From 04b2a433b6d7a5f25353470cb0ebfba6d2cbd9c9 Mon Sep 17 00:00:00 2001
From: Akhil Narang <me@akhilnarang.dev>
Date: Mon, 23 Feb 2026 12:21:26 +0530
Subject: [PATCH] fix(db_query): relax some restrictions (#37314)

Allow valid identifiers

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
---
 frappe/model/db_query.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/frappe/model/db_query.py b/frappe/model/db_query.py
index dfb7681059..eecacbd790 100644
--- a/frappe/model/db_query.py
+++ b/frappe/model/db_query.py
@@ -500,7 +500,11 @@ from {tables}
 					if (name := (token.get_name())) and name.lower() in blacklisted_functions:
 						_raise_exception()
 
-				if token.ttype in (tokens.Keyword, tokens.Name):
+				if token.ttype in tokens.Keyword:
+					if any(re.search(rf"\b{kw}\b", token.value.lower()) for kw in blacklisted_keywords):
+						_raise_exception()
+
+				if token.ttype in tokens.Name and not re.match(r"^`\w.*`$", token.value.strip()):
 					if any(re.search(rf"\b{kw}\b", token.value.lower()) for kw in blacklisted_keywords):
 						_raise_exception()