From 2c16a86e866b01b2af787d67a5d5e41bee6c6009 Mon Sep 17 00:00:00 2001
From: Ben Knowles <benknowles@users.noreply.github.com>
Date: Mon, 25 Nov 2019 16:20:33 -0600
Subject: [PATCH] fix: parameterize link name when clearing timeline references

link_name could potentially include an apostrophe and cause:

`"mysql.err.ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax"`

Adjusted the query to parameterize it
---
 frappe/model/delete_doc.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/frappe/model/delete_doc.py b/frappe/model/delete_doc.py
index af67350ab6..b518db0a28 100644
--- a/frappe/model/delete_doc.py
+++ b/frappe/model/delete_doc.py
@@ -333,7 +333,7 @@ def clear_references(doctype, reference_doctype, reference_name,
 
 def clear_timeline_references(link_doctype, link_name):
 	frappe.db.sql("""delete from `tabCommunication Link`
-		where `tabCommunication Link`.link_doctype='{0}' and `tabCommunication Link`.link_name='{1}'""".format(link_doctype, link_name)) # nosec
+		where `tabCommunication Link`.link_doctype='{0}' and `tabCommunication Link`.link_name=%s""".format(link_doctype), (link_name)) # nosec
 
 def insert_feed(doc):
 	from frappe.utils import get_fullname