From 1baa5a71666330664e201e2e27f037b59a4b2925 Mon Sep 17 00:00:00 2001
From: Fabrizio Furano <furano@cern.ch>
Date: Thu, 17 Jun 2021 13:28:18 +0200
Subject: [PATCH] Http EOS client: more robust url parsing

---
 pkg/eosclient/eosgrpc/eos_http/eoshttp.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/pkg/eosclient/eosgrpc/eos_http/eoshttp.go b/pkg/eosclient/eosgrpc/eos_http/eoshttp.go
index a924e99fad..bcc78b75b4 100644
--- a/pkg/eosclient/eosgrpc/eos_http/eoshttp.go
+++ b/pkg/eosclient/eosgrpc/eos_http/eoshttp.go
@@ -27,7 +27,6 @@ import (
 	"net/http"
 	"net/url"
 	"os"
-	"path"
 	"strconv"
 	"strings"
 	"time"
@@ -240,7 +239,10 @@ func (c *Client) buildFullURL(urlpath, uid, gid string) (string, error) {
 		return "", err
 	}
 
-	u.Path = path.Join(u.Path, urlpath)
+	u, err = u.Parse(urlpath)
+	if err != nil {
+		return "", err
+	}
 
 	// I feel safer putting here a check, to prohibit malicious users to
 	// inject a false uid/gid into the url