From 9e8ce181ee8f416a76779954fbf154ff67517b21 Mon Sep 17 00:00:00 2001 From: Ameya Shenoy Date: Thu, 15 Nov 2018 19:15:23 +0000 Subject: [PATCH 1/7] css: v10 built css --- frappe/public/css/docs.css | 2 +- frappe/public/css/list.css | 4 ++-- frappe/public/css/mobile.css | 2 +- frappe/public/css/navbar.css | 2 +- frappe/public/css/page.css | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/frappe/public/css/docs.css b/frappe/public/css/docs.css index df0049e15c..3c57d0bf45 100644 --- a/frappe/public/css/docs.css +++ b/frappe/public/css/docs.css @@ -181,7 +181,7 @@ font-style: normal; text-decoration: inherit; -webkit-font-smoothing: antialiased; - *margin-right: .3em; + *margin-right: 0.3em; display: inline-block; speak: none; font-size: 24px; diff --git a/frappe/public/css/list.css b/frappe/public/css/list.css index b3e8862e2a..bf0046f4e1 100644 --- a/frappe/public/css/list.css +++ b/frappe/public/css/list.css @@ -53,7 +53,7 @@ } .filter-box .filter_field { padding-right: 15px; - width: calc(64%); + width: calc(100% - 36px); } .filter-box .filter_field .frappe-control { position: relative; @@ -261,7 +261,7 @@ .taggle_list .taggle:hover { padding: 2px 15px 2px 4px; background: #cfdce5; - transition: all .2s; + transition: all 0.2s; } .taggle_list li { margin-bottom: 0; diff --git a/frappe/public/css/mobile.css b/frappe/public/css/mobile.css index f21407b636..7f922ffd1d 100644 --- a/frappe/public/css/mobile.css +++ b/frappe/public/css/mobile.css @@ -150,7 +150,7 @@ body { font-style: normal; text-decoration: inherit; -webkit-font-smoothing: antialiased; - *margin-right: .3em; + *margin-right: 0.3em; display: inline-block; speak: none; font-size: 24px; diff --git a/frappe/public/css/navbar.css b/frappe/public/css/navbar.css index d26ba99674..1e95a8c533 100644 --- a/frappe/public/css/navbar.css +++ b/frappe/public/css/navbar.css @@ -181,7 +181,7 @@ font-style: normal; text-decoration: inherit; -webkit-font-smoothing: antialiased; - *margin-right: .3em; + *margin-right: 0.3em; display: inline-block; speak: none; font-size: 24px; diff --git a/frappe/public/css/page.css b/frappe/public/css/page.css index efec9251a7..6fc3d8d9a9 100644 --- a/frappe/public/css/page.css +++ b/frappe/public/css/page.css @@ -22,7 +22,7 @@ @media (min-width: 767px) { .page-body { overflow-x: hidden; - min-height: calc(60vh); + min-height: calc(100vh - 40px); } } .page-title { From c0e7ceba137dfbe8cd570d2f2be9193a523811c3 Mon Sep 17 00:00:00 2001 From: rohitwaghchaure Date: Mon, 26 Nov 2018 16:47:07 +0530 Subject: [PATCH 2/7] [Fix] Auto email report, zero value row skipped (#6524) --- frappe/email/doctype/auto_email_report/auto_email_report.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frappe/email/doctype/auto_email_report/auto_email_report.py b/frappe/email/doctype/auto_email_report/auto_email_report.py index 4942d98375..a75c54f33b 100644 --- a/frappe/email/doctype/auto_email_report/auto_email_report.py +++ b/frappe/email/doctype/auto_email_report/auto_email_report.py @@ -108,7 +108,7 @@ class AutoEmailReport(Document): new_row = [] out.append(new_row) for df in columns: - if not row.get(df.fieldname): continue + if not row.has_key(df.fieldname): continue new_row.append(frappe.format(row[df.fieldname], df, row)) return out From d7794ed04b6cd4aa3d130a89a2ed3a0694fad47b Mon Sep 17 00:00:00 2001 From: Saurabh Date: Tue, 27 Nov 2018 12:53:19 +0530 Subject: [PATCH 3/7] additional key support --- frappe/commands/site.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/frappe/commands/site.py b/frappe/commands/site.py index 27d0b1c742..6c01fc1238 100755 --- a/frappe/commands/site.py +++ b/frappe/commands/site.py @@ -458,7 +458,7 @@ def _set_limits(context, site, limits): if limit not in ('daily_emails', 'emails', 'space', 'users', 'email_group', 'currency', 'expiry', 'support_email', 'support_chat', 'upgrade_url', 'subscription_id', 'subscription_type', 'current_plan', 'subscription_base_price', 'upgrade_plan', - 'upgrade_base_price'): + 'upgrade_base_price', 'cancellation_url'): frappe.throw(_('Invalid limit {0}').format(limit)) if limit=='expiry' and value: @@ -480,7 +480,7 @@ def _set_limits(context, site, limits): @click.command('clear-limits') @click.option('--site', help='site name') @click.argument('limits', nargs=-1, type=click.Choice(['emails', 'space', 'users', 'email_group', - 'expiry', 'support_email', 'support_chat', 'upgrade_url', 'daily_emails'])) + 'expiry', 'support_email', 'support_chat', 'upgrade_url', 'daily_emails', 'cancellation_url'])) @pass_context def clear_limits(context, site, limits): """Clears given limit from the site config, and removes limit from site config if its empty""" From 7195cfd03c568485a153d2b1f9794a8884a62b85 Mon Sep 17 00:00:00 2001 From: rohitwaghchaure Date: Wed, 28 Nov 2018 09:01:18 +0530 Subject: [PATCH 4/7] fix: KeyError: '_comment_count'(#6549) --- frappe/desk/reportview.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frappe/desk/reportview.py b/frappe/desk/reportview.py index 560d87465c..24bb092de9 100644 --- a/frappe/desk/reportview.py +++ b/frappe/desk/reportview.py @@ -82,7 +82,7 @@ def compress(data, args = {}): for row in data: new_row = [] for key in keys: - new_row.append(row[key]) + new_row.append(row.get(key)) values.append(new_row) if args.get("add_total_row"): From 1cb64cf06e5bd709024d52bdae1103bd26ae109d Mon Sep 17 00:00:00 2001 From: rohitwaghchaure Date: Wed, 28 Nov 2018 10:14:11 +0530 Subject: [PATCH 5/7] fix: Web form grid view for Text Editor showing toolbar (#6547) --- .../doctype/web_form/templates/web_form.html | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/frappe/website/doctype/web_form/templates/web_form.html b/frappe/website/doctype/web_form/templates/web_form.html index 6e193df690..69cae5d5d7 100644 --- a/frappe/website/doctype/web_form/templates/web_form.html +++ b/frappe/website/doctype/web_form/templates/web_form.html @@ -65,10 +65,10 @@ {% else %}
-{%- macro properties(field) %} +{%- macro properties(field, is_grid = False) %} name="{{ field.fieldname }}" data-fieldname="{{ field.fieldname }}" {% if field.placeholder -%} placeholder="{{ _(field.placeholder) }}" {%- endif %} - data-label="{{ _(field.label) }}" data-fieldtype="{{ field.fieldtype }}" + data-label="{{ _(field.label) }}" data-fieldtype="{{ 'Small Text' if is_grid else field.fieldtype }}" data-doctype="{{ field.parent }}" data-default="{{ field.default or "" }}" {{ field.reqd and "data-reqd=1" or "" }} {{ (read_only or field.read_only) and "disabled" or "" }} @@ -94,7 +94,7 @@ {{ _(field.label) }} {% endmacro %} -{% macro render_field(field, _doc=None, with_label=True) %} +{% macro render_field(field, _doc=None, with_label=True, is_grid=False) %} {% if field.hidden %} @@ -136,12 +136,12 @@ {{ help(field) }} - {% elif field.fieldtype in ("Text", "Small Text") %} + {% elif field.fieldtype in ("Text", "Small Text") or (is_grid and field.fieldtype == 'Text Editor') %}
{% if with_label %}{{ label(field) }}{% endif %} {{ help(field) }} + {{ properties(field, is_grid) }}>{{ value(field, _doc) }}
{% elif field.fieldtype == "Text Editor" %}
@@ -196,7 +196,8 @@ {% if df.in_list_view %} <{{ 'th' if d==None else 'td' }} style="width: {{ (df.columns or 2) * 8.3333 }}%;"> {% if d!=None %} - {{ render_field(df, d, False) }} + {% set is_grid = True if df.fieldtype == 'Text Editor' else False %} + {{ render_field(df, d, False, is_grid ) }} {% else %} {{ _(df.label) }} {% endif %} From 4738a9711a40a49645946c8765e99da37394f94b Mon Sep 17 00:00:00 2001 From: Saurabh Date: Wed, 28 Nov 2018 10:22:30 +0530 Subject: [PATCH 6/7] fix: tighten protection against sql injection (#6546) --- frappe/model/db_query.py | 6 +++--- frappe/tests/test_db_query.py | 3 +++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/frappe/model/db_query.py b/frappe/model/db_query.py index ed3b901084..9560b61e2f 100644 --- a/frappe/model/db_query.py +++ b/frappe/model/db_query.py @@ -205,7 +205,7 @@ class DatabaseQuery(object): if re.compile("^(select|delete|update|drop|create)\s").match(field): _raise_exception() - elif re.compile("\s*[a-zA-z]*\s*( from | group by | order by | where | join )").match(field): + elif re.compile("\s*[0-9a-zA-z]*\s*( from | group by | order by | where | join )").match(field): _raise_exception() for field in self.fields: @@ -219,10 +219,10 @@ class DatabaseQuery(object): if any("{0}(".format(keyword) in field.lower() for keyword in blacklisted_functions): _raise_exception() - if re.compile("[a-zA-Z]+\s*'").match(field): + if re.compile("[0-9a-zA-Z]+\s*'").match(field): _raise_exception() - if re.compile('[a-zA-Z]+\s*,').match(field): + if re.compile('[0-9a-zA-Z]+\s*,').match(field): _raise_exception() _is_query(field) diff --git a/frappe/tests/test_db_query.py b/frappe/tests/test_db_query.py index d07dfc4f07..d0021d7ff2 100644 --- a/frappe/tests/test_db_query.py +++ b/frappe/tests/test_db_query.py @@ -132,6 +132,9 @@ class TestReportview(unittest.TestCase): self.assertRaises(frappe.DataError, DatabaseQuery("DocType").execute, fields=["name", "issingle from tabDocType order by 2 --"],limit_start=0, limit_page_length=1) + self.assertRaises(frappe.DataError, DatabaseQuery("DocType").execute, + fields=["name", "1' UNION SELECT * FROM __Auth --"],limit_start=0, limit_page_length=1) + data = DatabaseQuery("DocType").execute(fields=["name", "issingle", "count(name)"], limit_start=0, limit_page_length=1) self.assertTrue('count(name)' in data[0]) From bb585e59d2acfe90b4f879641d97bf27acaf7379 Mon Sep 17 00:00:00 2001 From: Ameya Shenoy Date: Wed, 28 Nov 2018 07:42:16 +0000 Subject: [PATCH 7/7] bumped to version 10.1.65 --- frappe/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frappe/__init__.py b/frappe/__init__.py index 1942111218..60e80a7a77 100644 --- a/frappe/__init__.py +++ b/frappe/__init__.py @@ -14,7 +14,7 @@ import os, sys, importlib, inspect, json from .exceptions import * from .utils.jinja import get_jenv, get_template, render_template, get_email_from_template -__version__ = '10.1.64' +__version__ = '10.1.65' __title__ = "Frappe Framework" local = Local()