From dba454f94136c9480db3bb32081fb4b1b2df47fe Mon Sep 17 00:00:00 2001
From: Suraj Shetty <surajshetty3416@gmail.com>
Date: Tue, 8 Sep 2020 10:37:25 +0530
Subject: [PATCH 1/3] fix(security): Remove ignore_permissions flag from API
 request

---
 frappe/__init__.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/frappe/__init__.py b/frappe/__init__.py
index 46792e82a8..7d3d34428e 100644
--- a/frappe/__init__.py
+++ b/frappe/__init__.py
@@ -1110,6 +1110,7 @@ def get_newargs(fn, kwargs):
 		if (a in fnargs) or varkw:
 			newargs[a] = kwargs.get(a)
 
+	newargs.pop('ignore_permissions', None)
 	if "flags" in newargs:
 		del newargs["flags"]
 

From 9e43e887555d90f73b539cab4085f409a3691636 Mon Sep 17 00:00:00 2001
From: Suraj Shetty <surajshetty3416@gmail.com>
Date: Tue, 8 Sep 2020 10:38:26 +0530
Subject: [PATCH 2/3] fix: Remove unnecessary whitelisting of rename_doc method

---
 frappe/model/rename_doc.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/frappe/model/rename_doc.py b/frappe/model/rename_doc.py
index 1e3f127b99..7a2129e76e 100644
--- a/frappe/model/rename_doc.py
+++ b/frappe/model/rename_doc.py
@@ -25,7 +25,6 @@ def update_document_title(doctype, docname, title_field=None, old_title=None, ne
 
 	return docname
 
-@frappe.whitelist()
 def rename_doc(doctype, old, new, force=False, merge=False, ignore_permissions=False, ignore_if_exists=False, show_alert=True):
 	"""
 		Renames a doc(dt, old) to doc(dt, new) and

From 0449ba0b6d25bf87c3821ad853dccd322cac2740 Mon Sep 17 00:00:00 2001
From: Suraj Shetty <13928957+surajshetty3416@users.noreply.github.com>
Date: Tue, 8 Sep 2020 10:58:03 +0530
Subject: [PATCH 3/3] refactor: Use .pop instead of del

---
 frappe/__init__.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/frappe/__init__.py b/frappe/__init__.py
index 7d3d34428e..4b60181bd1 100644
--- a/frappe/__init__.py
+++ b/frappe/__init__.py
@@ -1110,9 +1110,8 @@ def get_newargs(fn, kwargs):
 		if (a in fnargs) or varkw:
 			newargs[a] = kwargs.get(a)
 
-	newargs.pop('ignore_permissions', None)
-	if "flags" in newargs:
-		del newargs["flags"]
+	newargs.pop("ignore_permissions", None)
+	newargs.pop("flags", None)
 
 	return newargs