From d585f9d9a3bd7c272a02e1d3d52990bc6ecb37a3 Mon Sep 17 00:00:00 2001
From: alezakos <electrovesta@gmail.com>
Date: Tue, 11 Sep 2018 22:58:57 +0300
Subject: MM-11895: Don't crush user-provided GET parameters on slash command
 URLs (#9372)

---
 api4/command_test.go | 3 ++-
 app/command.go       | 6 +++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/api4/command_test.go b/api4/command_test.go
index 96025c063..10ffbc695 100644
--- a/api4/command_test.go
+++ b/api4/command_test.go
@@ -491,6 +491,7 @@ func TestExecuteGetCommand(t *testing.T) {
 
 		require.Equal(t, token, values.Get("token"))
 		require.Equal(t, th.BasicTeam.Name, values.Get("team_domain"))
+		require.Equal(t, "ourCommand", values.Get("cmd"))
 
 		w.Header().Set("Content-Type", "application/json")
 		w.Write([]byte(expectedCommandResponse.ToJson()))
@@ -500,7 +501,7 @@ func TestExecuteGetCommand(t *testing.T) {
 	getCmd := &model.Command{
 		CreatorId: th.BasicUser.Id,
 		TeamId:    th.BasicTeam.Id,
-		URL:       ts.URL,
+		URL:       ts.URL + "/?cmd=ourCommand",
 		Method:    model.COMMAND_METHOD_GET,
 		Trigger:   "getcommand",
 		Token:     token,
diff --git a/app/command.go b/app/command.go
index 124668f6b..a1902bd10 100644
--- a/app/command.go
+++ b/app/command.go
@@ -233,7 +233,11 @@ func (a *App) ExecuteCommand(args *model.CommandArgs) (*model.CommandResponse, *
 				var req *http.Request
 				if cmd.Method == model.COMMAND_METHOD_GET {
 					req, _ = http.NewRequest(http.MethodGet, cmd.URL, nil)
-					req.URL.RawQuery = p.Encode()
+
+					if req.URL.RawQuery != "" {
+						req.URL.RawQuery += "&"
+					}
+					req.URL.RawQuery += p.Encode()
 				} else {
 					req, _ = http.NewRequest(http.MethodPost, cmd.URL, strings.NewReader(p.Encode()))
 				}
-- 
cgit v1.2.3-1-g7c22