Always enforcing your sites single language in Sitecore

PROBLEM BACKGROUND

Do you have a sitecore website that will exist in only one language?

Have you checked what will happen if someone accesses your site passing the query string parameter sc_lang where sc_lang is set to a value your site doesn't support?  

Your site might throw a 500 error, it could redirect the user to your custom error page or it could throw a yellow screen of death.

Try your site out, see what happens.      You might be wondering why would this ever happen?

I became aware of this issue when one of our designers tried to pass an unsupported language to the sc_lang parameter to see what would happen.   Our site redirected the user to our error page, showing no content.

We all know malicious users exist.  If they find you are running a Sitecore instance, they can try to pass query string parameters to your site to see what happens.

If they get the ysod they might get useful information.


POTENTIAL RESOLUTION

 Keep in mind, Sitecore is working as designed.  Sitecore can't find an item in the current language so it handles this situation based on how you have configured and coded Sitecore.

For our instance, we are only supporting one language.

So I overrode Sitecore's default LanguageResolver and replaced it with my own LanguageResolver.

Below is the code.   In the web.config or your custom .config file replace Sitecores Language resolver with your custom language resolver and you will be good to go.

       

    public class CustomLanguageResolver : LanguageResolver
    {
        private static Language _defaultLanguage;
        private static object lockObject = new object();

        private static Language DefaultLanguage
        {
            get
            {
                lock (lockObject)
                {
                    if (_defaultLanguage == null)
                    {
                        Language.TryParse("en", out _defaultLanguage);
                    }
                }
                return _defaultLanguage;
            }
        }

        public override void Process(HttpRequestArgs args)
        {
            try
            {
                base.Process(args);

                if (Sitecore.Context.Language.Name != "en" && DefaultLanguage != null)
                {
                    Sitecore.Context.Language = DefaultLanguage;
                }
            }
            catch (System.Exception e)
            {
                Logger.AddException(e, true);
            }
        }
    }
}

Comments

Post a Comment

Popular posts from this blog

Why I chose Selenium WebDriver instead of Telerik's free testing framework

Telerik Testing Framework vs Selenium WebDriver In this post I will discuss why I chose  Selenium WebDriver instead of Telerik's Free Testing Framework . We are a Microsoft shop using C# and usually the latest version of Visual Studio.  I'm using nUnit because our build tool Bamboo easily intergrates with nUnit. Telerik Testing Framework Information First I want to say I love Telerik components.  My organization owns Telerik's Dev Craft suite and we use components from almost each toolkit.   Their components and support are wonderful.  I would recommend you check them out if you are in the market for high quality .NET components. The one component I am not using from the Telerik suite is their free testing framework .    Their testing framework allows you to automate web and wpf user interface testing.    The API is very rich as it has went through several iterations.   When you install the testing framework it gives you nice Visual Studio templates
Read more

Displaying shared content across multiple Sites

Sitecore does a great job of separating content from the presentation of the content. This is the main selling point of any CMS tool, but Sitecore does an excellent job of allowing this to happen. What I found not intuitive in Sitecore is the ability to display shared content. PROBLEM For instance, assume you have stories which live outside of the context of any site site. The stories can be tagged with specific categories, where each category associates to a different web site. (ok, this is a simple example, but follow me here). So you have the following structure in your sitecore tree /sitecore/content/site 1 .. [all of the nodes that make up the site] /sitecore/content/site 2 ..[all of the nodes that make up the site] /sitecore/content/Stories 2010 January Story Item 1 [category = site 1] Story Item 2 [category = site 1 and site 2] February Story Item 1 [category = site 1 and site 2] ...etc [you get the picture] POSSIBLE SOLUTIONS Wh
Read more

Handling the situation where scItemPath does not exist in Sitecore MVC

What happens if the scItemPath specified in your route does not exist in Sitecore? In this post i'm going to discuss how I handle this situation. Here is a sample route from Sitecore's MVC documentation .   (see Section 4.1) // matches the item '/home/blogPosts/{blogNo}' routes.MapRoute("example2", "blog/{blogNo}", new { scItemPath = "/home/blogPosts/{blogNo}" }); But what happens when the blog number doesn't exist?   What page will Sitecore show?  What if the user has a link to an old blog post that you have archived or someone links to a blog post using the wrong number by accident? What I wanted was a new route value that specified where to go when the path resolved by scItemPath is not found.  So I created the scNoItemFound value. // matches the item '/home/blogPosts/{blogNo}' routes.MapRoute("example2", "blog/{blogNo}", new { scItemPath = "/
Read more