vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4

Merge branch 'version-12-hotfix' of https://github.com/frappe/frappe into events_ref

Browse source
This commit is contained in:
Himanshu Warekar 2019-07-26 09:59:43 +05:30
commit 178bd25c98
2 changed files with 11 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
frappe/model/db_query.py
View file

@ -240,6 +240,9 @@ class DatabaseQuery(object):
_is_query(field)
invalid_characters_regex = r".*[^a-zA-Z0-9-_ ,`'\"\*\.\(\)].*"
if re.match(invalid_characters_regex, field):
frappe.throw(_("Illegal characters in SQL query"))
def extract_tables(self):
"""extract tables from fields"""
@ -688,6 +691,9 @@ class DatabaseQuery(object):
if 'select' in _lower and ' from ' in _lower:
frappe.throw(_('Cannot use sub-query in order by'))
invalid_characters_regex = r".*[^a-z0-9-_ ,`'\"\.\(\)].*"
if re.match(invalid_characters_regex, _lower):
frappe.throw(_("Illegal characters in SQL query"))
for field in parameters.split(","):
if "." in field and field.strip().startswith("`tab"):

17
frappe/public/js/frappe/form/multi_select_dialog.js
View file

@ -201,11 +201,12 @@ frappe.ui.form.MultiSelectDialog = Class.extend({
let $row = $(`<div class="list-item">
<div class="list-item__content" style="flex: 0 0 10px;">
<input type="checkbox" class="list-row-check" ${result.checked ? 'checked' : ''}>
<input type="checkbox" class="list-row-check" data-item-name="${result.name}" ${result.checked ? 'checked' : ''}>
</div>
${contents}
</div>`);
head ? $row.addClass('list-item--head')
: $row = $(`<div class="list-item-container" data-item-name="${result.name}"></div>`).append($row);
return $row;
@ -219,14 +220,10 @@ frappe.ui.form.MultiSelectDialog = Class.extend({
if (!frappe.flags.auto_scroll) {
this.empty_list();
}
more_btn.hide();
if(results.length === 0) {
this.empty_list();
more_btn.hide();
return;
} else if(more) {
more_btn.show();
}
if (results.length === 0) return;
if (more) more_btn.show();
results.forEach((result) => {
me.$results.append(me.make_list_row(result));
@ -303,10 +300,6 @@ frappe.ui.form.MultiSelectDialog = Class.extend({
return a.parsed_date - b.parsed_date;
});
// Preselect oldest entry
if (me.start < 1) {
results[0].checked = 1;
}
}
me.render_result_list(results, more);
}