fix: Validate server script for doc events

frappe/core/doctype/server_script/server_script.py

@@ -11,6 +11,8 @@ from frappe.model.document import Document
 from frappe.utils.safe_exec import get_safe_globals, safe_exec, NamespaceDict
 from frappe import _
 
+import re
+
 
 class ServerScript(Document):
 	def validate(self):
@@ -94,8 +96,15 @@ class ServerScript(Document):
 		Args:
 			doc (Document): Executes script with for a certain document's events
 		"""
+		self.validate_script_for_doc_events()
 		safe_exec(self.script, _locals={"doc": doc})
 
+	def validate_script_for_doc_events(self):
+		for line in self.script.splitlines():
+			line = line.strip()
+			if not line.startswith('#') and "frappe.db.commit()" in line:
+				frappe.throw(_("Commit cannot be used in DocType Event server script"))
+
 	def execute_scheduled_method(self):
 		"""Specific to Scheduled Jobs via Server Scripts
 

frappe/utils/safe_exec.py

@@ -116,8 +116,7 @@ def get_safe_globals():
 			socketio_port=frappe.conf.socketio_port,
 			get_hooks=frappe.get_hooks,
 			sanitize_html=frappe.utils.sanitize_html,
-			log_error=frappe.log_error,
-			cache=frappe.cache 
+			log_error=frappe.log_error
 		),
 		FrappeClient=FrappeClient,
 		style=frappe._dict(
@@ -157,6 +156,13 @@ def get_safe_globals():
 			commit = frappe.db.commit
 		)
 
+		out.frappe.cache = NamespaceDict(
+			get_value = frappe.cache().get_value,
+			set_value = frappe.cache().set_value,
+			hset = frappe.cache().hset,
+			hget = frappe.cache().hget
+		)
+
 	if frappe.response:
 		out.frappe.response = frappe.response