admin/Facilitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

AAIT#39909 'anonieme' autorisatie vanuit een link in de bon of e-mail

Browse Source 
svn path=/Website/trunk/; revision=33762
This commit is contained in:
Jos Groot Lipman
2017-05-10 08:18:56 +00:00
parent 444d96bcf3
commit 4bbce877d8
30 changed files with 172 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
APPL/API/shorturl.asp
View File

@@ -47,17 +47,33 @@ __Log("== Entering shorturl.asp ==");
}
var keyparam = getQParamInt("k", -1);
var locked_user_key = getQParamInt("locked_user_key", -1);
/* // TODO: beschermen met hmac
var locked_user_key = getQParamInt("luk", -1);
// TODO: beschermen met hmac
// Daarom nog niet geactiveerd
if (locked_user_key > 0)
{
Session("locked_user_key") = locked_user_key;
var user_allowed = Session("locked_user_allowed");
Session("locked_user_allowed") = {};
Session("locked_user_allowed")[u] = keyparam; // TODO: Array voor als je meerdere tabjes open hebt
var user_allowed = Session("locked_user_allowed") || []; // Array voor als je meerdere tabjes open hebt
var found = false;
for (var i = 0; i < user_allowed.length; i++)
{
if (user_allowed[i].locked_user_key == locked_user_key &&
user_allowed[i].xmlnode == u &&
user_allowed[i].key == keyparam)
{
found = true;
break;
}
}
if (!found)
{
user_allowed.push({ locked_user_key: locked_user_key,
xmlnode: u,
key: keyparam
})
Session("locked_user_allowed") = user_allowed;
}
}
*/
// For flexiblity reasons: Literal or runtime parameter(s), just pass through...
var rest = String(Request.ServerVariables("QUERY_STRING")); // Request.ServerVariables("QUERY_STRING") is url-encoded,
// dat is hier safer dan Request.QueryString

9
APPL/MLD/mld_close_confirm.asp
View File

@@ -12,7 +12,12 @@
D Na afsluiten van laatste opdracht en eventueel 'autoclose' melding
Bij A en B ook eventueel checkbox of alle opdrachten ook dicht moeten
*/ %>
*/
var mld_key_arr = getQParamIntArray("mld_key");
if (mld_key_arr.length)
var LOCKED_USER_OK = { "xmlnode": "melding", "key": mld_key_arr[0] };
%>
<!-- #include file="../Shared/common.inc" -->
<!-- #include file="../Shared/iface.inc" -->
<!-- #include file="../Shared/json2.js" -->
@@ -21,8 +26,6 @@
<%
// LET OP: Het eerste stuk komt (nog) letterlijk ook zo terug bij mld_close_save.asp
var mld_key_arr = getQParamIntArray("mld_key");
var verynew = getQParamInt("verynew", 0) == 1;
var lastopdr = (getQParamInt("lastopdr", 0) == 1)
var TransitParam = buildTransitParam(["mld_key", "verynew", "lastopdr"]);

5
APPL/MLD/mld_close_save.asp
View File

@@ -11,6 +11,9 @@
*/
var JSON_Result = true;
var mld_key_arr = getQParamIntArray("mld_key");
if (mld_key_arr.length)
var LOCKED_USER_OK = { "xmlnode": "melding", "key": mld_key_arr[0] };
%>
<!-- #include file="../Shared/common.inc" -->
<!-- #include file="../Shared/json2.js" -->
@@ -20,8 +23,6 @@ var JSON_Result = true;
<%
// LET OP: Het eerste stuk komt (nog) letterlijk ook zo terug bij mld_close_confirm.asp
var mld_key_arr = getQParamIntArray("mld_key");
var verynew = getQParamInt("verynew", 0) == 1;
var submitting = getQParamInt("submit", 0) == 1;
var lastopdr = (getQParamInt("lastopdr", 0) == 1)

7
APPL/MLD/mld_edit_melding.asp
View File

@@ -12,8 +12,10 @@
Note: De lcl-textcontextswitcher is srtdisc=ins_srtdiscipline_key
Deze is dus verplicht dus kan lcl.set_dialect worden aangeroepen.
*/ %>
*/
var mld_key = getQParamInt("mld_key", -1);
var LOCKED_USER_OK = { "xmlnode": "melding", "key": mld_key };
%>
<!-- #include file="../Shared/common.inc" -->
<!-- #include file="../Shared/calendar.inc" -->
<!-- #include file="../Shared/iface.inc" -->
@@ -53,7 +55,6 @@ else
var authparams = user.checkAutorisation(autfunction); // Dit is nog ongeacht de melding
// de melding waar het over gaat
var mld_key = getQParamInt("mld_key", -1);
var copy = (getQParamInt("mld_copy", 0) == 1);
var ins_key = getQParamInt("ins_key", -1); // nieuwe melding op dit object?
var fromkb = getQParamInt("fromkb", 0) == 1; // Ik kom vanuit kennisbank

4
APPL/MLD/mld_edit_melding_save.asp
View File

@@ -13,6 +13,9 @@
de introductie van de savewhen parameter in de save2db
*/
var JSON_Result = true;
var mld_key = getFParamInt("mld_key", -1);
var LOCKED_USER_OK = { "xmlnode": "melding", "key": mld_key };
%>
<!-- #include file="../Shared/common.inc" -->
@@ -63,7 +66,6 @@ var fronto = urole == "fo";
var backo = urole == "bo";
var frontend = (!fronto & !backo);
var mld_key = getFParamInt("mld_key", -1);
var parent_key = getFParamInt("parent_key", -1);
var isNew = (mld_key <= 0); // dan gaan we S("mld_melding_autoprint") beschouwen

6
APPL/MLD/mld_edit_note_save.asp
View File

@@ -14,6 +14,8 @@
*/
var JSON_Result = true;
var mld_key = getQParamInt("mld_key");
var LOCKED_USER_OK = { "xmlnode": "melding", "key": mld_key };
%>
<!-- #include file="../Shared/common.inc" -->
<!-- #include file="../Shared/json2.js" -->
@@ -21,8 +23,8 @@ var JSON_Result = true;
<!-- #include file="mld.inc" -->
<!-- #include file="mld_edit_note.inc" -->
<%
var mld_key = getQParamInt("mld_key");
var notestamp = getFParamDate("notestamp", new Date);
var notestamp = getFParamDate("notestamp", new Date());
var changedby = note_recently_changed(mld_key, notestamp);

7
APPL/MLD/mld_edit_opdr.asp
View File

@@ -16,7 +16,11 @@
Context:
Note: Submit naar mld_edit_opdr_save.asp
Sinds FSN#20132 kan type_opdr niet meer hier getoggled worden.
*/ %>
*/
var opdr_key = getQParamInt("opdr_key", -1);
var LOCKED_USER_OK = { "xmlnode": "opdracht", "key": opdr_key };
%>
<!-- #include file="../Shared/common.inc" -->
<!-- #include file="../Shared/calendar.inc" -->
@@ -48,7 +52,6 @@ var minfo = urole == "mi";
var frontend = (urole == "fe" || (!fronto & !backo & !minfo)); // NOT APPLICABLE?
// Ik wil een opdrachtnummer weten, anders verplicht een melding_key (= toevoegen opdracht)
var opdr_key = getQParamInt("opdr_key", -1);
var copy = (getQParamInt("opdr_copy", 0) == 1);
var finish = (getQParamInt("finish", 0) == 1);
var opdr_copy_key = -1;

4
APPL/MLD/mld_edit_opdr_save.asp
View File

@@ -16,6 +16,9 @@
- bestaand en onlangs gefiatteerd (status==4)
*/
var JSON_Result = true;
var opdr_key = getQParamInt("opdr_key", -1);
var LOCKED_USER_OK = { "xmlnode": "opdracht", "key": opdr_key };
%>
<!-- #include file="../Shared/common.inc" -->
@@ -27,7 +30,6 @@ var JSON_Result = true;
<!-- #include file="../shared/budget.inc" -->
<!-- #include file="../Shared/json2.js" -->
<%
var opdr_key = getQParamInt("opdr_key", -1);
var ismobile = getQParamInt("mobile", 0) == 1;
var isNew = (opdr_key < 0);

4
APPL/MLD/mld_melding.asp
View File

@@ -17,7 +17,8 @@
Note:
*/
var LOCKED_USER_OK = { "xmlnode": "melding", "key": getQParamInt("mld_key", -1) };
var mld_key = getQParamInt("mld_key", -1);
var LOCKED_USER_OK = { "xmlnode": "melding", "key": mld_key };
%>
<!--#include file="../Shared/common.inc" -->
<!--#include file="../Shared/iface.inc" -->
@@ -33,7 +34,6 @@ var verynew = getQParamInt("verynew", 0) == 1;
var noteonly = getQParamInt("noteonly", 0) == 1;
// de melding waar het over gaat, kan leeg zijn voor nieuwe, maar dat mag niet met bo of mi
var mld_key = getQParamInt("mld_key", -1);
var copy = (getQParamInt("mld_copy", 0) == 1);
var standalone = (getQParamInt("standalone", 0) == 1);
var ins_key = getQParamInt("ins_key", -1); // nieuwe melding op dit object?

6
APPL/MLD/mld_opdr.asp
View File

@@ -13,7 +13,10 @@
Context:
Note:
TODO: In verband met afmelden van de opdracht de verwerking met parameter close=1 of opdr_copy=1 vanaf hier goed afwerken
*/ %>
*/
var opdr_key = getQParamInt("opdr_key", -1);
var LOCKED_USER_OK = { "xmlnode": "opdracht", "key": opdr_key };
%>
<!-- #include file="../Shared/common.inc" -->
<!-- #include file="../Shared/iface.inc" -->
@@ -25,7 +28,6 @@ FCLTHeader.Requires({ plugins:["suggest","jQuery"],
})
// AUTORISATIEPARAMETERS
var opdr_key = getQParamInt("opdr_key", -1);
if (opdr_key > 0 )
{
var authparamsORDBOF = user.checkAutorisation("WEB_ORDBOF", true);

4
APPL/MLD/mld_show_melding.asp
View File

@@ -21,7 +21,8 @@
lcl's worden meegegeven.
*/
var LOCKED_USER_OK = { "xmlnode": "melding", "key": getQParamInt("mld_key") };
var mld_key = getQParamInt("mld_key");
var LOCKED_USER_OK = { "xmlnode": "melding", "key": mld_key };
%>
<!-- #include file="../Shared/common.inc" -->
<!-- #include file="../Shared/iface.inc" -->
@@ -46,7 +47,6 @@ var backo = urole == "bo";
var minfo = urole == "mi";
var frontend = (!fronto & !backo & !minfo);
var mld_key = getQParamInt("mld_key");
var mld_melding = mld.mld_melding_info(mld_key); // Globale variabele met alle mld_melding informatie
var stdm_info = mld.mld_stdmeldinginfo(mld_melding.stdm);

5
APPL/MLD/mld_show_note2.asp
View File

@@ -11,7 +11,9 @@
Note: Nu kan iedereen hier zijn, FE of FOBO. FE mag de interne notes niet zien, let daarop.
*/
var LOCKED_USER_OK = { "xmlnode": "melding", "key": getQParamInt("mld_key") };
var mld_key = getQParamInt("mld_key"); // altijd verplicht mld_key
var LOCKED_USER_OK = { "xmlnode": "melding", "key": mld_key };
%>
<!-- #include file="../Shared/common.inc" -->
@@ -23,7 +25,6 @@ var LOCKED_USER_OK = { "xmlnode": "melding", "key": getQParamInt("mld_key") };
<%
FCLTHeader.Requires({js: ["../mld/mld_list.js"]})
var mld_key = getQParamInt("mld_key"); // altijd verplicht mld_key
var urole = getQParamSafe("urole", "fe");
var outputmode = getQParamInt("outputmode", 0);
var tracking = getQParamInt("tracking", (urole=="fe"?0:1)) == 1; // tracking erbij tonen? Onderdrukken met 0

7
APPL/MLD/mld_show_opdr.asp
View File

@@ -10,7 +10,11 @@
Context:
Note:
*/ %>
*/
var opdr_key = getQParamInt("opdr_key");
var LOCKED_USER_OK = { "xmlnode": "opdracht", "key": opdr_key };
%>
<!-- #include file="../Shared/common.inc" -->
<!-- #include file="../Shared/iface.inc" -->
<!-- #include file="../Shared/status.inc" -->
@@ -40,7 +44,6 @@ var backo = urole == "bo";
var minfo = urole == "mi";
var frontend = (!fronto & !backo & !minfo);
var opdr_key = getQParamInt("opdr_key");
var this_opdr = mld.func_enabled_opdracht(opdr_key); // wat mag ik zoal op deze opdracht
var hasBOread = this_opdr.canReadBOF || this_opdr.canReadORD;
var hasBO2read = this_opdr.canReadBO2;

5
APPL/MLD/opdr_accept.asp
View File

@@ -11,6 +11,10 @@
<%
var JSON_Result = true;
var opdr_key_arr = getFParamIntArray("opdr_key");
if (opdr_key_arr.length)
var LOCKED_USER_OK = { "xmlnode": "opdracht", "key": opdr_key_arr[0] };
%>
<!-- #include file="../Shared/common.inc" -->
@@ -20,7 +24,6 @@ var JSON_Result = true;
<%
/***** Get webform parameters *****/
var opdr_key_arr = getFParamIntArray("opdr_key");
var hltactive = getFParamInt("hltactive", 0) == 1; // Onderbreek de actieve opdracht.
var result = { message: "", success: false };

7
APPL/MLD/opdr_approve.asp
View File

@@ -11,6 +11,10 @@
<%
var JSON_Result = true;
var opdr_key_arr = getFParamIntArray("opdr_key");
if (opdr_key_arr.length)
var LOCKED_USER_OK = { "xmlnode": "opdracht", "key": opdr_key_arr[0] };
%>
<!-- #include file="../Shared/common.inc" -->
@@ -20,11 +24,8 @@ var JSON_Result = true;
<%
protectRequest.validateToken();
/***** Get webform parameters *****/
var opdr_key_arr = getFParamIntArray("opdr_key");
var result = { message: "", success: false };
/***** End get webform parameters *****/
var result = {};
var tobeapproved = 0;

8
APPL/MLD/opdr_cancel_confirm.asp
View File

@@ -10,7 +10,10 @@
Context:
Note:
*/ %>
*/
var opdr_key = getQParamInt("opdr_key", -1);
var LOCKED_USER_OK = { "xmlnode": "opdracht", "key": opdr_key };
%>
<!-- #include file="../Shared/common.inc" -->
<!-- #include file="../Shared/iface.inc" -->
@@ -20,9 +23,6 @@
<%
FCLTHeader.Requires({ plugins: ["jQuery"] });
/***** Get webform parameters *****/
var opdr_key = getQParamInt("opdr_key", -1);
user.auth_required_or_abort(opdr_key > 0); // Hebben we een opdracht key gekregen?
// Controleren of ik deze opdracht mag annuleren

5
APPL/MLD/opdr_cancel_save.asp
View File

@@ -15,16 +15,15 @@
<%
var JSON_Result = true;
var opdr_key = getQParamInt("opdr_key", -1);
var LOCKED_USER_OK = { "xmlnode": "opdracht", "key": opdr_key };
%>
<!-- #include file="../Shared/common.inc" -->
<!-- #include file="../Shared/json2.js" -->
<!-- #include file="../Shared/save2db.inc" -->
<!-- #include file="mld.inc" -->
<%
protectRequest.validateToken();
var opdr_key = getQParamInt("opdr_key", -1);
user.auth_required_or_abort(opdr_key > 0); // Hebben we een opdracht key gekregen?
// Controleren of ik deze opdracht mag annuleren

7
APPL/MLD/opdr_close_confirm.asp
View File

@@ -14,7 +14,11 @@
er wordt dan ook geen opmerking gevraagd
B Rechtstreeks vanuit showmode opdracht
*/ %>
*/
var opdr_key_arr = getQParamIntArray("opdr_key");
if (opdr_key_arr.length)
var LOCKED_USER_OK = { "xmlnode": "opdracht", "key": opdr_key_arr[0] };
%>
<!-- #include file="../Shared/common.inc" -->
<!-- #include file="../Shared/iface.inc" -->
@@ -29,7 +33,6 @@ FCLTHeader.Requires({plugins: ["jQuery"],
js: ["date.js", "jquery.timepicker-table.js"],
css: ["timePicker-table.css"]});
var opdr_key_arr = getQParamIntArray("opdr_key");
// Als de opdrachten niet sequentieel uitgevoerd moeten worden, dan wordt er ook geen onderbroken opdracht gevonden.
var hltopdr = mld.gethltopdrachten(opdr_key_arr[0]);
var reqStatusEmptyMelding = [];

4
APPL/MLD/opdr_close_save.asp
View File

@@ -15,6 +15,9 @@
*/
var JSON_Result = true;
var opdr_key_arr = getQParamIntArray("opdr_key");
if (opdr_key_arr.length)
var LOCKED_USER_OK = { "xmlnode": "opdracht", "key": opdr_key_arr[0] };
%>
<!-- #include file="../Shared/common.inc" -->
<!-- #include file="../Shared/json2.js" -->
@@ -57,7 +60,6 @@ function writeOpdrOpmToMld()
mld.trackmeldingupdate(mld_opdr.mld_key, L("lcl_mld_is_mldupd") + "\n" + mldUpd.trackarray.join("\n"));
}
var opdr_key_arr = getQParamIntArray("opdr_key");
var mld_hlt = (Request.Form("mld_hlt").count == 1);
var result = {};
var ingesloten = [];

6
APPL/MLD/opdr_edit_note.asp
View File

@@ -9,7 +9,10 @@
Parameters: fronto/backo
Context: vanuit opdracht-detail/overzicht
Note:
*/ %>
*/
var opdr_key = getQParamInt("opdr_key");
var LOCKED_USER_OK = { "xmlnode": "opdracht", "key": opdr_key };
%>
<!-- #include file="../Shared/common.inc" -->
<!-- #include file="../Shared/iface.inc" -->
@@ -20,7 +23,6 @@
<%
FCLTHeader.Requires({ plugins: [] });
var opdr_key = getQParamInt("opdr_key");
var this_opdr = mld.func_enabled_opdracht(opdr_key); // wat mag ik zoal op deze opdracht
user.auth_required_or_abort(this_opdr.canEditOpdrNote);

3
APPL/MLD/opdr_edit_note_save.asp
View File

@@ -14,6 +14,8 @@
*/
var JSON_Result = true;
var opdr_key = getQParamInt("opdr_key");
var LOCKED_USER_OK = { "xmlnode": "opdracht", "key": opdr_key };
%>
<!-- #include file="../Shared/common.inc" -->
<!-- #include file="../Shared/json2.js" -->
@@ -21,7 +23,6 @@ var JSON_Result = true;
<!-- #include file="mld.inc" -->
<%
var opdr_key = getQParamInt("opdr_key");
var note_key = getQParamInt("note_key", -1);
var note = getFParam("note", "");

4
APPL/MLD/opdr_list.asp
View File

@@ -11,7 +11,9 @@
optioneel: allerlei zoekcriteria
Context: Vanuit een Facilitor ASP die een lijstje van opdrachten wil tonen (in een iframe)
Note:
*/ %>
*/
var LOCKED_USER_OK = { "xmlnode": "melding", "key": getQParamInt("mld_key", null) };
%>
<!--#include file="../Shared/common.inc"-->
<!--#include file="opdr_list.inc" -->

6
APPL/MLD/opdr_show_note.asp
View File

@@ -11,7 +11,10 @@
Note:
*/%>
*/
var opdr_key = getQParamInt("opdr_key");
var LOCKED_USER_OK = { "xmlnode": "opdracht", "key": opdr_key };
%>
<!-- #include file="../Shared/common.inc" -->
<!-- #include file="../Shared/iface.inc" -->
@@ -21,7 +24,6 @@
<%
FCLTHeader.Requires({ })
var opdr_key = getQParamInt("opdr_key");
var urole = getQParamSafe("urole", "fe");
var embedded = getQParamInt("embedded", -1);
var outputmode = getQParamInt("outputmode", 0);

7
APPL/PDA/melding.asp
View File

@@ -18,7 +18,11 @@
Je kunt en moet eenkostenplaats invullen:
- als bij vakgroeptype Defaultwaarde kosten klant "Standaard Aan" is
- als bij Vakgroep Kostenplaats verplicht aangevinkt is
*/ %>
*/
var mld_key = getQParamInt("mld_key",-1);
var LOCKED_USER_OK = { "xmlnode": "melding", "key": mld_key };
%>
<!-- #include file="../Shared/common.inc" -->
<!-- #include file="../Shared/selector.inc" -->
@@ -36,7 +40,6 @@
FCLTHeader.Requires({ js: ["./modernizr-3.3.0.custom.min.js"] });
FCLTHeader.Requires({plugins: ["suggest"]});
var mld_key = getQParamInt("mld_key",-1);
var action = getQParam("action", "");
var qrc = getQParamInt("qrc", 0) != 0;
var meldbron_key = getQParamInt("meldbronkey", 7); // 7 = mobile

6
APPL/PDA/order.asp
View File

@@ -4,7 +4,10 @@
$Id$
TODO: lijkt mij dat er gewoon naar ../mld_close resp. ../opdr_close.asp moet worden gesubmit?
*/ %>
*/
var opdr_key = getQParamInt("opdr_key", -1);
var LOCKED_USER_OK = { "xmlnode": "opdracht", "key": opdr_key };
%>
<!-- #include file="../Shared/common.inc"-->
<!-- #include file="../Shared/calendar.inc" -->
@@ -24,7 +27,6 @@ FCLTHeader.Requires({ plugins: ["suggest"]
, js: ["../mld/mld_edit_opdr.js", "jquery.timepicker-table.js"],
css: ["timePicker-table.css"]});
var opdr_key = getQParamInt("opdr_key", -1);
var mld_key = getQParamInt("mld_key", -1);
var copy = false;

16
APPL/Shared/BijlagenForm.asp
View File

@@ -27,7 +27,15 @@
Met TAMPER bescherming!
TODO: pMulti, Reado en encrypt zelf bepalen uit key, Module, en Kenmerk_key, ach, we hebben tamper bescherming
*/ %>
*/
var pKey = getQParamInt("key", -1);
var pModule = getQParamSafe("module");
var pNiveau = getQParamSafe("niveau", "");
if (pModule == "MLD" && pNiveau == "M")
var LOCKED_USER_OK = { "xmlnode": "melding", "key": pKey };
else if (pModule == "MLD" && pNiveau == "O")
var LOCKED_USER_OK = { "xmlnode": "opdracht", "key": pKey };
%>
<!-- #include file="../Shared/common.inc" -->
<!-- #include file="../Shared/iface.inc" -->
@@ -37,10 +45,7 @@
protectQS.verify({ allowparams: ["no_autoscroll"]}); // tamper check
// key of folder wordt doorgegeven
var pKey = getQParamInt("key", -1);
var pNiveau = getQParamSafe("niveau", "");
var pModule = getQParamSafe("module");
var pKenmerk_key = getQParamInt("kenmerk_key", -1);
var pMulti = getQParamInt("multi", 0) == 1;
var pReado = getQParamInt("reado", 0) == 1;
@@ -48,7 +53,8 @@ var pReado = getQParamInt("reado", 0) == 1;
var showFilter = getFParam("showFilter", ""); // zoek mogelijkheid binnen lijst bestanden
var pAlgLevel = getQParam("kenmerk_module", "");
var transitParam = buildTransitParam(["key", "module", "niveau", "kenmerk_key", "encrypt", "extFilter", "pregexp", "showFilter", "reado", "multi", "tmpfolder", "kenmerk_module"]);
var transitParam = buildTransitParam(["key", "module", "niveau", "kenmerk_key", "encrypt", "extFilter", "pregexp",
"showFilter", "reado", "multi", "tmpfolder", "kenmerk_module"]);
params = flexProps(pModule, pKey, String(pKenmerk_key), pNiveau, {alglevel: pAlgLevel});

13
APPL/Shared/BijlagenForm_delete.asp
View File

@@ -11,6 +11,14 @@
Note:
*/
var JSON_Result = true;
var pModule = getQParamSafe("module");
var pNiveau = getQParamSafe("niveau", "");
var pKey = getQParamInt("key", -1);
if (pModule == "MLD" && pNiveau == "M")
var LOCKED_USER_OK = { "xmlnode": "melding", "key": pKey };
else if (pModule == "MLD" && pNiveau == "O")
var LOCKED_USER_OK = { "xmlnode": "opdracht", "key": pKey };
%>
<!-- #include file="../Shared/common.inc" -->
@@ -20,12 +28,9 @@ var JSON_Result = true;
protectQS.verify(); // tamper check
protectRequest.validateToken();
var pKey = getQParamInt("key", -1);
var pModule = getQParamSafe("module");
var pNiveau = getQParamSafe("niveau", "");
var pKenmerk_key = getQParamInt("kenmerk_key", -1);
var pAlgLevel = getQParam("kenmerk_module", "");
var pDoDelete = getQParam("DoDelete", "");
var pDoDelete = getQParam("DoDelete", ""); // te verwijderen bestand
var params = flexProps(pModule, pKey, String(pKenmerk_key), pNiveau, {alglevel: pAlgLevel});

21
APPL/Shared/Common.inc
View File

@@ -249,15 +249,22 @@ if (S("sys_ip_lockmode") > 0)
// Zijn we bekend? Zo niet dan naar login.asp om dat uit te zoeken
var user_key = Session("user_key") || -1;
if (user_key < 0 && typeof LOCKED_USER_OK != "undefined" && Session("locked_user_key") > 0)
var user_allowed = Session("locked_user_allowed") || [];
if (user_key < 0 && typeof LOCKED_USER_OK != "undefined" && user_allowed.length) // Is de huidige pagina geschikt voor locked users?
{
var user_allowed = Session("locked_user_allowed");
if (LOCKED_USER_OK === true ||
user_allowed[LOCKED_USER_OK.xmlnode] == LOCKED_USER_OK.key)
for (var i = 0; i < user_allowed.length; i++)
{
var user_key = Session("locked_user_key");
Session("user_lang") = "NL";
Session("time_zone") = "Europe/Amsterdam"
if (LOCKED_USER_OK === true ||
(user_allowed[i].xmlnode == LOCKED_USER_OK.xmlnode &&
user_allowed[i].key == LOCKED_USER_OK.key))
{
var user_key = user_allowed[i].locked_user_key;
Session("user_lang") = "NL";
Session("time_zone") = "Europe/Amsterdam"
break;
}
}
}

11
APPL/Shared/UploadForm_save.asp
View File

@@ -16,6 +16,14 @@
*/
if (Server.ScriptTimeout < 600) Server.ScriptTimeout = 600; // 10 minuten moet echt genoeg zijn
var pKey = getQParamInt("key", -1);
var pModule = getQParamSafe("module");
var pNiveau = getQParamSafe("niveau", "");
if (pModule == "MLD" && pNiveau == "M")
var LOCKED_USER_OK = { "xmlnode": "melding", "key": pKey };
else if (pModule == "MLD" && pNiveau == "O")
var LOCKED_USER_OK = { "xmlnode": "opdracht", "key": pKey };
%>
<!-- #include file="../Shared/common.inc" -->
@@ -30,9 +38,6 @@ protectQS.verify(); // tamper check
FCLTHeader.Requires({ plugins:["jQuery"]
});
var pKey = getQParamInt("key", -1);
var pNiveau = getQParamSafe("niveau", "");
var pModule = getQParamSafe("module");
var pKenmerk_key = getQParamInt("kenmerk_key", -1);
var pAlgLevel = getQParam("kenmerk_module", "");

19
APPL/Shared/xml_converter.inc
View File

@@ -49,6 +49,25 @@ function STR2Stream(xmlstr, xslfile, Stream, params)
xslproc.transform();
p_bodyhtml = xslproc.output;
// eerst hmac(urlstring, prs_key) vervangen
// hmac(/?u=melding&k=1234&luk=33083,33083) wordt iets van
// /?u=melding&k=1234&luk=33083&hmac=1234567890:ahebher9e8234r34
// protectQS.create(string, { sleutel: "abcde", // van 33083, niet de huidige persoon!
// no_user_key: true }
var hmacs = p_bodyhtml.match(/(hmac\([^\)]*\))/g); // heeft nu array van hmac(/?u=melding&k=1234&luk=33083,33083)
for (var i =0; hmacs && i < hmacs.length; i++)
{
var params = hmacs[i].match(/\(([^,]+)\,(\d+)\)/);
if (params.length == 3)
{
var url = params[1];
var key = params[2];
var newurl = protectQS.create(url, { sleutel: "abcd", no_user_key: true });
p_bodyhtml = p_bodyhtml.replace(hmacs[i], newurl);
}
}
var startPos = p_bodyhtml.indexOf("qrc=") + 4;
var quote = p_bodyhtml.substr(startPos, 1);
var eindPos = p_bodyhtml.indexOf(quote, startPos + 2);