southfox/miniflux
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Use proper prepared statement for updateEnclosures

Browse source
This commit is contained in:
jvoisin 2024-02-25 23:13:01 +01:00 committed by Frédéric Guillot
parent 0f126d4d11
commit c961c6db7d
1 changed files with 5 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
internal/storage/enclosure.go
View file

@ -9,6 +9,8 @@ import (
"strings" "strings"
"miniflux.app/v2/internal/model" "miniflux.app/v2/internal/model"
"github.com/lib/pq"
) )
// GetEnclosures returns all attachments for the given entry. // GetEnclosures returns all attachments for the given entry.
@ -130,11 +132,8 @@ func (s *Storage) updateEnclosures(tx *sql.Tx, entry *model.Entry) error {
return nil return nil
} }
sqlValues := []any{entry.UserID, entry.ID} sqlValues := make([]string, len(entry.Enclosures))
sqlPlaceholders := []string{}
for _, enclosure := range entry.Enclosures { for _, enclosure := range entry.Enclosures {
sqlPlaceholders = append(sqlPlaceholders, fmt.Sprintf(`$%d`, len(sqlValues)+1))
sqlValues = append(sqlValues, strings.TrimSpace(enclosure.URL)) sqlValues = append(sqlValues, strings.TrimSpace(enclosure.URL))
if err := s.createEnclosure(tx, enclosure); err != nil { if err := s.createEnclosure(tx, enclosure); err != nil {
@ -146,12 +145,10 @@ func (s *Storage) updateEnclosures(tx *sql.Tx, entry *model.Entry) error {
DELETE FROM DELETE FROM
enclosures enclosures
WHERE WHERE
user_id=$1 AND entry_id=$2 AND url NOT IN (%s) user_id=$1 AND entry_id=$2 AND url <> ALL($3)
` `
query = fmt.Sprintf(query, strings.Join(sqlPlaceholders, `,`)) _, err := tx.Exec(query, entry.UserID, entry.ID, pq.Array(sqlValues))
_, err := tx.Exec(query, sqlValues...)
if err != nil { if err != nil {
return fmt.Errorf(`store: unable to delete old enclosures: %v`, err) return fmt.Errorf(`store: unable to delete old enclosures: %v`, err)
} }