacturing/doctype/bom/bom.json index 239df47d922..67e2b78bbb4 100644 --- a/erpnext/manufacturing/doctype/bom/bom.json +++ b/erpnext/manufacturing/doctype/bom/bom.json @@ -12,7 +12,7 @@ "fieldname": "item", "fieldtype": "Link", "in_filter": 1, - "in_list_view": 0, + "in_list_view": 1, "label": "Item", "oldfieldname": "item", "oldfieldtype": "Link", @@ -54,7 +54,7 @@ "fieldname": "is_active", "fieldtype": "Check", "hidden": 0, - "in_list_view": 0, + "in_list_view": 1, "label": "Is Active", "no_copy": 1, "oldfieldname": "is_active", @@ -67,7 +67,7 @@ "default": "1", "fieldname": "is_default", "fieldtype": "Check", - "in_list_view": 0, + "in_list_view": 1, "label": "Is Default", "no_copy": 1, "oldfieldname": "is_default", @@ -279,7 +279,7 @@ "is_submittable": 1, "issingle": 0, "istable": 0, - "modified": "2015-03-03 14:22:44.725097", + "modified": "2015-06-26 02:02:30.705279", "modified_by": "Administrator", "module": "Manufacturing", "name": "BOM", diff --git a/erpnext/projects/doctype/task/task.py b/erpnext/projects/doctype/task/task.py index 42717fd9e3b..f5541cc0e5e 100644 --- a/erpnext/projects/doctype/task/task.py +++ b/erpnext/projects/doctype/task/task.py @@ -141,7 +141,7 @@ def get_project(doctype, txt, searchfield, start, page_len, filters): %(mcond)s order by name limit %(start)s, %(page_len)s """ % {'key': searchfield, - 'txt': "%%%s%%" % txt, 'mcond':get_match_cond(doctype), + 'txt': "%%%s%%" % frappe.db.escape(txt), 'mcond':get_match_cond(doctype), 'start': start, 'page_len': page_len}) diff --git a/erpnext/stock/doctype/item/item.json b/erpnext/stock/doctype/item/item.json index 6659da58a04..8b10319f86e 100644 --- a/erpnext/stock/doctype/item/item.json +++ b/erpnext/stock/doctype/item/item.json @@ -707,7 +707,7 @@ "fieldtype": "Link", "ignore_user_permissions": 1, "label": "Default BOM", - "no_copy": 0, + "no_copy": 1, "oldfieldname": "default_bom", "oldfieldtype": "Link", "options": "BOM", @@ -879,7 +879,7 @@ "icon": "icon-tag", "idx": 1, "max_attachments": 1, - "modified": "2015-05-22 02:16:57.435105", + "modified": "2015-06-26 17:20:18.204558", "modified_by": "Administrator", "module": "Stock", "name": "Item", diff --git a/erpnext/stock/doctype/serial_no/serial_no.py b/erpnext/stock/doctype/serial_no/serial_no.py index 0b0246eae45..bac544194aa 100644 --- a/erpnext/stock/doctype/serial_no/serial_no.py +++ b/erpnext/stock/doctype/serial_no/serial_no.py @@ -180,7 +180,7 @@ class SerialNo(StockController): where fieldname='serial_no' and fieldtype='Text'"""): for item in frappe.db.sql("""select name, serial_no from `tab%s` - where serial_no like '%%%s%%'""" % (dt[0], old)): + where serial_no like '%%%s%%'""" % (dt[0], frappe.db.escape(old))): serial_nos = map(lambda i: i==old and new or i, item[1].split('\n')) frappe.db.sql("""update `tab%s` set serial_no = %s diff --git a/erpnext/templates/includes/issue_row.html b/erpnext/templates/includes/issue_row.html index 30b2ab07232..16a8f7b7b7a 100644 --- a/erpnext/templates/includes/issue_row.html +++ b/erpnext/templates/includes/issue_row.html @@ -1,6 +1,6 @@
-
+
{{ doc.subject }} @@ -9,6 +9,11 @@ {{ doc.status }}
+
+ + {{ doc.name }} + +
{{ frappe.format_date(doc.creation) }}
diff --git a/setup.py b/setup.py index f30f3e7fd7c..ea74fa83051 100644 --- a/setup.py +++ b/setup.py @@ -1,6 +1,6 @@ from setuptools import setup, find_packages -version = "5.0.28" +version = "5.0.29" with open("requirements.txt", "r") as f: install_requires = f.readlines()