From 15d3f4660ebf91e54aff15cbf7611ab0e603ebc0 Mon Sep 17 00:00:00 2001
From: Suraj Shetty <surajshetty3416@gmail.com>
Date: Mon, 5 Nov 2018 10:07:16 +0530
Subject: [PATCH] fix(security): pop ignore_permissions arg from whitelisted
 method

---
 frappe/model/db_query.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/frappe/model/db_query.py b/frappe/model/db_query.py
index 1d241db443..f2da6e0b31 100644
--- a/frappe/model/db_query.py
+++ b/frappe/model/db_query.py
@@ -619,6 +619,7 @@ def get_order_by(doctype, meta):
 def get_list(doctype, *args, **kwargs):
 	'''wrapper for DatabaseQuery'''
 	kwargs.pop('cmd', None)
+	kwargs.pop('ignore_permissions', None)
 	return DatabaseQuery(doctype).execute(None, *args, **kwargs)
 
 def is_parent_only_filter(doctype, filters):