Index: openacs-4/packages/acs-lang/tcl/locale-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-lang/tcl/locale-procs.tcl,v diff -u -r1.51.2.1 -r1.51.2.2 --- openacs-4/packages/acs-lang/tcl/locale-procs.tcl 19 Jun 2019 18:10:40 -0000 1.51.2.1 +++ openacs-4/packages/acs-lang/tcl/locale-procs.tcl 30 Sep 2019 19:06:05 -0000 1.51.2.2 @@ -327,20 +327,31 @@ if { $user_id == 0 } { set locale [ad_get_cookie "ad_locale"] + if {$locale ne ""} { + # + # Check, if someone hacked the cookie + # + if {$locale ni [lang::system::get_locales]} { + ns_log warning "ignoring invalid ad_locale cookie '$locale'" + set locale "" + # + # The cookie was invalid, so get rid of it. + # + ad_unset_cookie "ad_locale" + } + } # - # Check, if someone hacked the cookie + # When no locale cookie is set, or the locale is invalid, fall + # back to system locale. # - if {$locale ne "" && ![lang::conn::valid_locale_p $locale]} { - error "invalid locale cookie '$locale'" + if { $locale eq "" } { + set locale $system_locale } + } else { set locale [db_string get_user_site_wide_locale {} -default "$system_locale"] } - if { $locale eq "" } { - set locale $system_locale - } - return $locale } Index: openacs-4/packages/acs-lang/tcl/test/acs-lang-test-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-lang/tcl/test/acs-lang-test-procs.tcl,v diff -u -r1.28.2.8 -r1.28.2.9 --- openacs-4/packages/acs-lang/tcl/test/acs-lang-test-procs.tcl 5 Sep 2019 08:57:23 -0000 1.28.2.8 +++ openacs-4/packages/acs-lang/tcl/test/acs-lang-test-procs.tcl 30 Sep 2019 19:06:05 -0000 1.28.2.9 @@ -879,7 +879,7 @@ # We cannot test timezones if they are not installed if { [lang::system::timezone_support_p] } { - # Make sure we have a logged in user + # Make sure we have a logged-in user set org_user_id [ad_conn user_id] if { $org_user_id == 0 } {