summaryrefslogtreecommitdiffstats
path: root/src/invidious.cr
diff options
context:
space:
mode:
authorOmar Roth <omarroth@protonmail.com>2019-11-04 12:26:05 -0500
committerOmar Roth <omarroth@protonmail.com>2019-11-04 12:26:05 -0500
commit7b2ca55089d4fb65e574c7643d4ebdd307943011 (patch)
tree490197755c6615bfc8b6b7acd7d8d8db449e2ab6 /src/invidious.cr
parentf6ef0b684a05bc7f0260872268df484a77e78e7f (diff)
downloadinvidious-7b2ca55089d4fb65e574c7643d4ebdd307943011.tar.gz
invidious-7b2ca55089d4fb65e574c7643d4ebdd307943011.tar.bz2
invidious-7b2ca55089d4fb65e574c7643d4ebdd307943011.zip
Fix escaping in email query
Diffstat (limited to 'src/invidious.cr')
-rw-r--r--src/invidious.cr2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/invidious.cr b/src/invidious.cr
index d2d20284..90b428f6 100644
--- a/src/invidious.cr
+++ b/src/invidious.cr
@@ -3389,7 +3389,7 @@ post "/feed/webhook/:token" do |env|
if emails.empty?
values = "'{}'"
else
- values = "VALUES #{emails.map { |id| %(('#{id}')) }.join(",")}"
+ values = "VALUES #{emails.map { |email| %((E'#{email.gsub({'\'' => "\\'", '\\' => "\\\\"})}')) }.join(",")}"
end
PG_DB.exec("UPDATE users SET feed_needs_update = true WHERE email = ANY(#{values})")
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-16 23:44:44 +0000