vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

fix(db_query): Issue with certain DocType Names

Browse source 
The previous update broke systems where DocTypes exist that contains names like Union or Select

(cherry picked from commit f997d40c56d717693c66a8b7e69d12462a673ede)
This commit is contained in:
Eben van Deventer 2025-09-26 18:59:51 +02:00 committed by Akhil Narang
parent d53725070d
commit 2e707c8a33
No known key found for this signature in database
GPG key ID: 9DCC61E211BF645F
1 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
frappe/model/db_query.py
View file

@ -1121,13 +1121,18 @@ from {tables}
if ORDER_GROUP_PATTERN.match(_lower):
frappe.throw(_("Illegal SQL Query"))
# NEW: strip backticked identifiers so words inside table/field names
# (e.g. `tabTrade Union`) don't trigger 'union' / 'select ... from' checks
sanitized = re.sub(r"`[^`]*`", "", _lower)
subquery_indicators = {
r"union",
r"intersect",
r"select\b.*\bfrom",
}
if any(re.search(r"\b" + pattern + r"\b", _lower) for pattern in subquery_indicators):
# run the subquery checks against the sanitized string
if any(re.search(r"\b" + pattern + r"\b", sanitized) for pattern in subquery_indicators):
frappe.throw(_("Cannot use sub-query here."))
blacklisted_sql_functions = {