diff --git a/frappe/__init__.py b/frappe/__init__.py index 39dc793dc8..1d09bcbfe8 100644 --- a/frappe/__init__.py +++ b/frappe/__init__.py @@ -17,7 +17,7 @@ from faker import Faker from .exceptions import * from .utils.jinja import (get_jenv, get_template, render_template, get_email_from_template, get_jloader) -__version__ = '10.1.64' +__version__ = '10.1.65' __title__ = "Frappe Framework" local = Local() diff --git a/frappe/commands/site.py b/frappe/commands/site.py index 61576fcb25..39ac607aa5 100755 --- a/frappe/commands/site.py +++ b/frappe/commands/site.py @@ -461,7 +461,7 @@ def _set_limits(context, site, limits): if limit not in ('daily_emails', 'emails', 'space', 'users', 'email_group', 'currency', 'expiry', 'support_email', 'support_chat', 'upgrade_url', 'subscription_id', 'subscription_type', 'current_plan', 'subscription_base_price', 'upgrade_plan', - 'upgrade_base_price'): + 'upgrade_base_price', 'cancellation_url'): frappe.throw(_('Invalid limit {0}').format(limit)) if limit=='expiry' and value: @@ -483,7 +483,7 @@ def _set_limits(context, site, limits): @click.command('clear-limits') @click.option('--site', help='site name') @click.argument('limits', nargs=-1, type=click.Choice(['emails', 'space', 'users', 'email_group', - 'expiry', 'support_email', 'support_chat', 'upgrade_url', 'daily_emails'])) + 'expiry', 'support_email', 'support_chat', 'upgrade_url', 'daily_emails', 'cancellation_url'])) @pass_context def clear_limits(context, site, limits): """Clears given limit from the site config, and removes limit from site config if its empty""" diff --git a/frappe/desk/reportview.py b/frappe/desk/reportview.py index 53a38d7e18..bd863a6022 100644 --- a/frappe/desk/reportview.py +++ b/frappe/desk/reportview.py @@ -83,7 +83,7 @@ def compress(data, args = {}): for row in data: new_row = [] for key in keys: - new_row.append(row[key]) + new_row.append(row.get(key)) values.append(new_row) if args.get("add_total_row"): diff --git a/frappe/email/doctype/auto_email_report/auto_email_report.py b/frappe/email/doctype/auto_email_report/auto_email_report.py index 840ae95322..37a5e247d0 100644 --- a/frappe/email/doctype/auto_email_report/auto_email_report.py +++ b/frappe/email/doctype/auto_email_report/auto_email_report.py @@ -111,7 +111,7 @@ class AutoEmailReport(Document): new_row = [] out.append(new_row) for df in columns: - if not row.get(df.fieldname): continue + if not row.has_key(df.fieldname): continue new_row.append(frappe.format(row[df.fieldname], df, row)) return out diff --git a/frappe/model/db_query.py b/frappe/model/db_query.py index 7593071c36..efd5a9e61d 100644 --- a/frappe/model/db_query.py +++ b/frappe/model/db_query.py @@ -204,7 +204,7 @@ class DatabaseQuery(object): if re.compile("^(select|delete|update|drop|create)\s").match(field): _raise_exception() - elif re.compile("\s*[a-zA-z]*\s*( from | group by | order by | where | join )").match(field): + elif re.compile("\s*[0-9a-zA-z]*\s*( from | group by | order by | where | join )").match(field): _raise_exception() for field in self.fields: @@ -218,10 +218,10 @@ class DatabaseQuery(object): if any("{0}(".format(keyword) in field.lower() for keyword in blacklisted_functions): _raise_exception() - if re.compile("[a-zA-Z]+\s*'").match(field): + if re.compile("[0-9a-zA-Z]+\s*'").match(field): _raise_exception() - if re.compile('[a-zA-Z]+\s*,').match(field): + if re.compile('[0-9a-zA-Z]+\s*,').match(field): _raise_exception() _is_query(field) diff --git a/frappe/public/css/docs.css b/frappe/public/css/docs.css index df0049e15c..3c57d0bf45 100644 --- a/frappe/public/css/docs.css +++ b/frappe/public/css/docs.css @@ -181,7 +181,7 @@ font-style: normal; text-decoration: inherit; -webkit-font-smoothing: antialiased; - *margin-right: .3em; + *margin-right: 0.3em; display: inline-block; speak: none; font-size: 24px; diff --git a/frappe/public/css/list.css b/frappe/public/css/list.css index 61fbf149e3..3befc646be 100644 --- a/frappe/public/css/list.css +++ b/frappe/public/css/list.css @@ -73,7 +73,7 @@ } .filter-box .filter-field { padding-right: 15px; - width: calc(64%); + width: calc(100% - 36px); } .filter-box .filter-field .frappe-control { position: relative; @@ -233,7 +233,7 @@ input.list-row-checkbox { .taggle_list .taggle:hover { padding: 2px 15px 2px 4px; background: #cfdce5; - transition: all .2s; + transition: all 0.2s; } .taggle_list li { margin-bottom: 0; diff --git a/frappe/public/css/mobile.css b/frappe/public/css/mobile.css index f21407b636..7f922ffd1d 100644 --- a/frappe/public/css/mobile.css +++ b/frappe/public/css/mobile.css @@ -150,7 +150,7 @@ body { font-style: normal; text-decoration: inherit; -webkit-font-smoothing: antialiased; - *margin-right: .3em; + *margin-right: 0.3em; display: inline-block; speak: none; font-size: 24px; diff --git a/frappe/public/css/navbar.css b/frappe/public/css/navbar.css index d26ba99674..1e95a8c533 100644 --- a/frappe/public/css/navbar.css +++ b/frappe/public/css/navbar.css @@ -181,7 +181,7 @@ font-style: normal; text-decoration: inherit; -webkit-font-smoothing: antialiased; - *margin-right: .3em; + *margin-right: 0.3em; display: inline-block; speak: none; font-size: 24px; diff --git a/frappe/public/css/page.css b/frappe/public/css/page.css index efec9251a7..6fc3d8d9a9 100644 --- a/frappe/public/css/page.css +++ b/frappe/public/css/page.css @@ -22,7 +22,7 @@ @media (min-width: 767px) { .page-body { overflow-x: hidden; - min-height: calc(60vh); + min-height: calc(100vh - 40px); } } .page-title { diff --git a/frappe/tests/test_db_query.py b/frappe/tests/test_db_query.py index 01258e4e0b..31a3a9015a 100644 --- a/frappe/tests/test_db_query.py +++ b/frappe/tests/test_db_query.py @@ -133,6 +133,9 @@ class TestReportview(unittest.TestCase): self.assertRaises(frappe.DataError, DatabaseQuery("DocType").execute, fields=["name", "issingle from tabDocType order by 2 --"],limit_start=0, limit_page_length=1) + self.assertRaises(frappe.DataError, DatabaseQuery("DocType").execute, + fields=["name", "1' UNION SELECT * FROM __Auth --"],limit_start=0, limit_page_length=1) + data = DatabaseQuery("DocType").execute(fields=["name", "issingle", "count(name)"], limit_start=0, limit_page_length=1) self.assertTrue('count(name)' in data[0])