Merge branch 'master' into staging-fixes

2018-11-28 07:53:35 +00:00 · 2018-11-28 07:53:35 +00:00 · f513739d1a
commit f513739d1a
parent 8cf5987b0a bb585e59d2
11 changed files with 17 additions and 14 deletions
--- a/frappe/init.py
+++ b/frappe/init.py
@ -17,7 +17,7 @@ from faker import Faker
 from .exceptions import *
 from .utils.jinja import (get_jenv, get_template, render_template, get_email_from_template, get_jloader)

-__version__ = '10.1.64'
+__version__ = '10.1.65'
 __title__ = "Frappe Framework"

 local = Local()
--- a/frappe/commands/site.py
+++ b/frappe/commands/site.py
@ -461,7 +461,7 @@ def _set_limits(context, site, limits):
 			if limit not in ('daily_emails', 'emails', 'space', 'users', 'email_group', 'currency',
 				'expiry', 'support_email', 'support_chat', 'upgrade_url', 'subscription_id',
 				'subscription_type', 'current_plan', 'subscription_base_price', 'upgrade_plan',
-				'upgrade_base_price'):
+				'upgrade_base_price', 'cancellation_url'):
 				frappe.throw(_('Invalid limit {0}').format(limit))

 			if limit=='expiry' and value:
@ -483,7 +483,7 @@ def _set_limits(context, site, limits):
@click.command('clear-limits')
@click.option('--site', help='site name')
@click.argument('limits', nargs=-1, type=click.Choice(['emails', 'space', 'users', 'email_group',
-	'expiry', 'support_email', 'support_chat', 'upgrade_url', 'daily_emails']))
+	'expiry', 'support_email', 'support_chat', 'upgrade_url', 'daily_emails', 'cancellation_url']))
@pass_context
 def clear_limits(context, site, limits):
 	"""Clears given limit from the site config, and removes limit from site config if its empty"""
--- a/frappe/desk/reportview.py
+++ b/frappe/desk/reportview.py
@ -83,7 +83,7 @@ def compress(data, args = {}):
 	for row in data:
 		new_row = []
 		for key in keys:
-			new_row.append(row[key])
+			new_row.append(row.get(key))
 		values.append(new_row)

 	if args.get("add_total_row"):
--- a/frappe/email/doctype/auto_email_report/auto_email_report.py
+++ b/frappe/email/doctype/auto_email_report/auto_email_report.py
@ -111,7 +111,7 @@ class AutoEmailReport(Document):
 			new_row = []
 			out.append(new_row)
 			for df in columns:
-				if not row.get(df.fieldname): continue
+				if not row.has_key(df.fieldname): continue
 				new_row.append(frappe.format(row[df.fieldname], df, row))

 		return out
--- a/frappe/model/db_query.py
+++ b/frappe/model/db_query.py
@ -204,7 +204,7 @@ class DatabaseQuery(object):
 			if re.compile("^(select|delete|update|drop|create)\s").match(field):
 				_raise_exception()

-			elif re.compile("\s*[a-zA-z]*\s*( from | group by | order by | where | join )").match(field):
+			elif re.compile("\s*[0-9a-zA-z]*\s*( from | group by | order by | where | join )").match(field):
 				_raise_exception()

 		for field in self.fields:
@ -218,10 +218,10 @@ class DatabaseQuery(object):
 				if any("{0}(".format(keyword) in field.lower() for keyword in blacklisted_functions):
 					_raise_exception()

-			if re.compile("[a-zA-Z]+\s*'").match(field):
+			if re.compile("[0-9a-zA-Z]+\s*'").match(field):
 				_raise_exception()

-			if re.compile('[a-zA-Z]+\s*,').match(field):
+			if re.compile('[0-9a-zA-Z]+\s*,').match(field):
 				_raise_exception()

 			_is_query(field)
--- a/frappe/public/css/docs.css
+++ b/frappe/public/css/docs.css
@ -181,7 +181,7 @@
  font-style: normal;
  text-decoration: inherit;
  -webkit-font-smoothing: antialiased;
-  *margin-right: .3em;
+  *margin-right: 0.3em;
  display: inline-block;
  speak: none;
  font-size: 24px;
--- a/frappe/public/css/list.css
+++ b/frappe/public/css/list.css
@ -73,7 +73,7 @@
 }
 .filter-box .filter-field {
  padding-right: 15px;
-  width: calc(64%);
+  width: calc(100% - 36px);
 }
 .filter-box .filter-field .frappe-control {
  position: relative;
@ -233,7 +233,7 @@ input.list-row-checkbox {
 .taggle_list .taggle:hover {
  padding: 2px 15px 2px 4px;
  background: #cfdce5;
-  transition: all .2s;
+  transition: all 0.2s;
 }
 .taggle_list li {
  margin-bottom: 0;
--- a/frappe/public/css/mobile.css
+++ b/frappe/public/css/mobile.css
@ -150,7 +150,7 @@ body {
    font-style: normal;
    text-decoration: inherit;
    -webkit-font-smoothing: antialiased;
-    *margin-right: .3em;
+    *margin-right: 0.3em;
    display: inline-block;
    speak: none;
    font-size: 24px;
--- a/frappe/public/css/navbar.css
+++ b/frappe/public/css/navbar.css
@ -181,7 +181,7 @@
  font-style: normal;
  text-decoration: inherit;
  -webkit-font-smoothing: antialiased;
-  *margin-right: .3em;
+  *margin-right: 0.3em;
  display: inline-block;
  speak: none;
  font-size: 24px;
--- a/frappe/public/css/page.css
+++ b/frappe/public/css/page.css
@ -22,7 +22,7 @@
@media (min-width: 767px) {
  .page-body {
    overflow-x: hidden;
-    min-height: calc(60vh);
+    min-height: calc(100vh - 40px);
  }
 }
 .page-title {
--- a/frappe/tests/test_db_query.py
+++ b/frappe/tests/test_db_query.py
@ -133,6 +133,9 @@ class TestReportview(unittest.TestCase):
 		self.assertRaises(frappe.DataError, DatabaseQuery("DocType").execute,
 			fields=["name", "issingle from tabDocType order by 2 --"],limit_start=0, limit_page_length=1)

+		self.assertRaises(frappe.DataError, DatabaseQuery("DocType").execute,
+			fields=["name", "1' UNION SELECT * FROM __Auth --"],limit_start=0, limit_page_length=1)
+
 		data = DatabaseQuery("DocType").execute(fields=["name", "issingle", "count(name)"],
 			limit_start=0, limit_page_length=1)
 		self.assertTrue('count(name)' in data[0])