From ce60f98ab68e72afcf2621fc3da515de9ca22fc9 Mon Sep 17 00:00:00 2001
From: Aditya Hase <aditya@adityahase.com>
Date: Fri, 26 Jul 2019 20:49:46 +0530
Subject: [PATCH] Revert "fix(security): Disallow unnecessary characters in
 group_by and fields"

This reverts commit fb8993663c2e587d78667937ad356d17610a2214.
---
 frappe/model/db_query.py | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/frappe/model/db_query.py b/frappe/model/db_query.py
index 7767d2a021..53a1c6c13d 100644
--- a/frappe/model/db_query.py
+++ b/frappe/model/db_query.py
@@ -240,9 +240,6 @@ class DatabaseQuery(object):
 
 			_is_query(field)
 
-			invalid_characters_regex = r".*[^a-zA-Z0-9-_ ,`'\"\*\.\(\)].*"
-			if re.match(invalid_characters_regex, field):
-				frappe.throw(_("Illegal characters in SQL query"))
 
 	def extract_tables(self):
 		"""extract tables from fields"""
@@ -691,9 +688,6 @@ class DatabaseQuery(object):
 		if 'select' in _lower and ' from ' in _lower:
 			frappe.throw(_('Cannot use sub-query in order by'))
 
-		invalid_characters_regex = r".*[^a-z0-9-_ ,`'\"\.\(\)].*"
-		if re.match(invalid_characters_regex, _lower):
-			frappe.throw(_("Illegal characters in SQL query"))
 
 		for field in parameters.split(","):
 			if "." in field and field.strip().startswith("`tab"):