From a10ab94b068c31601c7d4ab0062b9d567af6cee2 Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Wed, 13 Jan 2016 07:05:28 -0800
Subject: Gracefully handle invalid UTF-8 sequences in Markdown links

Closes #6077
---
 CHANGELOG                             | 1 +
 lib/banzai/filter/reference_filter.rb | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/CHANGELOG b/CHANGELOG
index 2e0eee52a59..64121d05143 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -13,6 +13,7 @@ v 8.4.0 (unreleased)
   - Autocomplete data is now always loaded, instead of when focusing a comment text area
   - Improved performance of finding issues for an entire group
   - Added custom application performance measuring system powered by InfluxDB
+  - Gracefully handle invalid UTF-8 sequences in Markdown links (Stan Hu)
   - Bump fog to 1.36.0 (Stan Hu)
   - Add user's last used IP addresses to admin page (Stan Hu)
   - Add housekeeping function to project settings page
diff --git a/lib/banzai/filter/reference_filter.rb b/lib/banzai/filter/reference_filter.rb
index 20bd4f7ee6e..3637b1bac94 100644
--- a/lib/banzai/filter/reference_filter.rb
+++ b/lib/banzai/filter/reference_filter.rb
@@ -133,6 +133,7 @@ module Banzai
           next unless link && text
 
           link = CGI.unescape(link)
+          next unless link.force_encoding('UTF-8').valid_encoding?
           # Ignore ending punctionation like periods or commas
           next unless link == text && text =~ /\A#{pattern}/
 
@@ -170,6 +171,7 @@ module Banzai
 
           next unless link && text
           link = CGI.unescape(link)
+          next unless link.force_encoding('UTF-8').valid_encoding?
           next unless link && link =~ /\A#{pattern}\z/
 
           html = yield link, text
-- 
cgit v1.2.1