rdelaage
/
miniflux-v2
mirror of https://github.com/miniflux/v2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use proper prepared statement for updateEnclosures

This commit is contained in:
jvoisin 2024-02-25 23:13:01 +01:00 committed by Frédéric Guillot
parent 0f126d4d11
commit c961c6db7d
1 changed files with 5 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
internal/storage/enclosure.go
View File

@ -9,6 +9,8 @@ import (
"strings"
"miniflux.app/v2/internal/model"
"github.com/lib/pq"
)
// GetEnclosures returns all attachments for the given entry.
@ -130,11 +132,8 @@ func (s *Storage) updateEnclosures(tx *sql.Tx, entry *model.Entry) error {
return nil
}
sqlValues := []any{entry.UserID, entry.ID}
sqlPlaceholders := []string{}
sqlValues := make([]string, len(entry.Enclosures))
for _, enclosure := range entry.Enclosures {
sqlPlaceholders = append(sqlPlaceholders, fmt.Sprintf(`$%d`, len(sqlValues)+1))
sqlValues = append(sqlValues, strings.TrimSpace(enclosure.URL))
if err := s.createEnclosure(tx, enclosure); err != nil {
@ -146,12 +145,10 @@ func (s *Storage) updateEnclosures(tx *sql.Tx, entry *model.Entry) error {
DELETE FROM
enclosures
WHERE
user_id=$1 AND entry_id=$2 AND url NOT IN (%s)
user_id=$1 AND entry_id=$2 AND url <> ALL($3)
`
query = fmt.Sprintf(query, strings.Join(sqlPlaceholders, `,`))
_, err := tx.Exec(query, sqlValues...)
_, err := tx.Exec(query, entry.UserID, entry.ID, pq.Array(sqlValues))
if err != nil {
return fmt.Errorf(`store: unable to delete old enclosures: %v`, err)
}