From f0f88518092ff624fd09472b9c19e9f302415154 Mon Sep 17 00:00:00 2001
From: Ameya Shenoy <shenoy.ameya@gmail.com>
Date: Tue, 23 Oct 2018 13:20:05 +0530
Subject: [PATCH] fix: commonify json.loads for filters

---
 frappe/client.py | 26 +++++++++++++++-----------
 1 file changed, 15 insertions(+), 11 deletions(-)

diff --git a/frappe/client.py b/frappe/client.py
index eb32116267..3faa7e0129 100644
--- a/frappe/client.py
+++ b/frappe/client.py
@@ -35,8 +35,7 @@ def get_list(doctype, fields=None, filters=None, order_by=None,
 
 @frappe.whitelist()
 def get_count(doctype, filters=None, debug=False, cache=False):
-
-	return frappe.db.count(doctype, json.loads(filters), debug, cache)
+	return frappe.db.count(doctype, get_safe_filters(filters), debug, cache)
 
 @frappe.whitelist()
 def get(doctype, name=None, filters=None, parent=None):
@@ -72,15 +71,7 @@ def get_value(doctype, fieldname, filters=None, as_dict=True, debug=False, paren
 	if not frappe.has_permission(doctype):
 		frappe.throw(_("No permission for {0}".format(doctype)), frappe.PermissionError)
 
-	try:
-		filters = json.loads(filters)
-
-		if isinstance(filters, (integer_types, float)):
-			filters = frappe.as_unicode(filters)
-
-	except (TypeError, ValueError):
-		# filters are not passesd, not json
-		pass
+	filters = get_safe_filters(filters)
 
 	try:
 		fieldname = json.loads(fieldname)
@@ -375,3 +366,16 @@ def check_parent_permission(parent):
 			return
 	# Either parent not passed or the user doesn't have permission on parent doctype of child table!
 	raise frappe.PermissionError
+
+def get_safe_filters(filters):
+	try:
+		filters = json.loads(filters)
+
+		if isinstance(filters, (integer_types, float)):
+			filters = frappe.as_unicode(filters)
+
+	except (TypeError, ValueError):
+		# filters are not passesd, not json
+		pass
+
+	return filters