vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4

fix: parameterize link name when clearing timeline references

Browse source 
link_name could potentially include an apostrophe and cause:

`"mysql.err.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax"`

Adjusted the query to parameterize it
This commit is contained in:
Ben Knowles 2019-11-25 16:20:33 -06:00 committed by GitHub
parent d9a1bfadc8
commit 2c16a86e86
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
frappe/model/delete_doc.py
View file

@ -333,7 +333,7 @@ def clear_references(doctype, reference_doctype, reference_name,
def clear_timeline_references(link_doctype, link_name):
frappe.db.sql("""delete from `tabCommunication Link`
where `tabCommunication Link`.link_doctype='{0}' and `tabCommunication Link`.link_name='{1}'""".format(link_doctype, link_name)) # nosec
where `tabCommunication Link`.link_doctype='{0}' and `tabCommunication Link`.link_name=%s""".format(link_doctype), (link_name)) # nosec
def insert_feed(doc):
from frappe.utils import get_fullname