From 334c8560217cd20ae5ef74aa43dc1a934d3ae6f8 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Thu, 16 May 2024 17:48:17 +0100
Subject: [PATCH 1/2] Test unicode values in user preference keys and values

---
 .../api/user_preferences_controller_test.rb   | 22 +++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/test/controllers/api/user_preferences_controller_test.rb b/test/controllers/api/user_preferences_controller_test.rb
index 3d3f79712..4e96d4ce9 100644
--- a/test/controllers/api/user_preferences_controller_test.rb
+++ b/test/controllers/api/user_preferences_controller_test.rb
@@ -150,6 +150,19 @@ module Api
         put user_preferences_path, :params => "nonsense", :headers => auth_header
       end
       assert_response :bad_request
+
+      # try a put with unicode characters
+      assert_no_difference "UserPreference.count" do
+        put user_preferences_path, :params => "<osm><preferences><preference k='kêy' v='néw_vâlué'/><preference k='nêw_kêy' v='vâlué'/></preferences></osm>", :headers => auth_header
+      end
+      assert_response :success
+      assert_equal "text/plain", @response.media_type
+      assert_equal "", @response.body
+      assert_equal "néw_vâlué", UserPreference.find([user.id, "kêy"]).v
+      assert_equal "vâlué", UserPreference.find([user.id, "nêw_kêy"]).v
+      assert_raises ActiveRecord::RecordNotFound do
+        UserPreference.find([user.id, "some_key"])
+      end
     end
 
     ##
@@ -187,6 +200,15 @@ module Api
       assert_equal "text/plain", @response.media_type
       assert_equal "", @response.body
       assert_equal "newer_value", UserPreference.find([user.id, "new_key"]).v
+
+      # try changing the value of a preference to include unicode characters
+      assert_difference "UserPreference.count", 1 do
+        put user_preference_path(:preference_key => "nêw_kêy"), :params => "néwèr_vâlué", :headers => auth_header
+      end
+      assert_response :success
+      assert_equal "text/plain", @response.media_type
+      assert_equal "", @response.body
+      assert_equal "néwèr_vâlué", UserPreference.find([user.id, "nêw_kêy"]).v
     end
 
     ##

From 64af2816a3f788c360434a73a234d41ef4c9f66e Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Thu, 16 May 2024 17:48:48 +0100
Subject: [PATCH 2/2] Treat the body as UTF-8 for user_preferences#update

---
 app/controllers/api/user_preferences_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/api/user_preferences_controller.rb b/app/controllers/api/user_preferences_controller.rb
index 02a23095a..99d224c51 100644
--- a/app/controllers/api/user_preferences_controller.rb
+++ b/app/controllers/api/user_preferences_controller.rb
@@ -66,7 +66,7 @@ module Api
         pref.k = params[:preference_key]
       end
 
-      pref.v = request.raw_post.chomp
+      pref.v = request.raw_post.chomp.force_encoding("UTF-8")
       pref.save!
 
       render :plain => ""