From b7bc0a0ba436d15f5ea6d685fed5679c28c84152 Mon Sep 17 00:00:00 2001
From: Anthony Ryan <anthonyryan1@gmail.com>
Date: Sun, 11 Jan 2026 19:22:50 -0500
Subject: [PATCH] [RFC] JSON::safeEncode not entirely safe

Right now, we've got a lot of code attempting to correct every
malformed UTF8 string into something usable. This pull request is
more of an alternate approach where we don't try and coax every
string into something valid, but instead replace invalid sequences
with a broken character encoding character.

Also ensures that on JSON encode failures we don't fail silently
and return a HTTP 200.

One of two possible fixes for #2977

The other approcah is collecting every broken UTF8 name and adding
unit tests for the UTF8 repair class. I have saved some strings that
I've observed causing these problems in the wild, and can share them
with someone motivated to write tests and fix the UTF8 fixer instead.
---
 plugins/httprpc/action.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/httprpc/action.php b/plugins/httprpc/action.php
index e5d957698..b4208958d 100644
--- a/plugins/httprpc/action.php
+++ b/plugins/httprpc/action.php
@@ -496,4 +496,4 @@ function makeSimpleCall($cmds,$hash)
 	CachedEcho::send( (isset($req) && $req->fault) ? "Warning: XMLRPC call is failed." : "Link to XMLRPC failed. Maybe, rTorrent is down?","text/html");
 }
 else
-	CachedEcho::send(JSON::safeEncode($result),"application/json");
+	CachedEcho::send(json_encode($result, JSON_THROW_ON_ERROR|JSON_INVALID_UTF8_SUBSTITUTE), "application/json");