Fix 500 errors entering a webhook URL not encoded
What does this MR do?
This fixes 500 errors entering a webhook URL not encoded.
The problem
# This raises an error
URI.parse('http://server.com/my path/')
URI::InvalidURIError: bad URI(is not URI?): "http://server.com/my path/"
# Escape the user's input works
URI.parse(Addressable::URI.escape('http://server.com/my path/'))
=> #<URI::HTTP http://server.com/my%20path/>
# But if the user's input is already escaped, we have a double escaping problem
URI.parse(Addressable::URI.escape('http://server.com/my%20path/'))
=> #<URI::HTTP http://server.com/my%2520path/>
Solution
We are already recommending to the users to use encoded parameters, eg. from API documentation https://docs.gitlab.com/ee/api/repository_submodules.html#update-existing-submodule-reference-in-repository
The ID or URL-encoded path of the project owned by the authenticated user
In this case, the approach should be the same. The user should enter a URL-encoded to avoid any problem. Webhooks is a feature where the users normally have advance knowledge, so the error messages here are not filtered for any exception, same for URI::InvalidURIError
, eg:
Related to #222970 (closed) and #207742 (closed)
Edited by Arturo Herrero