Gitiles
Code Review Sign In
git.clicks.codes / Clicks / Forks / ERPNext / 1a99cb8bfe08f2c9997d7f2b45008787d7c5325c^! / .
commit1a99cb8bfe08f2c9997d7f2b45008787d7c5325c[log] [tgz]
authorNabin Hait <nabinhait@gmail.com>Fri Feb 19 12:45:57 2016 +0530
committerNabin Hait <nabinhait@gmail.com>Fri Feb 19 12:45:57 2016 +0530
treed18ed9fc7db6e0f34cb9617ab39f26cb51fc6dec
parent6e8eaf097aa43936e1cf31bf6f2ee2de41b75d6e [diff]
[fix] Escaping strings with percentage

diff --git a/erpnext/accounts/utils.py b/erpnext/accounts/utils.py
index 6f02a54..d59b179 100644
--- a/erpnext/accounts/utils.py
+++ b/erpnext/accounts/utils.py

@@ -105,11 +105,11 @@
 			if acc.account_currency == frappe.db.get_value("Company", acc.company, "default_currency"):
 				in_account_currency = False
 		else:
-			cond.append("""gle.account = "%s" """ % (frappe.db.escape(account), ))
-
+			cond.append("""gle.account = "%s" """ % (frappe.db.escape(account, percent=False), ))
+	
 	if party_type and party:
 		cond.append("""gle.party_type = "%s" and gle.party = "%s" """ %
-			(frappe.db.escape(party_type), frappe.db.escape(party)))
+			(frappe.db.escape(party_type), frappe.db.escape(party, percent=False)))
 
 	if account or (party_type and party):
 		if in_account_currency:

diff --git a/erpnext/manufacturing/doctype/bom/bom.py b/erpnext/manufacturing/doctype/bom/bom.py
index 6cfbc99..349c778 100644
--- a/erpnext/manufacturing/doctype/bom/bom.py
+++ b/erpnext/manufacturing/doctype/bom/bom.py

@@ -12,7 +12,8 @@
 class BOM(Document):
 	def autoname(self):
 		last_name = frappe.db.sql("""select max(name) from `tabBOM`
-			where name like "BOM/{0}/%%" and item=%s""".format(frappe.db.escape(self.item)), self.item)
+			where name like "BOM/{0}/%%" and item=%s
+		""".format(frappe.db.escape(self.item, percent=False)), self.item)
 		if last_name:
 			idx = cint(cstr(last_name[0][0]).split('/')[-1].split('-')[0]) + 1
 		else:

diff --git a/erpnext/stock/report/stock_balance/stock_balance.py b/erpnext/stock/report/stock_balance/stock_balance.py
index 0a9abc2..7dd728f 100644
--- a/erpnext/stock/report/stock_balance/stock_balance.py
+++ b/erpnext/stock/report/stock_balance/stock_balance.py

@@ -66,7 +66,7 @@
 		frappe.throw(_("'To Date' is required"))
 
 	if filters.get("item_code"):
-		conditions += " and item_code = '%s'" % frappe.db.escape(filters.get("item_code"))
+		conditions += " and item_code = '%s'" % frappe.db.escape(filters.get("item_code"), percent=False)
 
 	return conditions
 

diff --git a/erpnext/stock/report/stock_projected_qty/stock_projected_qty.py b/erpnext/stock/report/stock_projected_qty/stock_projected_qty.py
index fd9ff5d..dbbcb38 100644
--- a/erpnext/stock/report/stock_projected_qty/stock_projected_qty.py
+++ b/erpnext/stock/report/stock_projected_qty/stock_projected_qty.py

@@ -73,7 +73,7 @@
 
 	condition = ""
 	if item_code:
-		condition = 'and item_code = "{0}"'.format(frappe.db.escape(item_code))
+		condition = 'and item_code = "{0}"'.format(frappe.db.escape(item_code, percent=False))
 
 	items = frappe.db.sql("""select * from `tabItem` item
 		where is_stock_item = 1
@@ -85,7 +85,7 @@
 
 	condition = ""
 	if item_code:
-		condition = 'where parent="{0}"'.format(frappe.db.escape(item_code))
+		condition = 'where parent="{0}"'.format(frappe.db.escape(item_code, percent=False))
 
 	reorder_levels = frappe._dict()
 	for ir in frappe.db.sql("""select * from `tabItem Reorder` {condition}""".format(condition=condition), as_dict=1):