From 04932e20a0a0aabd346588d2d214f4975b82f5f7 Mon Sep 17 00:00:00 2001
From: Sagar Vora <16315650+sagarvora@users.noreply.github.com>
Date: Mon, 1 Dec 2025 23:59:45 +0530
Subject: [PATCH] fix: tighten FIELD_PARSE_REGEX to only allow backticks (not
 double quotes)

---
 frappe/database/query.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/frappe/database/query.py b/frappe/database/query.py
index cf106320bb..bea59e2fdf 100644
--- a/frappe/database/query.py
+++ b/frappe/database/query.py
@@ -119,7 +119,7 @@ ALLOWED_FIELD_PATTERN = re.compile(
 # Group 2: Optional table name (e.g., `tabDocType` or tabDocType or `tabNote Seen By`)
 # Group 3: Optional quote for field name
 # Group 4: Field name (e.g., `field` or field)
-FIELD_PARSE_REGEX = re.compile(r"^(?:([`\"]?)(tab[\w\s-]+)\1\.)?([`\"]?)(\w+)\3$")
+FIELD_PARSE_REGEX = re.compile(r"^(?:(`?)(tab[\w\s-]+)\1\.)?(`?)(\w+)\3$")
 
 # Direct mapping from uppercase function names to pypika function classes
 FUNCTION_MAPPING = {