From 7b2ca55089d4fb65e574c7643d4ebdd307943011 Mon Sep 17 00:00:00 2001
From: Omar Roth <omarroth@protonmail.com>
Date: Mon, 4 Nov 2019 12:26:05 -0500
Subject: Fix escaping in email query

---
 src/invidious.cr | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/invidious.cr')

diff --git a/src/invidious.cr b/src/invidious.cr
index d2d20284..90b428f6 100644
--- a/src/invidious.cr
+++ b/src/invidious.cr
@@ -3389,7 +3389,7 @@ post "/feed/webhook/:token" do |env|
       if emails.empty?
         values = "'{}'"
       else
-        values = "VALUES #{emails.map { |id| %(('#{id}')) }.join(",")}"
+        values = "VALUES #{emails.map { |email| %((E'#{email.gsub({'\'' => "\\'", '\\' => "\\\\"})}')) }.join(",")}"
       end
 
       PG_DB.exec("UPDATE users SET feed_needs_update = true WHERE email = ANY(#{values})")
-- 
cgit v1.2.3