chore: typo

Co-authored-by: Sagar Vora <sagar@resilient.tech>

frappe/core/doctype/server_script/server_script.py

@@ -159,7 +159,7 @@ def execute_doc(self, doc: Document):
 			self.script,
 			_locals={"doc": doc},
 			restrict_commit_rollback=True,
-			filename=self.name,
+			script_filename=self.name,
 		)
 
 	def execute_scheduled_method(self):
@@ -171,7 +171,7 @@ def execute_scheduled_method(self):
 		if self.script_type != "Scheduler Event":
 			raise frappe.DoesNotExistError
 
-		safe_exec(self.script, filename=self.name)
+		safe_exec(self.script, script_filename=self.name)
 
 	def get_permission_query_conditions(self, user: str) -> list[str]:
 		"""Specific to Permission Query Server Scripts

frappe/query_builder/utils.py

@@ -116,6 +116,17 @@ def prepare_query(query):
 
 			if not check_safe_sql_query(query, throw=False):
 				callstack = inspect.stack()
+
+				# This check is required because QB can execute from anywhere and we can not
+				# reliably provide a safe version for it in server scripts.
+
+				# since query objects are patched everywhere any query.run()
+				# will have callstack like this:
+				# frame0: this function prepare_query()
+				# frame1: execute_query()
+				# frame2: frame that called `query.run()`
+				#
+				# if frame2 is server script <serverscript> is set as the filename it shouldn't be allowed.
 				if len(callstack) >= 3 and SERVER_SCRIPT_FILE_PREFIX in callstack[2].filename:
 					raise frappe.PermissionError("Only SELECT SQL allowed in scripting")