Add latest changes from gitlab-org/security/gitlab@13-1-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-06-29 19:21:38 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-06-29 19:21:38 +0000
commit: 11e9b7b58837da351f08c18e6f0f4faba4d7d301 (patch)
tree: d9b28159a53c3814c8a2e6b33a5f01557b757439 /lib/banzai
parent: 2b0b97e746e327c6168505df7740e667b690a27f (diff)
download: gitlab-ce-11e9b7b58837da351f08c18e6f0f4faba4d7d301.tar.gz
2 files changed, 2 insertions, 2 deletions
diff --git a/lib/banzai/filter/abstract_reference_filter.rb b/lib/banzai/filter/abstract_reference_filter.rb
index 5962403d488..f142333d797 100644
--- a/lib/banzai/filter/abstract_reference_filter.rb
+++ b/lib/banzai/filter/abstract_reference_filter.rb
@@ -253,7 +253,7 @@ module Banzai
         object_parent_type = parent.is_a?(Group) ? :group : :project
 
         {
-          original:             text,
+          original:             escape_html_entities(text),
           link:                 link_content,
           link_reference:       link_reference,
           object_parent_type => parent.id,
diff --git a/lib/banzai/filter/base_relative_link_filter.rb b/lib/banzai/filter/base_relative_link_filter.rb
index eca105ce9d9..fd526df4c48 100644
--- a/lib/banzai/filter/base_relative_link_filter.rb
+++ b/lib/banzai/filter/base_relative_link_filter.rb
@@ -38,7 +38,7 @@ module Banzai
       private
 
       def unescape_and_scrub_uri(uri)
-        Addressable::URI.unescape(uri).scrub
+        Addressable::URI.unescape(uri).scrub.delete("\0")
       end
     end
   end
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-06-29 19:21:38 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-06-29 19:21:38 +0000
commit	11e9b7b58837da351f08c18e6f0f4faba4d7d301 (patch)
tree	d9b28159a53c3814c8a2e6b33a5f01557b757439 /lib/banzai
parent	2b0b97e746e327c6168505df7740e667b690a27f (diff)
download	gitlab-ce-11e9b7b58837da351f08c18e6f0f4faba4d7d301.tar.gz