From f2252568f63a2d9162edaff2defc3155a5e75156 Mon Sep 17 00:00:00 2001 From: Saurabh Date: Tue, 5 Dec 2017 16:07:17 +0530 Subject: [PATCH 1/3] [fix] sanitize input on search page (#4565) --- frappe/www/search.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/frappe/www/search.py b/frappe/www/search.py index d9027da77c..baf2be4e63 100644 --- a/frappe/www/search.py +++ b/frappe/www/search.py @@ -3,10 +3,12 @@ import frappe from frappe.utils.global_search import web_search from html2text import html2text from frappe import _ +from jinja2 import utils def get_context(context): context.no_cache = 1 if frappe.form_dict.q: + frappe.form_dict.q = str(utils.escape(frappe.form_dict.q)) context.title = _('Search Results for "{0}"').format(frappe.form_dict.q) context.update(get_search_results(frappe.form_dict.q)) else: From d01ba3c051413c2119cafcf1421e9a604389a1e4 Mon Sep 17 00:00:00 2001 From: Achilles Rasquinha Date: Wed, 6 Dec 2017 14:15:18 +0530 Subject: [PATCH 2/3] Fixed Currency Precision during Display and Print (#4579) * Fixed Currency Issue for Display and Print * Fixed Codacy * Update formatters.js --- frappe/public/js/frappe/form/formatters.js | 27 +++++++++++----------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/frappe/public/js/frappe/form/formatters.js b/frappe/public/js/frappe/form/formatters.js index 64147dfc03..ae0aad8218 100644 --- a/frappe/public/js/frappe/form/formatters.js +++ b/frappe/public/js/frappe/form/formatters.js @@ -50,23 +50,24 @@ frappe.form.formatters = { Percent: function(value, docfield, options) { return frappe.form.formatters._right(flt(value, 2) + "%", options) }, - Currency: function(value, docfield, options, doc) { - var currency = frappe.meta.get_field_currency(docfield, doc); + Currency: function (value, docfield, options, doc) { + var currency = frappe.meta.get_field_currency(docfield, doc); var precision = docfield.precision || cint(frappe.boot.sysdefaults.currency_precision) || 2; + + // If you change anything below, it's going to hurt a company in UAE, a bit. if (precision > 2) { - let parts = cstr(value).split('.'); - let decimals = parts.length > 1 ? parts[1] : ''; - if (decimals.length < 3) { - // min precision 2 - precision = 2; - } else if (decimals.length < precision) { - // or min decimals - precision = decimals.length; + var parts = cstr(value).split("."); // should be minimum 2, comes from the DB + var decimals = parts.length > 1 ? parts[1] : ""; // parts.length == 2 ??? + + if ( decimals.length < 3 || decimals.length < precision ) { + const fraction = frappe.model.get_value(":Currency", currency, "fraction_units") || 100; // if not set, minimum 2. + precision = cstr(fraction).length - 1; } } - value = (value==null || value==="") ? - "" : format_currency(value, currency, precision); - if (options && options.only_value) { + + value = (value == null || value == "") ? "" : format_currency(value, currency, precision); + + if ( options && options.only_value ) { return value; } else { return frappe.form.formatters._right(value, options); From 83a08130ab5dc53727eeeff9a2c6553e0ec90bf3 Mon Sep 17 00:00:00 2001 From: Nabin Hait Date: Wed, 6 Dec 2017 14:46:03 +0600 Subject: [PATCH 3/3] bumped to version 9.2.21 --- frappe/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frappe/__init__.py b/frappe/__init__.py index 97d576d433..7cf02edd10 100644 --- a/frappe/__init__.py +++ b/frappe/__init__.py @@ -14,7 +14,7 @@ import os, sys, importlib, inspect, json from .exceptions import * from .utils.jinja import get_jenv, get_template, render_template, get_email_from_template -__version__ = '9.2.20' +__version__ = '9.2.21' __title__ = "Frappe Framework" local = Local()