From d2c4b170a855bcfebd65a497d7b7770969468d36 Mon Sep 17 00:00:00 2001
From: "Chinmay D. Pai" <chinmaydpai@gmail.com>
Date: Wed, 1 Jul 2020 21:07:41 +0530
Subject: [PATCH] fix: get_attr before checking for whitelist

Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
---
 frappe/desk/search.py | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/frappe/desk/search.py b/frappe/desk/search.py
index e29b1bd227..b4b54b4b6e 100644
--- a/frappe/desk/search.py
+++ b/frappe/desk/search.py
@@ -75,9 +75,17 @@ def search_widget(doctype, txt, query=None, searchfield=None, start=0,
 
 	if query and query.split()[0].lower()!="select":
 		# by method
-		is_whitelisted(query)
-		frappe.response["values"] = frappe.call(query, doctype, txt,
-			searchfield, start, page_length, filters, as_dict=as_dict)
+		try:
+			is_whitelisted(frappe.get_attr(query))
+			frappe.response["values"] = frappe.call(query, doctype, txt,
+				searchfield, start, page_length, filters, as_dict=as_dict)
+		except Exception as e:
+			if frappe.local.conf.developer_mode:
+				raise e
+			else:
+				frappe.respond_as_web_page(title='Invalid Method', html='Method not found',
+				indicator_color='red', http_status_code=404)
+			return
 	elif not query and doctype in standard_queries:
 		# from standard queries
 		search_widget(doctype, txt, standard_queries[doctype][0],