vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4

fix(sanitize_fields): strengthen field check

Browse source 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
This commit is contained in:
Akhil Narang 2026-02-06 18:20:45 +05:30
parent 20ceaa20a0
commit ab577751f2
No known key found for this signature in database
GPG key ID: 9DCC61E211BF645F
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
frappe/model/db_query.py
View file

@ -499,9 +499,11 @@ from {tables}
if isinstance(token, Function):
if (name := (token.get_name())) and name.lower() in blacklisted_functions:
_raise_exception()
if token.ttype == tokens.Keyword:
if token.value.lower() in blacklisted_keywords:
if token.ttype in (tokens.Keyword, tokens.Name):
if any(re.search(rf"\b{kw}\b", token.value.lower()) for kw in blacklisted_keywords):
_raise_exception()
if token.is_group:
_check_sql_token(token)