From 893435cca8093e4713e077785139989debe0bb1b Mon Sep 17 00:00:00 2001
From: Santo Cariotti <santo@dcariotti.me>
Date: Thu, 18 Mar 2021 19:24:33 +0100
Subject: fix: security with single quote on queries

This error was raised because it does not use the `prepare` method
---
 src/commit/models.rs | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/commit/models.rs b/src/commit/models.rs
index 2f1536b..7f6a9fc 100644
--- a/src/commit/models.rs
+++ b/src/commit/models.rs
@@ -108,15 +108,15 @@ impl Commit {
                 None => "NULL".to_string(),
             };
             raw_query += &format!(
-                "('{}', {}, '{}', '{}', '{}', '{}', '{}', '{}', '{}'),",
+                "('{}', {}, E'{}', '{}', '{}', E'{}', '{}', E'{}', '{}'),",
                 commit.hash,
                 tree,
-                commit.text,
+                commit.text.replace("'", "\\'"),
                 commit.date,
                 commit.author_email,
-                commit.author_name,
+                commit.author_name.replace("'", "\\'"),
                 commit.committer_email,
-                commit.committer_name,
+                commit.committer_name.replace("'", "\\'"),
                 commit.repository_url
             )[..]
         }
-- 
cgit v1.2.3-18-g5258