Merge pull request #3523 from nabinhait/develop Multiple fixes

commit: 2f11a3bdaf9e940a91cde81e6909977d93d980e5 [log] [tgz]
author: Nabin Hait <nabinhait@gmail.com> Sat Jun 27 13:07:44 2015 +0530
committer: Nabin Hait <nabinhait@gmail.com> Sat Jun 27 13:07:44 2015 +0530
tree: e93c1df6a51bc0dcd341876b9f10f975482e46a4
parent: 943dc1f59ca8f5e5d8662d7555b9eaee203a081b [diff]
parent: 93cdee45032bfbcad0b2d4ac9118b6a60dcf0bcd [diff]
diff --git a/erpnext/accounts/doctype/purchase_invoice/purchase_invoice.py b/erpnext/accounts/doctype/purchase_invoice/purchase_invoice.py
index 3f34020..660b221 100644
--- a/erpnext/accounts/doctype/purchase_invoice/purchase_invoice.py
+++ b/erpnext/accounts/doctype/purchase_invoice/purchase_invoice.py

@@ -410,4 +410,4 @@
 				and tabAccount.company = '%(company)s'
 				and tabAccount.%(key)s LIKE '%(txt)s'
 				%(mcond)s""" % {'company': filters['company'], 'key': searchfield,
-			'txt': "%%%s%%" % txt, 'mcond':get_match_cond(doctype)})
+			'txt': "%%%s%%" % frappe.db.escape(txt), 'mcond':get_match_cond(doctype)})

diff --git a/erpnext/accounts/doctype/sales_invoice/pos.py b/erpnext/accounts/doctype/sales_invoice/pos.py
index 7d5613d..2c5bb12 100644
--- a/erpnext/accounts/doctype/sales_invoice/pos.py
+++ b/erpnext/accounts/doctype/sales_invoice/pos.py

@@ -36,7 +36,7 @@
 			if(locate(%(_name)s, i.item_name), locate(%(_name)s, i.item_name), 99999),
 			if(locate(%(_name)s, i.variant_of), locate(%(_name)s, i.variant_of), 99999),
 			if(locate(%(_name)s, i.item_group), locate(%(_name)s, i.item_group), 99999),"""
-		args["name"] = "%%%s%%" % item
+		args["name"] = "%%%s%%" % frappe.db.escape(item)
 		args["_name"] = item.replace("%", "")
 
 	# locate function is used to sort by closest match from the beginning of the value

diff --git a/erpnext/accounts/doctype/sales_invoice/sales_invoice.py b/erpnext/accounts/doctype/sales_invoice/sales_invoice.py
index abe58ce..87f723d 100644
--- a/erpnext/accounts/doctype/sales_invoice/sales_invoice.py
+++ b/erpnext/accounts/doctype/sales_invoice/sales_invoice.py

@@ -611,7 +611,7 @@
 				and tabAccount.company = '%(company)s'
 				and tabAccount.%(key)s LIKE '%(txt)s'
 				%(mcond)s""" % {'company': filters['company'], 'key': searchfield,
-			'txt': "%%%s%%" % txt, 'mcond':get_match_cond(doctype)})
+			'txt': "%%%s%%" % frappe.db.escape(txt), 'mcond':get_match_cond(doctype)})
 
 @frappe.whitelist()
 def make_delivery_note(source_name, target_doc=None):

diff --git a/erpnext/controllers/queries.py b/erpnext/controllers/queries.py
index 898dd23..4f35fea 100644
--- a/erpnext/controllers/queries.py
+++ b/erpnext/controllers/queries.py

@@ -194,7 +194,7 @@
 			and tabBOM.is_active=1
 			and tabBOM.%(key)s like "%(txt)s"
 			%(fcond)s  %(mcond)s
-		limit %(start)s, %(page_len)s """ %  {'key': searchfield, 'txt': "%%%s%%" % txt,
+		limit %(start)s, %(page_len)s """ %  {'key': searchfield, 'txt': "%%%s%%" % frappe.db.escape(txt),
 		'fcond': get_filters_cond(doctype, filters, conditions),
 		'mcond':get_match_cond(doctype), 'start': start, 'page_len': page_len})
 
@@ -207,7 +207,7 @@
 		where `tabProject`.status not in ("Completed", "Cancelled")
 			and %(cond)s `tabProject`.name like "%(txt)s" %(mcond)s
 		order by `tabProject`.name asc
-		limit %(start)s, %(page_len)s """ % {'cond': cond,'txt': "%%%s%%" % txt,
+		limit %(start)s, %(page_len)s """ % {'cond': cond,'txt': "%%%s%%" % frappe.db.escape(txt),
 		'mcond':get_match_cond(doctype),'start': start, 'page_len': page_len})
 
 def get_delivery_notes_to_be_billed(doctype, txt, searchfield, start, page_len, filters):

diff --git a/erpnext/manufacturing/doctype/bom/bom.json b/erpnext/manufacturing/doctype/bom/bom.json
index 239df47..67e2b78 100644
--- a/erpnext/manufacturing/doctype/bom/bom.json
+++ b/erpnext/manufacturing/doctype/bom/bom.json

@@ -12,7 +12,7 @@
    "fieldname": "item", 
    "fieldtype": "Link", 
    "in_filter": 1, 
-   "in_list_view": 0, 
+   "in_list_view": 1, 
    "label": "Item", 
    "oldfieldname": "item", 
    "oldfieldtype": "Link", 
@@ -54,7 +54,7 @@
    "fieldname": "is_active", 
    "fieldtype": "Check", 
    "hidden": 0, 
-   "in_list_view": 0, 
+   "in_list_view": 1, 
    "label": "Is Active", 
    "no_copy": 1, 
    "oldfieldname": "is_active", 
@@ -67,7 +67,7 @@
    "default": "1", 
    "fieldname": "is_default", 
    "fieldtype": "Check", 
-   "in_list_view": 0, 
+   "in_list_view": 1, 
    "label": "Is Default", 
    "no_copy": 1, 
    "oldfieldname": "is_default", 
@@ -279,7 +279,7 @@
  "is_submittable": 1, 
  "issingle": 0, 
  "istable": 0, 
- "modified": "2015-03-03 14:22:44.725097", 
+ "modified": "2015-06-26 02:02:30.705279", 
  "modified_by": "Administrator", 
  "module": "Manufacturing", 
  "name": "BOM", 

diff --git a/erpnext/projects/doctype/task/task.py b/erpnext/projects/doctype/task/task.py
index 42717fd..f5541cc 100644
--- a/erpnext/projects/doctype/task/task.py
+++ b/erpnext/projects/doctype/task/task.py

@@ -141,7 +141,7 @@
 				%(mcond)s
 			order by name
 			limit %(start)s, %(page_len)s """ % {'key': searchfield,
-			'txt': "%%%s%%" % txt, 'mcond':get_match_cond(doctype),
+			'txt': "%%%s%%" % frappe.db.escape(txt), 'mcond':get_match_cond(doctype),
 			'start': start, 'page_len': page_len})
 
 

diff --git a/erpnext/stock/doctype/item/item.json b/erpnext/stock/doctype/item/item.json
index 6659da5..8b10319 100644
--- a/erpnext/stock/doctype/item/item.json
+++ b/erpnext/stock/doctype/item/item.json

@@ -707,7 +707,7 @@
    "fieldtype": "Link", 
    "ignore_user_permissions": 1, 
    "label": "Default BOM", 
-   "no_copy": 0, 
+   "no_copy": 1, 
    "oldfieldname": "default_bom", 
    "oldfieldtype": "Link", 
    "options": "BOM", 
@@ -879,7 +879,7 @@
  "icon": "icon-tag", 
  "idx": 1, 
  "max_attachments": 1, 
- "modified": "2015-05-22 02:16:57.435105", 
+ "modified": "2015-06-26 17:20:18.204558", 
  "modified_by": "Administrator", 
  "module": "Stock", 
  "name": "Item", 

diff --git a/erpnext/stock/doctype/serial_no/serial_no.py b/erpnext/stock/doctype/serial_no/serial_no.py
index 0b0246e..bac5441 100644
--- a/erpnext/stock/doctype/serial_no/serial_no.py
+++ b/erpnext/stock/doctype/serial_no/serial_no.py

@@ -180,7 +180,7 @@
 			where fieldname='serial_no' and fieldtype='Text'"""):
 
 			for item in frappe.db.sql("""select name, serial_no from `tab%s`
-				where serial_no like '%%%s%%'""" % (dt[0], old)):
+				where serial_no like '%%%s%%'""" % (dt[0], frappe.db.escape(old))):
 
 				serial_nos = map(lambda i: i==old and new or i, item[1].split('\n'))
 				frappe.db.sql("""update `tab%s` set serial_no = %s

diff --git a/erpnext/templates/includes/issue_row.html b/erpnext/templates/includes/issue_row.html
index 30b2ab0..16a8f7b 100644
--- a/erpnext/templates/includes/issue_row.html
+++ b/erpnext/templates/includes/issue_row.html

@@ -1,6 +1,6 @@
 <div class="web-list-item">
     <div class="row">
-        <div class="col-sm-8">
+        <div class="col-sm-6">
             <a class="no-decoration" href="/issues?name={{ doc.name }}" no-pjax>
                 {{ doc.subject }}
             </a>
@@ -9,6 +9,11 @@
             <span class="indicator {{ "red" if doc.status=="Open" else "blue" }}">
                 {{ doc.status }}</span>
         </div>
+        <div class="col-sm-2">
+            <a class="text-muted text-right" href="/issues?name={{ doc.name }}" no-pjax>
+                {{ doc.name }}
+            </a>
+        </div>
         <div class="col-sm-2 text-muted text-right small">
             {{ frappe.format_date(doc.creation) }}
         </div>
commit	2f11a3bdaf9e940a91cde81e6909977d93d980e5	[log] [tgz]
author	Nabin Hait <nabinhait@gmail.com>	Sat Jun 27 13:07:44 2015 +0530
committer	Nabin Hait <nabinhait@gmail.com>	Sat Jun 27 13:07:44 2015 +0530
tree	e93c1df6a51bc0dcd341876b9f10f975482e46a4
parent	943dc1f59ca8f5e5d8662d7555b9eaee203a081b [diff]
parent	93cdee45032bfbcad0b2d4ac9118b6a60dcf0bcd [diff]