**[HackerOne report #907260](https://hackerone.com/reports/907260)** by `yvvdwf` on 2020-06-24: Dear team, I found a similar bug as the one in being reported [here](https://gitlab.com/gitlab-org/gitlab/-/issues/210566) with the same impact: once being created, the page cannot be modified or deleted via website's interface. ### Steps to reproduce 1. Create a new wiki page. 2. In the Title filed, fill `~/test` 3. Content can be anything 4. Click `Create page` button The page being created has the path `var/opt/gitlab/test` (instead of `~/test`). The page cannot be neither modified, nor deleted via web's interface. ### Impact ### What is the current *bug* behavior? The tile character `~` is translated into `/var/opt/gitlab` ### What is the expected *correct* behavior? The tile character should not be translated ### Output of checks This bug happens on GitLab.com ## Impact Once being created, the wiki page cannot be neither modified, nor deleted via web's interface. ### Todo - [x] Security fix in Gitaly: https://gitlab.com/gitlab-org/security/gitlab/-/issues/207 - [x] Fix in upstream `gollum-lib` gem: https://github.com/gollum/gollum-lib/pull/385 - [ ] Fix in forked `gitlab-gollum-lib` gem