fix: Procurement Tracker report not working

commit: 07f33128049d29e7a7d4e3846df87a272d25b7a3 [log] [tgz]
author: Rohit Waghchaure <rohitw1991@gmail.com> Thu Feb 06 14:34:11 2020 +0530
committer: Rohit Waghchaure <rohitw1991@gmail.com> Thu Feb 06 14:34:11 2020 +0530
tree: 7548b50118993d23cc5c137669cde1e11fda866c
parent: d64135b2d2bc5bb9020fe7ccdd2b784a5f9bcfd0 [diff]
diff --git a/erpnext/buying/report/procurement_tracker/procurement_tracker.py b/erpnext/buying/report/procurement_tracker/procurement_tracker.py
index 48295be..866bf0c 100644
--- a/erpnext/buying/report/procurement_tracker/procurement_tracker.py
+++ b/erpnext/buying/report/procurement_tracker/procurement_tracker.py

@@ -141,13 +141,13 @@
 	conditions = ""
 
 	if filters.get("company"):
-		conditions += " AND company='%s'"% filters.get('company')
+		conditions += " AND company=%s"% frappe.db.escape(filters.get('company'))
 
 	if filters.get("cost_center") or filters.get("project"):
 		conditions += """
-			AND (cost_center='%s'
-			OR project='%s')
-			"""% (filters.get('cost_center'), filters.get('project'))
+			AND (cost_center=%s
+			OR project=%s)
+			"""% (frappe.db.escape(filters.get('cost_center')), frappe.db.escape(filters.get('project')))
 
 	if filters.get("from_date"):
 		conditions += " AND transaction_date>=%s"% filters.get('from_date')
commit	07f33128049d29e7a7d4e3846df87a272d25b7a3	[log] [tgz]
author	Rohit Waghchaure <rohitw1991@gmail.com>	Thu Feb 06 14:34:11 2020 +0530
committer	Rohit Waghchaure <rohitw1991@gmail.com>	Thu Feb 06 14:34:11 2020 +0530
tree	7548b50118993d23cc5c137669cde1e11fda866c
parent	d64135b2d2bc5bb9020fe7ccdd2b784a5f9bcfd0 [diff]