From 40829414253a753ad184e3c75caaf91efa52d834 Mon Sep 17 00:00:00 2001 From: Krzysztof Kowalczyk Date: Fri, 2 Aug 2019 09:39:11 -0700 Subject: [PATCH] escape url query args --- client/auth.go | 10 ++++++---- client/storage.go | 4 +++- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/client/auth.go b/client/auth.go index 98646b8..172af00 100644 --- a/client/auth.go +++ b/client/auth.go @@ -2,19 +2,21 @@ package client import ( "bytes" - "cloud.google.com/go/firestore" "context" "encoding/json" "errors" "fmt" - "golang.org/x/oauth2" - "google.golang.org/api/option" "io/ioutil" "log" + "net/url" "os" "os/user" "path" "time" + + "cloud.google.com/go/firestore" + "golang.org/x/oauth2" + "google.golang.org/api/option" ) func (c *fuzzitClient) ReAuthenticate(force bool) error { @@ -42,7 +44,7 @@ func (c *fuzzitClient) ReAuthenticate(force bool) error { } if c.IdToken == "" || (time.Now().Unix()-c.LastRefresh) > 60*45 { - createCustomTokenEndpoint := fmt.Sprintf("%s/createCustomToken?api_key=%s", FuzzitEndpoint, c.ApiKey) + createCustomTokenEndpoint := fmt.Sprintf("%s/createCustomToken?api_key=%s", FuzzitEndpoint, url.QueryEscape(c.ApiKey)) r, err := c.httpClient.Get(createCustomTokenEndpoint) if err != nil { return err diff --git a/client/storage.go b/client/storage.go index b885ade..878f0b2 100755 --- a/client/storage.go +++ b/client/storage.go @@ -6,6 +6,7 @@ import ( "io/ioutil" "log" "net/http" + "net/url" "os" "time" ) @@ -17,7 +18,8 @@ type storageLinkResponse struct { } func (c *fuzzitClient) getStorageLink(storagePath string) (string, error) { - r, err := httpClient.Get(fmt.Sprintf("https://app.fuzzit.dev/getStorageLink?path=%s&api_key=%s", storagePath, c.ApiKey)) + uri := fmt.Sprintf("https://app.fuzzit.dev/getStorageLink?path=%s&api_key=%s", url.QueryEscape(storagePath), url.QueryEscape(c.ApiKey)) + r, err := httpClient.Get(uri) if err != nil { return "", err }