From 436ce11c600ceeed91f83eb485877acc2d11f0f7 Mon Sep 17 00:00:00 2001 From: Manas Solanki Date: Mon, 11 Dec 2017 14:29:48 +0530 Subject: [PATCH] escape the email account name (#4598) --- frappe/email/doctype/email_account/email_account.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frappe/email/doctype/email_account/email_account.py b/frappe/email/doctype/email_account/email_account.py index 5cc56027fc..1350d132df 100755 --- a/frappe/email/doctype/email_account/email_account.py +++ b/frappe/email/doctype/email_account/email_account.py @@ -597,7 +597,7 @@ class EmailAccount(Document): flags = frappe.db.sql("""select name, communication, uid, action from `tabEmail Flag Queue` where is_completed=0 and email_account='{email_account}' - """.format(email_account=self.name), as_dict=True) + """.format(email_account=frappe.db.escape(self.name)), as_dict=True) uid_list = { flag.get("uid", None): flag.get("action", "Read") for flag in flags } if flags and uid_list: