From 8ad0b4e0b98bfde13e4edc5540ae8bc6fef2341a Mon Sep 17 00:00:00 2001 From: Nabin Hait Date: Fri, 26 Jun 2015 14:41:24 +0530 Subject: [PATCH 1/4] Show Issue id in list view from customer login --- erpnext/templates/includes/issue_row.html | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/erpnext/templates/includes/issue_row.html b/erpnext/templates/includes/issue_row.html index 30b2ab07232..16a8f7b7b7a 100644 --- a/erpnext/templates/includes/issue_row.html +++ b/erpnext/templates/includes/issue_row.html @@ -1,6 +1,6 @@
-
+
{{ doc.subject }} @@ -9,6 +9,11 @@ {{ doc.status }}
+
+ + {{ doc.name }} + +
{{ frappe.format_date(doc.creation) }}
From dfac6848cc0d09f4a32e48997b06d219def8648f Mon Sep 17 00:00:00 2001 From: Nabin Hait Date: Fri, 26 Jun 2015 14:42:38 +0530 Subject: [PATCH 2/4] In list view property added in BOM --- erpnext/manufacturing/doctype/bom/bom.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/erpnext/manufacturing/doctype/bom/bom.json b/erpnext/manufacturing/doctype/bom/bom.json index 239df47d922..67e2b78bbb4 100644 --- a/erpnext/manufacturing/doctype/bom/bom.json +++ b/erpnext/manufacturing/doctype/bom/bom.json @@ -12,7 +12,7 @@ "fieldname": "item", "fieldtype": "Link", "in_filter": 1, - "in_list_view": 0, + "in_list_view": 1, "label": "Item", "oldfieldname": "item", "oldfieldtype": "Link", @@ -54,7 +54,7 @@ "fieldname": "is_active", "fieldtype": "Check", "hidden": 0, - "in_list_view": 0, + "in_list_view": 1, "label": "Is Active", "no_copy": 1, "oldfieldname": "is_active", @@ -67,7 +67,7 @@ "default": "1", "fieldname": "is_default", "fieldtype": "Check", - "in_list_view": 0, + "in_list_view": 1, "label": "Is Default", "no_copy": 1, "oldfieldname": "is_default", @@ -279,7 +279,7 @@ "is_submittable": 1, "issingle": 0, "istable": 0, - "modified": "2015-03-03 14:22:44.725097", + "modified": "2015-06-26 02:02:30.705279", "modified_by": "Administrator", "module": "Manufacturing", "name": "BOM", From 93cdee45032bfbcad0b2d4ac9118b6a60dcf0bcd Mon Sep 17 00:00:00 2001 From: Nabin Hait Date: Sat, 27 Jun 2015 12:51:00 +0530 Subject: [PATCH 3/4] [fix] Escape values in queries --- erpnext/accounts/doctype/purchase_invoice/purchase_invoice.py | 2 +- erpnext/accounts/doctype/sales_invoice/pos.py | 2 +- erpnext/accounts/doctype/sales_invoice/sales_invoice.py | 2 +- erpnext/controllers/queries.py | 4 ++-- erpnext/projects/doctype/task/task.py | 2 +- erpnext/stock/doctype/item/item.json | 4 ++-- erpnext/stock/doctype/serial_no/serial_no.py | 2 +- 7 files changed, 9 insertions(+), 9 deletions(-) diff --git a/erpnext/accounts/doctype/purchase_invoice/purchase_invoice.py b/erpnext/accounts/doctype/purchase_invoice/purchase_invoice.py index 3f34020d122..660b221e7bd 100644 --- a/erpnext/accounts/doctype/purchase_invoice/purchase_invoice.py +++ b/erpnext/accounts/doctype/purchase_invoice/purchase_invoice.py @@ -410,4 +410,4 @@ def get_expense_account(doctype, txt, searchfield, start, page_len, filters): and tabAccount.company = '%(company)s' and tabAccount.%(key)s LIKE '%(txt)s' %(mcond)s""" % {'company': filters['company'], 'key': searchfield, - 'txt': "%%%s%%" % txt, 'mcond':get_match_cond(doctype)}) + 'txt': "%%%s%%" % frappe.db.escape(txt), 'mcond':get_match_cond(doctype)}) diff --git a/erpnext/accounts/doctype/sales_invoice/pos.py b/erpnext/accounts/doctype/sales_invoice/pos.py index 7d5613de273..2c5bb12fdb7 100644 --- a/erpnext/accounts/doctype/sales_invoice/pos.py +++ b/erpnext/accounts/doctype/sales_invoice/pos.py @@ -36,7 +36,7 @@ def get_items(price_list, sales_or_purchase, item=None): if(locate(%(_name)s, i.item_name), locate(%(_name)s, i.item_name), 99999), if(locate(%(_name)s, i.variant_of), locate(%(_name)s, i.variant_of), 99999), if(locate(%(_name)s, i.item_group), locate(%(_name)s, i.item_group), 99999),""" - args["name"] = "%%%s%%" % item + args["name"] = "%%%s%%" % frappe.db.escape(item) args["_name"] = item.replace("%", "") # locate function is used to sort by closest match from the beginning of the value diff --git a/erpnext/accounts/doctype/sales_invoice/sales_invoice.py b/erpnext/accounts/doctype/sales_invoice/sales_invoice.py index abe58cea85d..87f723d4f82 100644 --- a/erpnext/accounts/doctype/sales_invoice/sales_invoice.py +++ b/erpnext/accounts/doctype/sales_invoice/sales_invoice.py @@ -611,7 +611,7 @@ def get_income_account(doctype, txt, searchfield, start, page_len, filters): and tabAccount.company = '%(company)s' and tabAccount.%(key)s LIKE '%(txt)s' %(mcond)s""" % {'company': filters['company'], 'key': searchfield, - 'txt': "%%%s%%" % txt, 'mcond':get_match_cond(doctype)}) + 'txt': "%%%s%%" % frappe.db.escape(txt), 'mcond':get_match_cond(doctype)}) @frappe.whitelist() def make_delivery_note(source_name, target_doc=None): diff --git a/erpnext/controllers/queries.py b/erpnext/controllers/queries.py index 898dd23b342..4f35fea38a1 100644 --- a/erpnext/controllers/queries.py +++ b/erpnext/controllers/queries.py @@ -194,7 +194,7 @@ def bom(doctype, txt, searchfield, start, page_len, filters): and tabBOM.is_active=1 and tabBOM.%(key)s like "%(txt)s" %(fcond)s %(mcond)s - limit %(start)s, %(page_len)s """ % {'key': searchfield, 'txt': "%%%s%%" % txt, + limit %(start)s, %(page_len)s """ % {'key': searchfield, 'txt': "%%%s%%" % frappe.db.escape(txt), 'fcond': get_filters_cond(doctype, filters, conditions), 'mcond':get_match_cond(doctype), 'start': start, 'page_len': page_len}) @@ -207,7 +207,7 @@ def get_project_name(doctype, txt, searchfield, start, page_len, filters): where `tabProject`.status not in ("Completed", "Cancelled") and %(cond)s `tabProject`.name like "%(txt)s" %(mcond)s order by `tabProject`.name asc - limit %(start)s, %(page_len)s """ % {'cond': cond,'txt': "%%%s%%" % txt, + limit %(start)s, %(page_len)s """ % {'cond': cond,'txt': "%%%s%%" % frappe.db.escape(txt), 'mcond':get_match_cond(doctype),'start': start, 'page_len': page_len}) def get_delivery_notes_to_be_billed(doctype, txt, searchfield, start, page_len, filters): diff --git a/erpnext/projects/doctype/task/task.py b/erpnext/projects/doctype/task/task.py index 42717fd9e3b..f5541cc0e5e 100644 --- a/erpnext/projects/doctype/task/task.py +++ b/erpnext/projects/doctype/task/task.py @@ -141,7 +141,7 @@ def get_project(doctype, txt, searchfield, start, page_len, filters): %(mcond)s order by name limit %(start)s, %(page_len)s """ % {'key': searchfield, - 'txt': "%%%s%%" % txt, 'mcond':get_match_cond(doctype), + 'txt': "%%%s%%" % frappe.db.escape(txt), 'mcond':get_match_cond(doctype), 'start': start, 'page_len': page_len}) diff --git a/erpnext/stock/doctype/item/item.json b/erpnext/stock/doctype/item/item.json index 6659da58a04..8b10319f86e 100644 --- a/erpnext/stock/doctype/item/item.json +++ b/erpnext/stock/doctype/item/item.json @@ -707,7 +707,7 @@ "fieldtype": "Link", "ignore_user_permissions": 1, "label": "Default BOM", - "no_copy": 0, + "no_copy": 1, "oldfieldname": "default_bom", "oldfieldtype": "Link", "options": "BOM", @@ -879,7 +879,7 @@ "icon": "icon-tag", "idx": 1, "max_attachments": 1, - "modified": "2015-05-22 02:16:57.435105", + "modified": "2015-06-26 17:20:18.204558", "modified_by": "Administrator", "module": "Stock", "name": "Item", diff --git a/erpnext/stock/doctype/serial_no/serial_no.py b/erpnext/stock/doctype/serial_no/serial_no.py index 0b0246eae45..bac544194aa 100644 --- a/erpnext/stock/doctype/serial_no/serial_no.py +++ b/erpnext/stock/doctype/serial_no/serial_no.py @@ -180,7 +180,7 @@ class SerialNo(StockController): where fieldname='serial_no' and fieldtype='Text'"""): for item in frappe.db.sql("""select name, serial_no from `tab%s` - where serial_no like '%%%s%%'""" % (dt[0], old)): + where serial_no like '%%%s%%'""" % (dt[0], frappe.db.escape(old))): serial_nos = map(lambda i: i==old and new or i, item[1].split('\n')) frappe.db.sql("""update `tab%s` set serial_no = %s From 64ca52fb77a3b884d943f081c934b2036844229e Mon Sep 17 00:00:00 2001 From: Nabin Hait Date: Sat, 27 Jun 2015 13:39:05 +0600 Subject: [PATCH 4/4] bumped to version 5.0.29 --- erpnext/__version__.py | 2 +- erpnext/hooks.py | 2 +- setup.py | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/erpnext/__version__.py b/erpnext/__version__.py index e6cafee3478..b0b41d353db 100644 --- a/erpnext/__version__.py +++ b/erpnext/__version__.py @@ -1,2 +1,2 @@ from __future__ import unicode_literals -__version__ = '5.0.28' +__version__ = '5.0.29' diff --git a/erpnext/hooks.py b/erpnext/hooks.py index ec57c80d731..d9262d483cf 100644 --- a/erpnext/hooks.py +++ b/erpnext/hooks.py @@ -5,7 +5,7 @@ app_publisher = "Frappe Technologies Pvt. Ltd. and Contributors" app_description = "Open Source Enterprise Resource Planning for Small and Midsized Organizations" app_icon = "icon-th" app_color = "#e74c3c" -app_version = "5.0.28" +app_version = "5.0.29" error_report_email = "support@erpnext.com" diff --git a/setup.py b/setup.py index f30f3e7fd7c..ea74fa83051 100644 --- a/setup.py +++ b/setup.py @@ -1,6 +1,6 @@ from setuptools import setup, find_packages -version = "5.0.28" +version = "5.0.29" with open("requirements.txt", "r") as f: install_requires = f.readlines()