[fix] use sqlparse to ensure only one query is executed in frappe.db.sql

pirms 10 gadiem · 50b80c89a2
--- a/frappe/database.py
+++ b/frappe/database.py
@@ -17,6 +17,7 @@ import frappe.model.meta
 from frappe.utils import now, get_datetime, cstr
 from frappe import _
 from types import StringType, UnicodeType
 import sqlparse

 class Database:
 	"""
@@ -220,21 +221,8 @@ class Database:
 		if frappe.flags.in_install_db or frappe.flags.in_install:
 			return

 		query_lower = query.lower().split(";")

 		if len(query_lower) > 1:
 			for q in query_lower[1:]:
 				if q.strip() and q.strip().split()[0] in (
 					"update",
 					"truncate",
 					"alter",
 					"drop",
 					"create",
 					"begin",
 					"start transaction",
 					"commit"
 				):
 					frappe.throw(_("Cannot have more than one SQL statement in a query."), frappe.SQLError)
 		if ";" in query and len(sqlparse.parse(query)) > 1:
 			frappe.throw(_("Cannot have more than one SQL statement in a query."), frappe.SQLError)

 	def fetch_as_dict(self, formatted=0, as_utf8=0):
 		"""Internal. Converts results to dict."""
--- a/requirements.txt
+++ b/requirements.txt
@@ -28,3 +28,4 @@ html2text
 email_reply_parser
 click
 num2words
 sqlparse