fix: Improper escaping (#20248)
* fix: Improper escaping
issue was introduced in https://github.com/frappe/erpnext/pull/20202
* fix: missing closing parentheses
* style: trim unwanted spaces
Co-authored-by: Pranav Nachnekar <prnvnachnekar@gmail.com>
diff --git a/erpnext/setup/doctype/authorization_control/authorization_control.py b/erpnext/setup/doctype/authorization_control/authorization_control.py
index 0c52b83..fec5c7c 100644
--- a/erpnext/setup/doctype/authorization_control/authorization_control.py
+++ b/erpnext/setup/doctype/authorization_control/authorization_control.py
@@ -76,7 +76,7 @@
add_cond = ''
auth_value = av_dis
- if val == 1: add_cond += " and system_user = '"+ frappe.db.escape(session['user'])+"'"
+ if val == 1: add_cond += " and system_user = {}".format(frappe.db.escape(session['user']))
elif val == 2: add_cond += " and system_role IN %s" % ("('"+"','".join(frappe.get_roles())+"')")
else: add_cond += " and ifnull(system_user,'') = '' and ifnull(system_role,'') = ''"
@@ -85,7 +85,7 @@
if doc_obj:
if doc_obj.doctype == 'Sales Invoice': customer = doc_obj.customer
else: customer = doc_obj.customer_name
- add_cond = " and master_name = '"+ frappe.db.escape(customer) +"'"
+ add_cond = " and master_name = {}".format(frappe.db.escape(customer))
if based_on == 'Itemwise Discount':
if doc_obj:
for t in doc_obj.get("items"):