From b61a291cf3583d5ab5c023cd53459548870b7160 Mon Sep 17 00:00:00 2001
From: Roman Rizzi <rizziromanalejandro@gmail.com>
Date: Tue, 26 May 2020 10:32:48 -0300
Subject: [PATCH] FIX: returns false if the upload url is an invalid mailto
 link (#9877)

---
 lib/file_store/s3_store.rb      | 2 +-
 spec/multisite/s3_store_spec.rb | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/file_store/s3_store.rb b/lib/file_store/s3_store.rb
index f42fa73057b..5007b741e8e 100644
--- a/lib/file_store/s3_store.rb
+++ b/lib/file_store/s3_store.rb
@@ -81,7 +81,7 @@ module FileStore
 
       begin
         parsed_url = URI.parse(URI.encode(url))
-      rescue URI::InvalidURIError
+      rescue URI::InvalidURIError, URI::InvalidComponentError
         return false
       end
 
diff --git a/spec/multisite/s3_store_spec.rb b/spec/multisite/s3_store_spec.rb
index 064c699a12b..5681a1df8dc 100644
--- a/spec/multisite/s3_store_spec.rb
+++ b/spec/multisite/s3_store_spec.rb
@@ -259,5 +259,11 @@ RSpec.describe 'Multisite s3 uploads', type: :multisite do
       url = "https://www.someotherhostname.com/test/original/2X/d/dd7964f5fd13e1103c5244ca30abe1936c0a4b88.png"
       expect(store.has_been_uploaded?(url)).to eq(true)
     end
+
+    it "returns false if the URI is an invalid mailto link" do
+      link = 'mailto: roman;@test.com'
+
+      expect(store.has_been_uploaded?(link)).to eq(false)
+    end
   end
 end