Merge branch 'security-fix-malicious-comment-master' into 'master'

Fix null byte error in upload path

Closes #148

See merge request gitlab-org/security/gitlab!571

changelogs/unreleased/security-fix-malicious-comment-master.yml

+---
+title: Fix null byte error in upload path
+merge_request:
+author:
+type: security

lib/banzai/filter/base_relative_link_filter.rb

@@ -38,7 +38,7 @@ module Banzai
       private
 
       def unescape_and_scrub_uri(uri)
-        Addressable::URI.unescape(uri).scrub
+        Addressable::URI.unescape(uri).scrub.delete("\0")
       end
     end
   end

spec/lib/banzai/filter/upload_link_filter_spec.rb

@@ -229,6 +229,7 @@ RSpec.describe Banzai::Filter::UploadLinkFilter do
       'invalid UTF-8 byte sequences' | '%FF'
       'garbled path'                 | 'open(/var/tmp/):%20/location%0Afrom:%20/test'
       'whitespace'                   | "d18213acd3732630991986120e167e3d/Landscape_8.jpg\nand more"
+      'null byte'                    | "%00"
     end
 
     with_them do