diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 35c3ab3fa..72727fff3 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -806,7 +806,7 @@ curl http://localhost/api/v1/users/preferences -v -u #{login}:#{password} -H "Co
     if params[:user]
       user = User.find(current_user.id)
       user.with_lock do
-        params[:user].each do |key, value|
+        params[:user].permit!.to_h.each do |key, value|
           user.preferences[key.to_sym] = value
         end
         user.save!
diff --git a/db/migrate/20171023000001_fixed_store_upgrade_ror_45.rb b/db/migrate/20171023000001_fixed_store_upgrade_ror_45.rb
index efa85d8d5..d66888068 100644
--- a/db/migrate/20171023000001_fixed_store_upgrade_ror_45.rb
+++ b/db/migrate/20171023000001_fixed_store_upgrade_ror_45.rb
@@ -15,13 +15,19 @@ class FixedStoreUpgradeRor45 < ActiveRecord::Migration[5.0]
     end
 
     Channel.all.each do |channel|
-      channel = Channel.last
       next if channel.options.blank?
       channel.options.each do |key, value|
         channel.options[key] = cleanup(value)
       end
       channel.save!
     end
+    User.with_permissions('ticket.agent').each do |user|
+      next if user.preferences.blank?
+      user.preferences.each do |key, value|
+        user.preferences[key] = cleanup(value)
+      end
+      user.save!
+    end
   end
 
   def cleanup(value)