CalvinBackup/erpnext
1
0
Fork 0
mirror of https://github.com/frappe/erpnext.git synced 2026-03-31 02:40:43 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: More secure query

Browse Source
This commit is contained in:
marination
2020-10-01 21:31:51 +05:30
parent f57ba86bce
commit b9e2f17f4f
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
erpnext/buying/doctype/request_for_quotation/request_for_quotation.py
View File

@@ -378,7 +378,8 @@ def get_rfq_containing_supplier(doctype, txt, searchfield, start, page_len, filt
and rfq.company = '{1}'
{2}
order by rfq.transaction_date ASC
limit {3} offset {4} """ \
.format(filters.get("supplier"), filters.get("company"), conditions, page_len, start), as_dict=1)
limit %(page_len)s offset %(start)s """ \
.format(filters.get("supplier"), filters.get("company"), conditions),
{"page_len": page_len, "start": start}, as_dict=1)
return rfq_data