[fix] escape company filter (#9924)

commit: 7f95d587b2404a5f935e2ae5c536c5f7fad6c58a [log] [tgz]
author: Saurabh <saurabh6790@gmail.com> Tue Jul 18 16:09:34 2017 +0530
committer: Makarand Bauskar <mbauskar@gmail.com> Tue Jul 18 16:09:34 2017 +0530
tree: f955956ebb587c7b46152c26b0fad66c6022bda3
parent: 75b145fe2cf942c92768bc5c3d071b9ddd21aba3 [diff]
diff --git a/erpnext/setup/doctype/company/company.py b/erpnext/setup/doctype/company/company.py
index a11f3ac..c8a0507 100644
--- a/erpnext/setup/doctype/company/company.py
+++ b/erpnext/setup/doctype/company/company.py

@@ -339,7 +339,7 @@
 	'''Cache past year monthly sales of every company based on sales invoices'''
 	from frappe.utils.goal import get_monthly_results
 	import json
-	filter_str = 'company = "'+ company +'" and status != "Draft"'
+	filter_str = "company = '{0}' and status != 'Draft'".format(frappe.db.escape(company))
 	month_to_value_dict = get_monthly_results("Sales Invoice", "grand_total", "posting_date", filter_str, "sum")
 
 	frappe.db.sql(('''
commit	7f95d587b2404a5f935e2ae5c536c5f7fad6c58a	[log] [tgz]
author	Saurabh <saurabh6790@gmail.com>	Tue Jul 18 16:09:34 2017 +0530
committer	Makarand Bauskar <mbauskar@gmail.com>	Tue Jul 18 16:09:34 2017 +0530
tree	f955956ebb587c7b46152c26b0fad66c6022bda3
parent	75b145fe2cf942c92768bc5c3d071b9ddd21aba3 [diff]