From 62c7deee00a8a61942c1434164a4597ce52e7594 Mon Sep 17 00:00:00 2001
From: Saurabh <saurabh6790@gmail.com>
Date: Thu, 11 May 2017 18:03:12 +0530
Subject: [PATCH 1/5] [fix] don't allow string values in limits to avoid sql
 injection (#8779)

---
 erpnext/templates/pages/product_search.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/erpnext/templates/pages/product_search.py b/erpnext/templates/pages/product_search.py
index 8766db3dfa6..49f321dd9a1 100644
--- a/erpnext/templates/pages/product_search.py
+++ b/erpnext/templates/pages/product_search.py
@@ -3,7 +3,7 @@
 
 from __future__ import unicode_literals
 import frappe
-from frappe.utils import cstr, nowdate
+from frappe.utils import cstr, nowdate, cint
 from erpnext.setup.doctype.item_group.item_group import get_item_for_list_in_html
 
 no_cache = 1
@@ -33,7 +33,7 @@ def get_product_list(search=None, start=0, limit=12):
 		search = "%" + cstr(search) + "%"
 
 	# order by
-	query += """ order by weightage desc, idx desc, modified desc limit %s, %s""" % (start, limit)
+	query += """ order by weightage desc, idx desc, modified desc limit %s, %s""" % (cint(start), cint(limit))
 
 	data = frappe.db.sql(query, {
 		"search": search,

From e8270fe21c0a643e4d86fdf73d6c6983254aed6d Mon Sep 17 00:00:00 2001
From: Makarand Bauskar <mbauskar@gmail.com>
Date: Fri, 12 May 2017 11:23:23 +0530
Subject: [PATCH 2/5] [fix] minor fix in get_context for item variants (#8791)

---
 erpnext/stock/doctype/item/item.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/erpnext/stock/doctype/item/item.py b/erpnext/stock/doctype/item/item.py
index 9b9eb63050a..f86417135d2 100644
--- a/erpnext/stock/doctype/item/item.py
+++ b/erpnext/stock/doctype/item/item.py
@@ -325,7 +325,7 @@ class Item(WebsiteGenerator):
 
 	def set_disabled_attributes(self, context):
 		"""Disable selection options of attribute combinations that do not result in a variant"""
-		if not self.attributes:
+		if not self.attributes or not self.has_variants:
 			return
 
 		context.disabled_attributes = {}

From d4e15ca35933f10ea3cd5532cdbd7502f571f1df Mon Sep 17 00:00:00 2001
From: Makarand Bauskar <mbauskar@gmail.com>
Date: Fri, 12 May 2017 11:23:58 +0530
Subject: [PATCH 3/5] [minor] create student batch if does not exists (#8781)

* [minor] create student batch if does not exists

* [fix] minor fixes in if condition
---
 .../patches/v8_0/merge_student_batch_and_student_group.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/erpnext/patches/v8_0/merge_student_batch_and_student_group.py b/erpnext/patches/v8_0/merge_student_batch_and_student_group.py
index 5b45cc76028..742457f154a 100644
--- a/erpnext/patches/v8_0/merge_student_batch_and_student_group.py
+++ b/erpnext/patches/v8_0/merge_student_batch_and_student_group.py
@@ -13,7 +13,15 @@ def execute():
 	frappe.reload_doctype("Student Group")
 	student_batches = frappe.db.sql('''select name as student_group_name, student_batch_name as batch,
 		program, academic_year, academic_term from `tabStudent Batch`''', as_dict=1)
+
 	for student_batch in student_batches:
+		# create student batch name if does not exists !!
+		if student_batch.get("batch") and not frappe.db.exists("Student Batch Name", student_batch.get("batch")):
+			frappe.get_doc({
+				"doctype": "Student Batch Name",
+				"batch_name": student_batch.get("batch")
+			}).insert(ignore_permissions=True)
+
 		student_batch.update({"doctype":"Student Group", "group_based_on": "Batch"})
 		doc = frappe.get_doc(student_batch)
 		student_list = frappe.db.sql('''select student, student_name, active from `tabStudent Batch Student`

From 45540569ffc9eff3dbcd3d0b2342b4dda02504f5 Mon Sep 17 00:00:00 2001
From: Saurabh <saurabh6790@gmail.com>
Date: Sat, 13 May 2017 06:30:41 +0530
Subject: [PATCH 4/5] [fix] rename Student Batch to Student Batch Name in
 activation check

---
 erpnext/utilities/activation.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/erpnext/utilities/activation.py b/erpnext/utilities/activation.py
index c4841bb619f..0b73d3e5b6f 100644
--- a/erpnext/utilities/activation.py
+++ b/erpnext/utilities/activation.py
@@ -37,7 +37,7 @@ def get_level():
 	if frappe.db.count('Student') > 5:
 		activation_level += 1
 
-	if frappe.db.count('Student Batch') > 5:
+	if frappe.db.count('Student Batch Name') > 5:
 		activation_level += 1
 
 	if frappe.db.count('Instructor') > 5:

From 82e303882e450211405b648399150d7f05b74892 Mon Sep 17 00:00:00 2001
From: Saurabh <saurabh6790@gmail.com>
Date: Sat, 13 May 2017 08:12:03 +0600
Subject: [PATCH 5/5] bumped to version 8.0.26

---
 erpnext/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/erpnext/__init__.py b/erpnext/__init__.py
index b378f21957c..6f73741e856 100644
--- a/erpnext/__init__.py
+++ b/erpnext/__init__.py
@@ -2,7 +2,7 @@
 from __future__ import unicode_literals
 import frappe
 
-__version__ = '8.0.25'
+__version__ = '8.0.26'
 
 def get_default_company(user=None):
 	'''Get default company for user'''