Apply SQL injection fix and repair CI config from fix-sql-injection branch

2 files changed, 3 insertions, 3 deletions

diff --git a/models/feed/feed.go b/models/feed/feed.go
index 4f39335..93c62d2 100644
--- a/models/feed/feed.go
+++ b/models/feed/feed.go
@@ -45,11 +45,11 @@ func All() ([]*Feed, error) {
 	return filter(" ORDER BY lower(TITLE) asc")
 }
 
-func filter(where string) ([]*Feed, error) {
+func filter(where string, args ...interface{}) ([]*Feed, error) {
 	// todo: add back in title
 	rows, err := models.DB.Query(`SELECT
                                   id, url, web_url, title, category
-                                  FROM feed ` + where)
+                                  FROM feed `+where, args...)
 	if err != nil {
 		return nil, err
 	}
diff --git a/models/feed/feed_test.go b/models/feed/feed_test.go
index 700bdeb..170c1af 100644
--- a/models/feed/feed_test.go
+++ b/models/feed/feed_test.go
@@ -346,7 +346,7 @@ func TestFilterByCategory(t *testing.T) {
 	f2.Update()
 
 	// Filter by "tech" category using proper WHERE clause
-	feeds, err := filter("WHERE category='tech'")
+	feeds, err := filter("WHERE category=?", "tech")
 	if err != nil {
 		t.Fatalf("filter with category should not error: %v", err)
 	}