From 8eb86cdc49c3c2f69d8a64f855220ebd68be336c Mon Sep 17 00:00:00 2001 From: Adam Mathes Date: Tue, 17 Feb 2026 20:55:12 -0800 Subject: Apply SQL injection fix and repair CI config from fix-sql-injection branch --- .github/workflows/ci.yml | 2 +- models/feed/feed.go | 4 ++-- models/feed/feed_test.go | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 054cd1f..8e9ea22 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -27,7 +27,7 @@ jobs: - name: Lint uses: golangci/golangci-lint-action@v7 with: - version: v2.10.1 + version: v1.64.5 - name: Test run: go test -v -race -cover ./... diff --git a/models/feed/feed.go b/models/feed/feed.go index 4f39335..93c62d2 100644 --- a/models/feed/feed.go +++ b/models/feed/feed.go @@ -45,11 +45,11 @@ func All() ([]*Feed, error) { return filter(" ORDER BY lower(TITLE) asc") } -func filter(where string) ([]*Feed, error) { +func filter(where string, args ...interface{}) ([]*Feed, error) { // todo: add back in title rows, err := models.DB.Query(`SELECT id, url, web_url, title, category - FROM feed ` + where) + FROM feed `+where, args...) if err != nil { return nil, err } diff --git a/models/feed/feed_test.go b/models/feed/feed_test.go index 700bdeb..170c1af 100644 --- a/models/feed/feed_test.go +++ b/models/feed/feed_test.go @@ -346,7 +346,7 @@ func TestFilterByCategory(t *testing.T) { f2.Update() // Filter by "tech" category using proper WHERE clause - feeds, err := filter("WHERE category='tech'") + feeds, err := filter("WHERE category=?", "tech") if err != nil { t.Fatalf("filter with category should not error: %v", err) } -- cgit v1.2.3