Defect #18201
open
Internal server error (500): invalid byte sequence in UTF-8
0%
Description
Hi, tonight my local Redmine instance (2.6.0) was visited by YandexBot with an invalid URL:
/login?%BB%A1%20%AA%13%BD%F4%06r
For this input Redmine returned the following error message:
ArgumentError: invalid byte sequence in UTF-8
The reason seems to be an invalid UTF-8 encoding which Rails can not decode successfully. After short googling, I successfully added a gem which tries to sanitize such URLs by replacing invalid bytes (https://github.com/sunny/handle_invalid_percent_encoding_requests, based on discussion http://stackoverflow.com/questions/24648206/ruby-on-rails-invalid-byte-sequence-in-utf-8-due-to-bot), and it works for the above link.
Maybe there is even a better solution, but I think it would be favourable to make Redmine more robust either way.
Regards,
Björn
Updated by Jean-Philippe Lang about 10 years ago
The problem was discussed here: https://github.com/rack/rack/issues/673 and closed as a Rails bug by the rack team.
Same behaviour with trunk and Rails 4.1 but I'm not really in favor of adding this gem to Redmine.
Updated by Björn Peemöller about 10 years ago
I can understand that because this gem is really just a workaround. I manually added this gem for my installation, so I'm fine. Hopefully this issue will be fixed in Rails 4.2 some day.