From f7b911f03e404605fb0f9f5d226d3b828d8ff0fb Mon Sep 17 00:00:00 2001 From: Jos Groot Lipman Date: Thu, 23 Mar 2017 16:06:29 +0000 Subject: [PATCH] AAIT#39782 POC slimme-veilige link in e-mail waarmee iemand acties kan doen (nog niet geactiveerd) svn path=/Website/trunk/; revision=33244 --- APPL/API/shorturl.asp | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/APPL/API/shorturl.asp b/APPL/API/shorturl.asp index ee20e0200d..26a85e4809 100644 --- a/APPL/API/shorturl.asp +++ b/APPL/API/shorturl.asp @@ -47,6 +47,17 @@ __Log("== Entering shorturl.asp =="); } var keyparam = getQParamInt("k", -1); +/* // TODO: beschermen met hmac + // Daarom nog niet geactiveerd + var locked_user_key = getQParamInt("locked_user_key", -1); + if (locked_user_key > 0) + { + Session("locked_user_key") = locked_user_key; + var user_allowed = Session("locked_user_allowed"); + Session("locked_user_allowed") = {}; + Session("locked_user_allowed")[u] = keyparam; // TODO: Array voor als je meerdere tabjes open hebt + } +*/ // For flexiblity reasons: Literal or runtime parameter(s), just pass through... var rest = String(Request.ServerVariables("QUERY_STRING")); // Request.ServerVariables("QUERY_STRING") is url-encoded, // dat is hier safer dan Request.QueryString @@ -156,7 +167,7 @@ __Log("== Entering shorturl.asp =="); else var theURL = protectQS.create(url); - if (isKnownBookmark && !isMobile && getQParamInt("internal", 0) == 0) + if (locked_user_key < 0 && isKnownBookmark && !isMobile && getQParamInt("internal", 0) == 0) { Session("FirstPage") = theURL; theURL = rooturl + "/";