CalvinBackup/erpnext
1
0
Fork 0
mirror of https://github.com/frappe/erpnext.git synced 2026-02-14 02:04:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix sql injection

Browse Source
This commit is contained in:
NahuelOperto
2020-01-27 08:55:35 -03:00
parent 8a5f31da34
commit af79714f40
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
erpnext/setup/doctype/item_group/item_group.py
View File

@@ -109,7 +109,7 @@ def get_product_list_for_group(product_group=None, start=0, limit=10, search=Non
or I.name like %(search)s)"""
search = "%" + cstr(search) + "%"
query += """order by I.weightage desc, in_stock desc, I.modified desc limit %s, %s""" % (start, limit)
query += """order by I.weightage desc, in_stock desc, I.modified desc limit %s, %s""" % (cint(start), cint(limit))
data = frappe.db.sql(query, {"product_group": product_group,"search": search, "today": nowdate()}, as_dict=1)
data = adjust_qty_for_expired_items(data)