From 3b8a570c3c3356c745aa8a51d5347e0173d4e03b Mon Sep 17 00:00:00 2001
From: Kenn Jacobsen <post@kennjacobsen.dk>
Date: Sun, 13 Jan 2019 15:53:42 +0100
Subject: [PATCH] V8: Safeguard against invalid culture in UMB_MCULTURE cookie
 (#4051)

---
 .../src/controllers/navigation.controller.js          | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/Umbraco.Web.UI.Client/src/controllers/navigation.controller.js b/src/Umbraco.Web.UI.Client/src/controllers/navigation.controller.js
index 335fe99e7c..e023c6d23c 100644
--- a/src/Umbraco.Web.UI.Client/src/controllers/navigation.controller.js
+++ b/src/Umbraco.Web.UI.Client/src/controllers/navigation.controller.js
@@ -355,7 +355,9 @@ function NavigationController($scope, $rootScope, $location, $log, $q, $routePar
                 if (!currCulture) {
                     // no culture in the request, let's look for one in the cookie that's set when changing language
                     var defaultCulture = $cookies.get("UMB_MCULTURE");
-                    if (!defaultCulture) {
+                    if (!defaultCulture || !_.find($scope.languages, function (l) {
+                            return l.culture.toLowerCase() === defaultCulture.toLowerCase();
+                        })) {
                         // no luck either, look for the default language
                         var defaultLang = _.find($scope.languages, function (l) {
                             return l.isDefault;
@@ -399,9 +401,10 @@ function NavigationController($scope, $rootScope, $location, $log, $q, $routePar
     $scope.selectLanguage = function (language) {
 
         $location.search("mculture", language.culture);
-        // add the selected culture to a cookie so the user will log back into the same culture later on (cookie max age is one year = 31536000 seconds)
-        // NOTE: $cookies doesn't support max-age, so we need to go the good ol' JS way about setting the cookie
-        document.cookie = "UMB_MCULTURE=" +language.culture + ";path=/;max-age=31536000;";
+        // add the selected culture to a cookie so the user will log back into the same culture later on (cookie lifetime = one year)
+        var expireDate = new Date();
+        expireDate.setDate(expireDate.getDate() + 365);
+        $cookies.put("UMB_MCULTURE", language.culture, {path: "/", expires: expireDate});
 
         // close the language selector
         $scope.page.languageSelectorIsOpen = false;