admin/Facilitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

AAIT#39782 POC slimme-veilige link in e-mail waarmee iemand acties kan doen (nog niet geactiveerd)

Browse Source 
svn path=/Website/trunk/; revision=33244
This commit is contained in:
Jos Groot Lipman
2017-03-23 16:06:29 +00:00
parent b0c5d45047
commit f7b911f03e
1 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
APPL/API/shorturl.asp
View File

@@ -47,6 +47,17 @@ __Log("== Entering shorturl.asp ==");
}
var keyparam = getQParamInt("k", -1);
/* // TODO: beschermen met hmac
// Daarom nog niet geactiveerd
var locked_user_key = getQParamInt("locked_user_key", -1);
if (locked_user_key > 0)
{
Session("locked_user_key") = locked_user_key;
var user_allowed = Session("locked_user_allowed");
Session("locked_user_allowed") = {};
Session("locked_user_allowed")[u] = keyparam; // TODO: Array voor als je meerdere tabjes open hebt
}
*/
// For flexiblity reasons: Literal or runtime parameter(s), just pass through...
var rest = String(Request.ServerVariables("QUERY_STRING")); // Request.ServerVariables("QUERY_STRING") is url-encoded,
// dat is hier safer dan Request.QueryString
@@ -156,7 +167,7 @@ __Log("== Entering shorturl.asp ==");
else
var theURL = protectQS.create(url);
if (isKnownBookmark && !isMobile && getQParamInt("internal", 0) == 0)
if (locked_user_key < 0 && isKnownBookmark && !isMobile && getQParamInt("internal", 0) == 0)
{
Session("FirstPage") = theURL;
theURL = rooturl + "/";