feat: allow WITH ... SELECT (CTE) SQL in query reports.

frappe/core/doctype/report/report.py

@@ -110,8 +110,15 @@ class Report(Document):
 		if not self.query:
 			frappe.throw(_("Must specify a Query to run"), title=_('Report Document Error'))
 
-		if not self.query.lower().startswith("select"):
-			frappe.throw(_("Query must be a SELECT"), title=_('Report Document Error'))
+		# Disallow SQL that writes to the database.
+		if (not self.query.lower().startswith("select") and
+		    not self.query.lower().startswith("with")):
+			frappe.throw(_("Query must be a SELECT or WITH"), title=_('Report Document Error'))
+
+		# As of MariaDB 10.9, CTE WITH statements can only be combined with a SELECT clause and
+		# therefore are read-only. Postgres allows WITH ... INSERT INTO statements.
+		if (self.query.lower().startswith("with") and frappe.db.db_type != "mariadb"):
+			frappe.throw(_("WITH queries are only allowed for MariaDB databases"), title=_('Report Document Error'))
 
 		result = [list(t) for t in frappe.db.sql(self.query, filters)]
 		columns = self.get_columns() or [cstr(c[0]) for c in frappe.db.get_description()]