Preview not working for custom cultures #19817
Description
Which Umbraco version are you using?
13.9.2
Bug summary
Hi All,
Recently page previews have stopped working on non standard cultures. We use the culture "en-JP" culture on a few sites which is not a default windows culture. This used to be fine but it looks like in an update to version 13.7 the following change was made:
To validate that the culture exists and avoid XSS attacks. The problem is that the the method:
ValidateProvidedCulture() calls
CultureInfo.GetCultureInfo(culture, true);
which is being passed 'true' for the 2nd parameter which indicates (from MS docs):
https://learn.microsoft.com/en-us/dotnet/api/system.globalization.cultureinfo.getcultureinfo?view=net-9.0
predefinedOnly Boolean
true if requesting to create an instance of a culture that is known by the platform. false if it is ok to retreive a made-up culture even if the platform does not carry data for it.
As our culture is 'made up' the call above does not retrieve it and the check fails, this results in a 500 error and a broken preview. Example preview link:
/umbraco/preview/?id=1000&culture=en-JP
InvalidOperationException: Could not recognise the provided culture: en-JP
Umbraco.Cms.Web.BackOffice.Controllers.PreviewController.Frame(int id, string culture)
lambda_method8051(Closure , object , object[] )
Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor+SyncActionResultExecutor.Execute(ActionContext actionContext, IActionResultTypeMapper mapper, ObjectMethodExecutor executor, object controller, object[] arguments)
Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Logged|12_1(ControllerActionInvoker invoker)
Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, object state, bool isCompleted)
Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(ref State next, ref Scope scope, ref object state, ref bool isCompleted)
Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeInnerFilterAsync()
Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResourceFilter>g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, object state, bool isCompleted)
Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(ref State next, ref Scope scope, ref object state, ref bool isCompleted)
Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.InvokeFilterPipelineAsync()
Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
I created the attached console app to confirm (renamed from .cs to .txt so I could attach) this and got the following results:
Running: CultureInfo.GetCultureInfo("en-JP", true)
Culture not found in list. Exception message Culture name 'en-JP' is not a predefined culture. (Parameter 'name')
en-JP is an invalid culture identifier.
Running: CultureInfo.GetCultureInfo("en-JP", false)
Culture exists in list with False parameter
Changing this flag to false would be just as secure and would allow previews even with custom cultures.
Specifics
Visit the url:
/umbraco/preview/?id=1556&culture=en-JP
While logged in and ensure the id exists to see the error. You don't need to actually have an en-JP culture setup.
Steps to reproduce
Create a node in the admin and preview it. Change the culture to en-JP in the query string.
Expected result / actual result
Error message from above.
This item has been added to our backlog AB#55099