From b215921a971e3b95ff6f93d63da3ffc70a10766f Mon Sep 17 00:00:00 2001
From: Gavin D'souza <gavin18d@gmail.com>
Date: Tue, 25 May 2021 21:44:54 +0530
Subject: [PATCH] fix: Convert only as_dict and debug values to bool

Given the scope of its usage at this point, this becomes a problem when you'd have a field named y,n, true, false and order_by that field, or have the same values for a document name that parent parameter would accept out of all those that Frappe REST allows.
---
 frappe/api.py | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/frappe/api.py b/frappe/api.py
index c69f76a755..6427cbfbd8 100644
--- a/frappe/api.py
+++ b/frappe/api.py
@@ -119,10 +119,11 @@ def handle():
 						frappe.local.form_dict.limit or frappe.local.form_dict.limit_page_length or 20,
 					)
 
-					# convert strings to native types
-					frappe.local.form_dict.update(
-						{x: sbool(y) for x, y in frappe.local.form_dict.items()}
-					)
+					# convert strings to native types - only as_dict and debug accept bool
+					for param in ["as_dict", "debug"]:
+						param_val = frappe.local.form_dict.get(param)
+						if param_val is not None:
+							frappe.local.form_dict[param] = sbool(param_val)
 
 					# evaluate frappe.get_list
 					data = frappe.call(frappe.client.get_list, doctype, **frappe.local.form_dict)