From bdc9196b4a5ac28ed31023790616e4d0ee48501d Mon Sep 17 00:00:00 2001 From: Omar Roth Date: Fri, 22 Feb 2019 20:35:37 -0600 Subject: [PATCH] Escape email when creating feed for Google account --- src/invidious/users.cr | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/invidious/users.cr b/src/invidious/users.cr index 072638ba9..48d8008f3 100644 --- a/src/invidious/users.cr +++ b/src/invidious/users.cr @@ -145,7 +145,7 @@ def get_user(sid, headers, db, refresh = true) view_name = "subscriptions_#{sha256(user.email)[0..7]}" PG_DB.exec("CREATE MATERIALIZED VIEW #{view_name} AS \ SELECT * FROM channel_videos WHERE \ - ucid = ANY ((SELECT subscriptions FROM users WHERE email = '#{user.email}')::text[]) \ + ucid = ANY ((SELECT subscriptions FROM users WHERE email = E'#{user.email.gsub("'", "\\'")}')::text[]) \ ORDER BY published DESC;") rescue ex end @@ -167,7 +167,7 @@ def get_user(sid, headers, db, refresh = true) view_name = "subscriptions_#{sha256(user.email)[0..7]}" PG_DB.exec("CREATE MATERIALIZED VIEW #{view_name} AS \ SELECT * FROM channel_videos WHERE \ - ucid = ANY ((SELECT subscriptions FROM users WHERE email = '#{user.email}')::text[]) \ + ucid = ANY ((SELECT subscriptions FROM users WHERE email = E'#{user.email.gsub("'", "\\'")}')::text[]) \ ORDER BY published DESC;") rescue ex end