From 2c15bb4a5be585b9eee74dd07013490d58ce7d88 Mon Sep 17 00:00:00 2001 From: Akhil Narang Date: Tue, 18 Nov 2025 23:34:46 +0530 Subject: [PATCH] fix(query): extend regex for allow backticked aliases For example: ``` `tabSerial and Batch Entry`.`name` as `child_row` ``` Signed-off-by: Akhil Narang --- frappe/database/query.py | 3 ++- frappe/tests/test_query.py | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/frappe/database/query.py b/frappe/database/query.py index 9c09bda25c..a5de9c0064 100644 --- a/frappe/database/query.py +++ b/frappe/database/query.py @@ -59,7 +59,8 @@ def _is_function_call(field_str: str) -> bool: # - `tabTable-Field`.`field` (hyphens in table name) # - Any of above with aliases: ... as alias ALLOWED_FIELD_PATTERN = re.compile( - r"^(?:(`[\w\s-]+`|\w+)\.)?(`[\w\s-]+`|\w+)(?:\s+as\s+\w+)?$", flags=re.ASCII | re.IGNORECASE + r"^(?:(`[\w\s-]+`|\w+)\.)?(`[\w\s-]+`|\w+)(?:\s+as\s+(?:`[\w\s-]+`|\w+))?$", + flags=re.ASCII | re.IGNORECASE, ) # Regex to parse field names: diff --git a/frappe/tests/test_query.py b/frappe/tests/test_query.py index def1effe4d..02d5ed1f1e 100644 --- a/frappe/tests/test_query.py +++ b/frappe/tests/test_query.py @@ -153,7 +153,9 @@ class TestQuery(IntegrationTestCase): "`tabUser`.`name` as alias", "*", "`tabHas Role`.`name`", + "field as `alias with space`", ] + invalid_fields = [ "name; DROP TABLE users", "`name` ; SELECT * FROM secrets", @@ -166,7 +168,6 @@ class TestQuery(IntegrationTestCase): "field with space", "`field with space`", "field as alias with space", - "field as `alias with space`", "COUNT(*)", "COUNT(name)", "SUM(amount) as total",