Merge pull request #6006 from rxu/ticket/16524

[ticket/16524] Fix using out-of-bounds UTF8 characters in profile fields

phpBB/phpbb/profilefields/manager.php

@@ -254,6 +254,13 @@ class manager
 			/** @var \phpbb\profilefields\type\type_interface $profile_field */
 			$profile_field = $this->type_collection[$row['field_type']];
 			$cp_data['pf_' . $row['field_ident']] = $profile_field->get_profile_field($row);
+
+			/**
+			 * Replace Emoji and other 4bit UTF-8 chars not allowed by MySQL
+			 * with their Numeric Character Reference's Hexadecimal notation.
+			 */
+			$cp_data['pf_' . $row['field_ident']] = utf8_encode_ucr($cp_data['pf_' . $row['field_ident']]);
+
 			$check_value = $cp_data['pf_' . $row['field_ident']];
 
 			if (($cp_result = $profile_field->validate_profile_field($check_value, $row)) !== false)

tests/functional/ucp_profile_test.php

@@ -46,4 +46,23 @@ class phpbb_functional_ucp_profile_test extends phpbb_functional_test_case
 		$this->assertEquals('phpbb_twitter', $form->get('pf_phpbb_twitter')->getValue());
 		$this->assertEquals('phpbb.youtube', $form->get('pf_phpbb_youtube')->getValue());
 	}
+
+	public function test_submitting_emoji()
+	{
+		$this->add_lang('ucp');
+		$this->login();
+
+		$crawler = self::request('GET', 'ucp.php?i=ucp_profile&mode=profile_info');
+		$this->assertContainsLang('UCP_PROFILE_PROFILE_INFO', $crawler->filter('#cp-main h2')->text());
+
+		$form = $crawler->selectButton('Submit')->form([
+			'pf_phpbb_location'	=> '😁', // grinning face with smiling eyes Emoji
+		]);
+		$crawler = self::submit($form);
+		$this->assertContainsLang('PROFILE_UPDATED', $crawler->filter('#message')->text());
+
+		$crawler = self::request('GET', 'ucp.php?i=ucp_profile&mode=profile_info');
+		$form = $crawler->selectButton('Submit')->form();
+		$this->assertEquals('😁', $form->get('pf_phpbb_location')->getValue());
+	}
 }