diff --git a/erpnext/accounts/doctype/bank_guarantee/bank_guarantee.py b/erpnext/accounts/doctype/bank_guarantee/bank_guarantee.py index 9aa2ee271a4..f28a07431fe 100644 --- a/erpnext/accounts/doctype/bank_guarantee/bank_guarantee.py +++ b/erpnext/accounts/doctype/bank_guarantee/bank_guarantee.py @@ -6,6 +6,7 @@ from __future__ import unicode_literals import frappe, json from frappe.model.document import Document from frappe import _ +from frappe.desk.search import sanitize_searchfield class BankGuarantee(Document): def validate(self): @@ -22,5 +23,8 @@ class BankGuarantee(Document): @frappe.whitelist() def get_vouchar_detials(column_list, doctype, docname): + column_list = json.loads(column_list) + for col in column_list: + sanitize_searchfield(col) return frappe.db.sql(''' select {columns} from `tab{doctype}` where name=%s''' .format(columns=", ".join(json.loads(column_list)), doctype=doctype), docname, as_dict=1)[0] diff --git a/erpnext/healthcare/doctype/patient_appointment/patient_appointment.py b/erpnext/healthcare/doctype/patient_appointment/patient_appointment.py index 7aa41c546c0..12248fcdce3 100755 --- a/erpnext/healthcare/doctype/patient_appointment/patient_appointment.py +++ b/erpnext/healthcare/doctype/patient_appointment/patient_appointment.py @@ -386,5 +386,5 @@ def get_procedure_prescribed(patient): return frappe.db.sql("""select pp.name, pp.procedure, pp.parent, ct.practitioner, ct.encounter_date, pp.practitioner, pp.date, pp.department from `tabPatient Encounter` ct, `tabProcedure Prescription` pp - where ct.patient='{0}' and pp.parent=ct.name and pp.appointment_booked=0 - order by ct.creation desc""".format(patient)) + where ct.patient=%(patient)s and pp.parent=ct.name and pp.appointment_booked=0 + order by ct.creation desc""", {"patient": patient}) diff --git a/erpnext/hr/doctype/department/department.py b/erpnext/hr/doctype/department/department.py index 9b2b5817660..2cef5092767 100644 --- a/erpnext/hr/doctype/department/department.py +++ b/erpnext/hr/doctype/department/department.py @@ -48,12 +48,17 @@ def get_abbreviated_name(name, company): @frappe.whitelist() def get_children(doctype, parent=None, company=None, is_root=False): condition = '' + var_dict = { + "name": get_root_of("Department"), + "parent": parent, + "company": company, + } if company == parent: - condition = "name='{0}'".format(get_root_of("Department")) + condition = "name=%(name)s" elif company: - condition = "parent_department='{0}' and company='{1}'".format(parent, company) + condition = "parent_department=%(parent)s and company=%(company)s" else: - condition = "parent_department = '{0}'".format(parent) + condition = "parent_department = %(parent)s" return frappe.db.sql(""" select @@ -62,7 +67,7 @@ def get_children(doctype, parent=None, company=None, is_root=False): from `tab{doctype}` where {condition} - order by name""".format(doctype=doctype, condition=condition), as_dict=1) + order by name""".format(doctype=doctype, condition=condition), var_dict, as_dict=1) @frappe.whitelist() def add_node(): diff --git a/erpnext/projects/doctype/task/task.py b/erpnext/projects/doctype/task/task.py index 9285a5dada2..290c6b08ad9 100755 --- a/erpnext/projects/doctype/task/task.py +++ b/erpnext/projects/doctype/task/task.py @@ -199,10 +199,10 @@ def set_multiple_status(names, status): task.save() def set_tasks_as_overdue(): - tasks = frappe.get_all("Task", filters={'status':['not in',['Cancelled', 'Closed']]}) + tasks = frappe.get_all("Task", filters={"status": ["not in", ["Cancelled", "Closed"]]}, fields=["name", "status", "review_date"]) for task in tasks: - if frappe.db.get_value("Task", task.name, "status") in 'Pending Review': - if getdate(frappe.db.get_value("Task", task.name, "review_date")) < getdate(today()): + if task.status == "Pending Review": + if getdate(task.review_date) > getdate(today()): continue frappe.get_doc("Task", task.name).update_status() diff --git a/erpnext/regional/india/utils.py b/erpnext/regional/india/utils.py index c03f68558ba..cb4be0de2fc 100644 --- a/erpnext/regional/india/utils.py +++ b/erpnext/regional/india/utils.py @@ -379,7 +379,7 @@ def get_gstins_for_company(company): `tabDynamic Link`.parent = `tabAddress`.name and `tabDynamic Link`.parenttype = 'Address' and `tabDynamic Link`.link_doctype = 'Company' and - `tabDynamic Link`.link_name = '{0}'""".format(company)) + `tabDynamic Link`.link_name = %(company)s""", {"company": company}) return company_gstins def get_address_details(data, doc, company_address, billing_address): diff --git a/erpnext/selling/doctype/sales_order/sales_order.py b/erpnext/selling/doctype/sales_order/sales_order.py index d3ab2ac5a7d..09d117d1ede 100755 --- a/erpnext/selling/doctype/sales_order/sales_order.py +++ b/erpnext/selling/doctype/sales_order/sales_order.py @@ -622,7 +622,6 @@ def make_sales_invoice(source_name, target_doc=None, ignore_permissions=False): target.set_advances() def set_missing_values(source, target): - target.is_pos = 0 target.ignore_pricing_rule = 1 target.flags.ignore_permissions = True target.run_method("set_missing_values") diff --git a/erpnext/setup/utils.py b/erpnext/setup/utils.py index 01e0b7d441a..78f8993b351 100644 --- a/erpnext/setup/utils.py +++ b/erpnext/setup/utils.py @@ -141,6 +141,6 @@ def insert_record(records): raise def welcome_email(): - site_name = get_default_company() - title = _("Welcome to {0}".format(site_name)) - return title \ No newline at end of file + site_name = get_default_company() or "ERPNext" + title = _("Welcome to {0}").format(site_name) + return title diff --git a/erpnext/stock/doctype/delivery_note/delivery_note.py b/erpnext/stock/doctype/delivery_note/delivery_note.py index b11c9eb0920..c24ea267830 100644 --- a/erpnext/stock/doctype/delivery_note/delivery_note.py +++ b/erpnext/stock/doctype/delivery_note/delivery_note.py @@ -400,7 +400,6 @@ def make_sales_invoice(source_name, target_doc=None): invoiced_qty_map = get_invoiced_qty_map(source_name) def set_missing_values(source, target): - target.is_pos = 0 target.ignore_pricing_rule = 1 target.run_method("set_missing_values") target.run_method("set_po_nos")