Fix escaping in email query

2 files changed, 3 insertions, 3 deletions

diff --git a/src/invidious.cr b/src/invidious.cr
index d2d20284..90b428f6 100644
--- a/src/invidious.cr
+++ b/src/invidious.cr
@@ -3389,7 +3389,7 @@ post "/feed/webhook/:token" do |env|
       if emails.empty?
         values = "'{}'"
       else
-        values = "VALUES #{emails.map { |id| %(('#{id}')) }.join(",")}"
+        values = "VALUES #{emails.map { |email| %((E'#{email.gsub({'\'' => "\\'", '\\' => "\\\\"})}')) }.join(",")}"
       end
 
       PG_DB.exec("UPDATE users SET feed_needs_update = true WHERE email = ANY(#{values})")
diff --git a/src/invidious/channels.cr b/src/invidious/channels.cr
index 2d911089..71ed4d59 100644
--- a/src/invidious/channels.cr
+++ b/src/invidious/channels.cr
@@ -281,7 +281,7 @@ def fetch_channel(ucid, db, pull_all_videos = true, locale = nil)
     if emails.empty?
       values = "'{}'"
     else
-      values = "VALUES #{emails.map { |id| %(('#{id}')) }.join(",")}"
+      values = "VALUES #{emails.map { |email| %((E'#{email.gsub({'\'' => "\\'", '\\' => "\\\\"})}')) }.join(",")}"
     end
 
     db.exec("UPDATE users SET feed_needs_update = true WHERE email = ANY(#{values})")
@@ -349,7 +349,7 @@ def fetch_channel(ucid, db, pull_all_videos = true, locale = nil)
           if emails.empty?
             values = "'{}'"
           else
-            values = "VALUES #{emails.map { |id| %(('#{id}')) }.join(",")}"
+            values = "VALUES #{emails.map { |email| %((E'#{email.gsub({'\'' => "\\'", '\\' => "\\\\"})}')) }.join(",")}"
           end
 
           db.exec("UPDATE users SET feed_needs_update = true WHERE email = ANY(#{values})")