Defect #18201
open
Internal server error (500): invalid byte sequence in UTF-8
0%
Description
Hi, tonight my local Redmine instance (2.6.0) was visited by YandexBot with an invalid URL:
/login?%BB%A1%20%AA%13%BD%F4%06r
For this input Redmine returned the following error message:
ArgumentError: invalid byte sequence in UTF-8
The reason seems to be an invalid UTF-8 encoding which Rails can not decode successfully. After short googling, I successfully added a gem which tries to sanitize such URLs by replacing invalid bytes (https://github.com/sunny/handle_invalid_percent_encoding_requests, based on discussion http://stackoverflow.com/questions/24648206/ruby-on-rails-invalid-byte-sequence-in-utf-8-due-to-bot), and it works for the above link.
Maybe there is even a better solution, but I think it would be favourable to make Redmine more robust either way.
Regards,
Björn
Updated by Jean-Philippe Lang almost 9 years ago
The problem was discussed here: https://github.com/rack/rack/issues/673 and closed as a Rails bug by the rack team.
Same behaviour with trunk and Rails 4.1 but I'm not really in favor of adding this gem to Redmine.
Updated by Björn Peemöller almost 9 years ago
I can understand that because this gem is really just a workaround. I manually added this gem for my installation, so I'm fine. Hopefully this issue will be fixed in Rails 4.2 some day.