schuetz3/schuetz3-erpnext
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Ignore sql injections

Browse Source
This commit is contained in:
deepeshgarg007
2019-04-22 21:08:29 +05:30
parent 11e1c60cd3
commit a981a8a153
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
erpnext/stock/report/inactive_items/inactive_items.py
View File

@@ -117,7 +117,7 @@ def get_sales_details(filters):
DATEDIFF(CURDATE(), {date_field}) as days_since_last_order
from `tab{doctype}` s, `tab{doctype} Item` si
where s.name = si.parent and s.docstatus = 1
group by si.name order by days_since_last_order """
group by si.name order by days_since_last_order """ #nosec
.format(date_field = date_field, doctype = filters['based_on']), as_dict=1)
for d in sales_data: