[minor] Escape special characters (#11855)

frappe · Dec 6, 2017 · 1b16bca · 1b16bca
1 parent 6a418f2
commit 1b16bca
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/erpnext/setup/doctype/item_group/item_group.py b/erpnext/setup/doctype/item_group/item_group.py
@@ -81,7 +81,7 @@ def get_context(self, context):
 
 @frappe.whitelist(allow_guest=True)
 def get_product_list_for_group(product_group=None, start=0, limit=10, search=None):
-	child_groups = ", ".join(['"' + i[0] + '"' for i in get_child_groups(product_group)])
+	child_groups = ", ".join(['"' + frappe.db.escape(i[0]) + '"' for i in get_child_groups(product_group)])
 
 	# base query
 	query = """select name, item_name, item_code, route, image, website_image, thumbnail, item_group,