Repository settings page returns 500 error due to invalid character in mirror URL

Summary

Opening this issue for visibility only, as it seems to have been fixed in v12.1.4-ee

On the repository settings page (/<project>/-/settings/repository), the user is able to enter a backtick character in their mirror URL, which causes 500 errors when trying to access that settings page again.

Related to https://gitlab.com/gitlab-org/gitlab-ee/issues/1715 in that improper user input can cause reproducible 500 errors, although the cause is not identical.

Steps to reproduce

1. Set up a new Project
2. Go to that Project -> Settings -> Repository
3. Create a new pull mirror, specifying an otherwise valid URL but include a backtick character anywhere in the string, enter auth information if needed, and create the mirror
4. Return to the /<project>/-/settings/repository page and see a 500 error

What is the current bug behavior?

When the user creates a remote mirror whose URL contains a backtick character, the /<project>/-/settings/repository returns 500 errors on subsequent visits.

What is the expected correct behavior?

When the user creates a remote mirror whose URL contains a backtick character, the remote mirror should either fail to create, or should simply be unreachable if it does get created.

Relevant logs and/or screenshots

(Paste any relevant logs - please use code blocks (```) to format console output, logs, and code as it's tough to read otherwise.)

Possible fixes

Upgrading a self-hosted instance running v12.1.3-ee (or earlier) to v12.1.4-ee will not fix mirrors that have already been misconfigured this way, but you can fix it manually in the Rails console:

r = RemoteMirror.find(314)
r.url = <proper url>
r.save!