Properly escape email when creating view

2024-07-04 10:31:54 +00:00 · 2019-02-02 15:27:19 -06:00 · 2019-02-02 15:27:19 -06:00 · 9989c8100a
commit 9989c8100a
parent d5c9b7dfe8
2 changed files with 2 additions and 2 deletions
--- a/src/invidious.cr
+++ b/src/invidious.cr
@ -1033,7 +1033,7 @@ post "/login" do |env|
      view_name = "subscriptions_#{sha256(user.email)[0..7]}"
      PG_DB.exec("CREATE MATERIALIZED VIEW #{view_name} AS \
        SELECT * FROM channel_videos WHERE \
-        ucid = ANY ((SELECT subscriptions FROM users WHERE email = '#{user.email}')::text[]) \
+        ucid = ANY ((SELECT subscriptions FROM users WHERE email = E'#{user.email.gsub("'", "\\'")}')::text[]) \
      ORDER BY published DESC;")

      if Kemal.config.ssl || CONFIG.https_only
--- a/src/invidious/views/components/player.ecr
+++ b/src/invidious/views/components/player.ecr
@ -121,7 +121,7 @@ player.on('error', function(event) {

      var currentTime = player.currentTime();
      var playbackRate = player.playbackRate();
-      var paused = player.paused()
+      var paused = player.paused();

      player.load();
      if (currentTime > 0.5) {