From 5ea131c763633e1c93abddcbcd551d6d10df7336 Mon Sep 17 00:00:00 2001 From: ljain112 Date: Tue, 17 Dec 2024 18:49:38 +0530 Subject: [PATCH] fix: using query.walk() for escaping --- erpnext/accounts/report/financial_statements.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/erpnext/accounts/report/financial_statements.py b/erpnext/accounts/report/financial_statements.py index a12b217d1be..918bafa169a 100644 --- a/erpnext/accounts/report/financial_statements.py +++ b/erpnext/accounts/report/financial_statements.py @@ -527,8 +527,6 @@ def get_accounting_entries( account_filter_query = get_account_filter_query(root_lft, root_rgt, root_type, gl_entry) query = query.where(ExistsCriterion(account_filter_query)) - query = query.get_sql() - from frappe.desk.reportview import build_match_conditions match_conditions = build_match_conditions(doctype) @@ -536,9 +534,9 @@ def get_accounting_entries( if match_conditions: query += "and" + match_conditions - entries = frappe.db.sql(query, as_dict=True) + query, params = query.walk() - return entries + return frappe.db.sql(query, params, as_dict=True) def get_account_filter_query(root_lft, root_rgt, root_type, gl_entry):