From 9a8dbc42a78c4bce5b94babe36fd5f7eac83006b Mon Sep 17 00:00:00 2001
From: Daizy Modi <modidaizy5217@gmail.com>
Date: Wed, 14 Dec 2022 17:01:19 +0530
Subject: [PATCH] fix: added a case with backticks

---
 frappe/tests/test_search.py | 29 +++++++----------------------
 1 file changed, 7 insertions(+), 22 deletions(-)

diff --git a/frappe/tests/test_search.py b/frappe/tests/test_search.py
index 9dbf13b729..5d98d6f49f 100644
--- a/frappe/tests/test_search.py
+++ b/frappe/tests/test_search.py
@@ -186,28 +186,13 @@ class TestSearch(FrappeTestCase):
 		self.assertListEqual(frappe.response["results"], [])
 
 	def test_sanitize_searchfield(self):
-		# should raise error if searchfield is injectable
-		self.assertRaisesRegex(
-			frappe.DataError,
-			re.compile(r"^(Invalid Search Field .*)$"),
-			sanitize_searchfield,
-			"1=1",
-		)
-
-		# should raise error if searchfield is special character
-		self.assertRaisesRegex(
-			frappe.DataError,
-			re.compile(r"^(Invalid Search Field .*)$"),
-			sanitize_searchfield,
-			";",
-		)
-
-		self.assertRaisesRegex(
-			frappe.DataError,
-			re.compile(r"^(Invalid Search Field .*)$"),
-			sanitize_searchfield,
-			"name or (select * from tabSessions)",
-		)
+		for searchfield in ("1=1", "name or (select * from tabSessions)", ";", "`tabSessions`"):
+			self.assertRaisesRegex(
+				frappe.DataError,
+				re.compile(r"^(Invalid Search Field .*)$"),
+				sanitize_searchfield,
+				searchfield,
+			)
 
 		sanitize_searchfield("name")