fix: escaped warehouse value for sql query (bp #26049) Co-authored-by: Noah Jacob <noahjacobkurian@gmail.com>

commit: 584fe329000c56ee29e5a40c5d42980967c9c6c6 [log] [tgz]
author: Ankush <ankush@iwebnotes.com> Fri Jun 18 14:47:30 2021 +0530
committer: GitHub <noreply@github.com> Fri Jun 18 14:47:30 2021 +0530
tree: 4e3064058dcddbacf8a795a03bc08bc360685d77
parent: e43df63978943ca97707cdab738b15599a326c07 [diff] [blame]
diff --git a/erpnext/controllers/stock_controller.py b/erpnext/controllers/stock_controller.py
index 9c29b00..6a7c9e3 100644
--- a/erpnext/controllers/stock_controller.py
+++ b/erpnext/controllers/stock_controller.py

@@ -558,11 +558,8 @@
 	or_conditions = []
 	for warehouse, items in warehouse_items_map.items():
 		or_conditions.append(
-			"warehouse = '{}' and item_code in ({})".format(
-				warehouse,
-				", ".join(frappe.db.escape(item) for item in items)
-			)
-		)
+			f"""warehouse = {frappe.db.escape(warehouse)}
+				and item_code in ({', '.join(frappe.db.escape(item) for item in items)})""")
 
 	return frappe.db.sql("""
 		select name
commit	584fe329000c56ee29e5a40c5d42980967c9c6c6	[log] [tgz]
author	Ankush <ankush@iwebnotes.com>	Fri Jun 18 14:47:30 2021 +0530
committer	GitHub <noreply@github.com>	Fri Jun 18 14:47:30 2021 +0530
tree	4e3064058dcddbacf8a795a03bc08bc360685d77
parent	e43df63978943ca97707cdab738b15599a326c07 [diff] [blame]