fix: escape apostrophe in cost centre and project if exist

commit: 8be51e22c48c3ceaf09196e70f609db6e44a8c68 [log] [tgz]
author: Afshan <afshan13k@gmail.com> Wed Sep 23 14:52:36 2020 +0530
committer: Afshan <afshan13k@gmail.com> Wed Sep 23 14:52:36 2020 +0530
tree: 8d4aad149c9e78c7964a3e511af8407431055fdd
parent: 1831893b774f0bbc9de09329a0b12fa6f58dc5e7 [diff]
diff --git a/erpnext/accounts/report/gross_profit/gross_profit.py b/erpnext/accounts/report/gross_profit/gross_profit.py
index 2563b66..84c7454 100644
--- a/erpnext/accounts/report/gross_profit/gross_profit.py
+++ b/erpnext/accounts/report/gross_profit/gross_profit.py

@@ -268,9 +268,9 @@
 	def get_last_purchase_rate(self, item_code, row):
 		condition = ''
 		if row.project:
-			condition += " AND a.project='%s'" % (row.project)
+			condition += " AND a.project=%s" % (frappe.db.escape(row.project))
 		elif row.cost_center:
-			condition += " AND a.cost_center='%s'" % (row.cost_center)
+			condition += " AND a.cost_center=%s" % (frappe.db.escape(row.cost_center))
 		if self.filters.to_date:
 			condition += " AND modified='%s'" % (self.filters.to_date)
commit	8be51e22c48c3ceaf09196e70f609db6e44a8c68	[log] [tgz]
author	Afshan <afshan13k@gmail.com>	Wed Sep 23 14:52:36 2020 +0530
committer	Afshan <afshan13k@gmail.com>	Wed Sep 23 14:52:36 2020 +0530
tree	8d4aad149c9e78c7964a3e511af8407431055fdd
parent	1831893b774f0bbc9de09329a0b12fa6f58dc5e7 [diff]