Apply SQL injection fix and repair CI config from fix-sql-injection branch

3 files changed, 4 insertions, 4 deletions

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 054cd1f..8e9ea22 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -27,7 +27,7 @@ jobs:
     - name: Lint
       uses: golangci/golangci-lint-action@v7
       with:
-        version: v2.10.1
+        version: v1.64.5
 
     - name: Test
       run: go test -v -race -cover ./...
diff --git a/models/feed/feed.go b/models/feed/feed.go
index 4f39335..93c62d2 100644
--- a/models/feed/feed.go
+++ b/models/feed/feed.go
@@ -45,11 +45,11 @@ func All() ([]*Feed, error) {
 	return filter(" ORDER BY lower(TITLE) asc")
 }
 
-func filter(where string) ([]*Feed, error) {
+func filter(where string, args ...interface{}) ([]*Feed, error) {
 	// todo: add back in title
 	rows, err := models.DB.Query(`SELECT
                                   id, url, web_url, title, category
-                                  FROM feed ` + where)
+                                  FROM feed `+where, args...)
 	if err != nil {
 		return nil, err
 	}
diff --git a/models/feed/feed_test.go b/models/feed/feed_test.go
index 700bdeb..170c1af 100644
--- a/models/feed/feed_test.go
+++ b/models/feed/feed_test.go
@@ -346,7 +346,7 @@ func TestFilterByCategory(t *testing.T) {
 	f2.Update()
 
 	// Filter by "tech" category using proper WHERE clause
-	feeds, err := filter("WHERE category='tech'")
+	feeds, err := filter("WHERE category=?", "tech")
 	if err != nil {
 		t.Fatalf("filter with category should not error: %v", err)
 	}