FIX: ignore invalid usernames in incoming link tracker

If an incoming link username has NULL in it simply ignore it

app/models/incoming_link.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class IncomingLink < ActiveRecord::Base
   belongs_to :post
   belongs_to :user
@@ -15,7 +17,8 @@ class IncomingLink < ActiveRecord::Base
     current_user = opts[:current_user]
 
     username = opts[:username]
-    username = nil unless String === username
+    username = nil if !(String === username)
+    username = nil if username&.include?("\0")
     if username
       u = User.select(:id).find_by(username_lower: username.downcase)
       user_id = u.id if u

spec/models/incoming_link_spec.rb

@@ -49,6 +49,12 @@ describe IncomingLink do
       IncomingLink.add(req(opts))
     end
 
+    it "does not explode with bad username" do
+      add(
+        username: "test\0test"
+      )
+    end
+
     it "does not explode with bad referer" do
       add(
         referer: 'file:///Applications/Install/75067ABC-C9D1-47B7-8ACE-76AEDE3911B2/Install/',