vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

fix: Strip comments before sanitizing column_name

Browse source
This commit is contained in:
Suraj Shetty 2021-04-23 01:20:47 +05:30
parent d694753b17
commit d8e91cae32
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
frappe/utils/data.py
View file

@ -1278,7 +1278,9 @@ def make_filter_dict(filters):
def sanitize_column(column_name):
from frappe import _
import sqlparse
regex = re.compile("^.*[,'();].*")
column_name = sqlparse.format(column_name, strip_comments=True, keyword_case="lower")
blacklisted_keywords = ['select', 'create', 'insert', 'delete', 'drop', 'update', 'case', 'and', 'or']
def _raise_exception():