Make sure that settings are unserialized as UTF-8 encoded strings (#19305).

git-svn-id: http://svn.redmine.org/redmine/trunk@14112 e93f8b46-1217-0410-a6f0-8f06a7374b81
2026-01-07 08:01:31 +00:00 · 2015-03-15 14:38:46 +00:00 · 2015-03-15 14:38:46 +00:00 · ed2a3a2244
commit ed2a3a2244
parent 5c43b4860e
2 changed files with 46 additions and 1 deletions
--- a/app/models/setting.rb
+++ b/app/models/setting.rb
@ -91,7 +91,10 @@ class Setting < ActiveRecord::Base
  def value
    v = read_attribute(:value)
    # Unserialize serialized settings
-    v = YAML::load(v) if available_settings[name]['serialized'] && v.is_a?(String)
+    if available_settings[name]['serialized'] && v.is_a?(String)
+      v = YAML::load(v)
+      v = force_utf8_strings(v)
+    end
    v = v.to_sym if available_settings[name]['format'] == 'symbol' && !v.blank?
    v
  end
@ -238,6 +241,25 @@ END_SRC
  load_plugin_settings

 private
+
+  def force_utf8_strings(arg)
+    if arg.is_a?(String)
+      arg.dup.force_encoding('UTF-8')
+    elsif arg.is_a?(Array)
+      arg.map do |a|
+        force_utf8_strings(a)
+      end
+    elsif arg.is_a?(Hash)
+      arg = arg.dup
+      arg.each do |k,v|
+        arg[k] = force_utf8_strings(v)
+      end
+      arg
+    else
+      arg
+    end
+  end
+
  # Returns the Setting instance for the setting named name
  # (record found in database or new record with default value)
  def self.find_or_default(name)
--- a/test/unit/setting_test.rb
+++ b/test/unit/setting_test.rb
@ -1,3 +1,5 @@
+# encoding: utf-8
+#
 # Redmine - project management software
 # Copyright (C) 2006-2015  Jean-Philippe Lang
 #
@ -101,4 +103,25 @@ class SettingTest < ActiveSupport::TestCase
      assert_equal [10, 25, 50], Setting.per_page_options_array
    end
  end
+
+  def test_setting_serialied_as_binary_should_be_loaded_as_utf8_encoded_strings
+    yaml = <<-YAML
+--- 
+- keywords: !binary |
+    Zml4ZXMsY2xvc2VzLNC40YHQv9GA0LDQstC70LXQvdC+LNCz0L7RgtC+0LLQ
+    vizRgdC00LXQu9Cw0L3QvixmaXhlZA==
+
+  done_ratio: "100"
+  status_id: "5"
+YAML
+
+    Setting.commit_update_keywords = {}
+    assert_equal 1, Setting.where(:name => 'commit_update_keywords').update_all(:value => yaml)
+    Setting.clear_cache
+
+    assert_equal 'UTF-8', Setting.commit_update_keywords.first['keywords'].encoding.name
+  ensure
+    Setting.where(:name => 'commit_update_keywords').delete_all
+    Setting.clear_cache
+  end
 end