vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

fix(db_query): relax some restrictions (#37314)

Browse source 
Allow valid identifiers

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
This commit is contained in:
Akhil Narang 2026-02-23 12:21:26 +05:30 committed by GitHub
parent 5b09a76606
commit 04b2a433b6
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
frappe/model/db_query.py
View file

@ -500,7 +500,11 @@ from {tables}
if (name := (token.get_name())) and name.lower() in blacklisted_functions:
_raise_exception()
if token.ttype in (tokens.Keyword, tokens.Name):
if token.ttype in tokens.Keyword:
if any(re.search(rf"\b{kw}\b", token.value.lower()) for kw in blacklisted_keywords):
_raise_exception()
if token.ttype in tokens.Name and not re.match(r"^`\w.*`$", token.value.strip()):
if any(re.search(rf"\b{kw}\b", token.value.lower()) for kw in blacklisted_keywords):
_raise_exception()