Problems, need help? Have a tip or advice? Post it here.
3 posts Page 1 of 1

I'm sending to the site admin a message with a link to review/edit some cloned page via 'cms:admin_link' tag. Of course, such a link contains a nonce. If that admin clicks such a link in a month - would it be still valid?

active topics, google
Free support is never free.. Donate!
No, I am afraid. Security nonces are short-lived - max 24 hours.
@trendoman you could send the link manually with your own validation code. If there is only one site admin it could be enough to append the action and page_id e.g
Code: Select all

We use id and page_name as a low-level form of security so that somebody cannot guess the id without the page name. We do not expose the id in our URLs though, which makes this more secure. I'm sure you'll have a million better ways to validate and protect the function, but the basics are here.

Code: Select all
<cms:set redirect="<cms:gpc 'r'/>" 'global'/>
<cms:set id="<cms:gpc 'id'/>" 'global'/>

<cms:pages masterpage='template.php' page_name=redirect limit='1'>
<cms:if k_page_id = id>
<cms:redirect "<cms:admin_link/>"/>
<cms:redirect 'index.php'/>


3 posts Page 1 of 1

Who is online

In total there are 6 users online :: 0 registered, 0 hidden and 6 guests
(based on users active over the past 5 minutes)

Users browsing this forum: No registered users and 6 guests