From f2af3db1932ddeba99f7e1b1abb53311d4c65f88 Mon Sep 17 00:00:00 2001
From: Simone Basso <bassosimone@gmail.com>
Date: Fri, 22 Jan 2021 12:14:19 +0100
Subject: [PATCH] fix(show): make sure we quote URL/query (#196)

---
 internal/database/actions.go | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/internal/database/actions.go b/internal/database/actions.go
index a82eeed..cbd20cc 100644
--- a/internal/database/actions.go
+++ b/internal/database/actions.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"io/ioutil"
 	"net/http"
+	"net/url"
 	"os"
 	"path/filepath"
 	"reflect"
@@ -59,11 +60,19 @@ func GetMeasurementJSON(sess sqlbuilder.Database, measurementID int64) (map[stri
 	if measurement.IsUploaded {
 		// TODO(bassosimone): this should be a function exposed by probe-engine
 		reportID := measurement.Measurement.ReportID.String
-		measurementURL := fmt.Sprintf("https://api.ooni.io/api/v1/raw_measurement?report_id=%s", reportID)
-		if measurement.URL.URL.Valid == true {
-			measurementURL += "&input=" + measurement.URL.URL.String
+		measurementURL := &url.URL{
+			Scheme: "https",
+			Host:   "api.ooni.io",
+			Path:   "/api/v1/raw_measurement",
 		}
-		resp, err := http.Get(measurementURL)
+		query := url.Values{}
+		query.Add("report_id", reportID)
+		if measurement.URL.URL.Valid == true {
+			query.Add("input", measurement.URL.URL.String)
+		}
+		measurementURL.RawQuery = query.Encode()
+		log.Debugf("using %s", measurementURL.String())
+		resp, err := http.Get(measurementURL.String())
 		if err != nil {
 			log.Errorf("failed to fetch the measurement %s %s", reportID, measurement.URL.URL.String)
 			return nil, err