From 1e76290d42953a57335a0f138ce26e2be0396014 Mon Sep 17 00:00:00 2001
From: Anton Khorev <tony29@yandex.ru>
Date: Thu, 7 Nov 2024 19:44:28 +0300
Subject: [PATCH] Handle incorrectly encoded tag keys

---
 app/controllers/changeset_tags_controller.rb       |  5 +++++
 app/views/changeset_tags/invalid_tag.html.erb      |  7 +++++++
 config/locales/en.yml                              |  3 +++
 test/controllers/changeset_tags_controller_test.rb | 10 ++++++++++
 4 files changed, 25 insertions(+)
 create mode 100644 app/views/changeset_tags/invalid_tag.html.erb

diff --git a/app/controllers/changeset_tags_controller.rb b/app/controllers/changeset_tags_controller.rb
index 47ec608959..cda709baa3 100644
--- a/app/controllers/changeset_tags_controller.rb
+++ b/app/controllers/changeset_tags_controller.rb
@@ -22,6 +22,11 @@ def delete
     end
     begin
       @key = Base64.urlsafe_decode64(params[:base64_key].to_s)
+    rescue ArgumentError
+      render :action => "invalid_tag", :status => :not_found
+      return
+    end
+    begin
       @changeset_tag = ChangesetTag.find([params[:changeset_id], @key])
     rescue ActiveRecord::RecordNotFound
       render :action => "tag_not_found", :status => :not_found
diff --git a/app/views/changeset_tags/invalid_tag.html.erb b/app/views/changeset_tags/invalid_tag.html.erb
new file mode 100644
index 0000000000..190b1a3cb1
--- /dev/null
+++ b/app/views/changeset_tags/invalid_tag.html.erb
@@ -0,0 +1,7 @@
+<% content_for :heading do %>
+  <h1><%= t(".heading") %></h1>
+<% end %>
+
+<div>
+  <p><%= t ".body" %>
+</div>
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 1358403c2a..5ebf6184a6 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -447,6 +447,9 @@ en:
     changeset_not_found:
       heading: Changeset does not exist
       body: "Sorry, changeset #%{id} could not be found."
+    invalid_tag:
+      heading: Invalid changeset tag
+      body: "Sorry, the requested tag key cannot be decoded."
     tag_not_found:
       heading: Changeset tag does not exist
       body: "Sorry, tag %{key} could not be found in changeset #%{id}."
diff --git a/test/controllers/changeset_tags_controller_test.rb b/test/controllers/changeset_tags_controller_test.rb
index fd8d432d66..ff271ccc9f 100644
--- a/test/controllers/changeset_tags_controller_test.rb
+++ b/test/controllers/changeset_tags_controller_test.rb
@@ -149,6 +149,16 @@ def test_delete_fail_no_changeset
     assert_response :not_found
   end
 
+  def test_delete_fail_invalid_key_encoding
+    changeset = create(:changeset)
+    moderator_user = create(:moderator_user)
+
+    session_for(moderator_user)
+
+    post delete_changeset_tags_path(changeset, :params => { :base64_key => "ZnJvbV9jb" })
+    assert_response :not_found
+  end
+
   def test_delete_fail_no_key
     changeset = create(:changeset)
     moderator_user = create(:moderator_user)