Merge pull request #10893 from Thunderbottom/search_whitelist-fix-fix

fix: get_attr before checking for whitelist
2020-07-01 15:57:44 +00:00 · 2020-07-01 15:57:44 +00:00 · d1fe0a1acf
commit d1fe0a1acf
parent 63232f4867 d2c4b170a8
1 changed files with 11 additions and 3 deletions
--- a/frappe/desk/search.py
+++ b/frappe/desk/search.py
@ -75,9 +75,17 @@ def search_widget(doctype, txt, query=None, searchfield=None, start=0,

 	if query and query.split()[0].lower()!="select":
 		# by method
-		is_whitelisted(query)
-		frappe.response["values"] = frappe.call(query, doctype, txt,
-			searchfield, start, page_length, filters, as_dict=as_dict)
+		try:
+			is_whitelisted(frappe.get_attr(query))
+			frappe.response["values"] = frappe.call(query, doctype, txt,
+				searchfield, start, page_length, filters, as_dict=as_dict)
+		except Exception as e:
+			if frappe.local.conf.developer_mode:
+				raise e
+			else:
+				frappe.respond_as_web_page(title='Invalid Method', html='Method not found',
+				indicator_color='red', http_status_code=404)
+			return
 	elif not query and doctype in standard_queries:
 		# from standard queries
 		search_widget(doctype, txt, standard_queries[doctype][0],