fix: escape company field

commit: 8118dd9e62971db02c44183c7574bd730dc18eff [log] [tgz]
author: Rucha Mahabal <ruchamahabal2@gmail.com> Fri Aug 07 14:52:50 2020 +0530
committer: Rucha Mahabal <ruchamahabal2@gmail.com> Fri Aug 07 14:52:50 2020 +0530
tree: 5538c7390abf8de41d80e8813cff0a09f8157308
parent: 4c4c0df7bdf536ab72473dd2077c4b1f9afb1ec2 [diff]
diff --git a/erpnext/accounts/party.py b/erpnext/accounts/party.py
index 28a6519..6f043a0 100644
--- a/erpnext/accounts/party.py
+++ b/erpnext/accounts/party.py

@@ -611,7 +611,7 @@
 			cond = "posting_date <= '{0}'".format(posting_date)
 
 	if company:
-		cond += "and company = '{0}'".format(company)
+		cond += "and company = '{0}'".format(frappe.db.escape(company))
 
 	data = frappe.db.sql(""" SELECT party, sum({0}) as amount
 		FROM `tabGL Entry`
commit	8118dd9e62971db02c44183c7574bd730dc18eff	[log] [tgz]
author	Rucha Mahabal <ruchamahabal2@gmail.com>	Fri Aug 07 14:52:50 2020 +0530
committer	Rucha Mahabal <ruchamahabal2@gmail.com>	Fri Aug 07 14:52:50 2020 +0530
tree	5538c7390abf8de41d80e8813cff0a09f8157308
parent	4c4c0df7bdf536ab72473dd2077c4b1f9afb1ec2 [diff]