Problems, need help? Have a tip or advice? Post it here.
3 posts Page 1 of 1
Hi,

I'm sending to the site admin a message with a link to review/edit some cloned page via 'cms:admin_link' tag. Of course, such a link contains a nonce. If that admin clicks such a link in a month - would it be still valid?

Thanks
No, I am afraid. Security nonces are short-lived - max 24 hours.
@trendoman you could send the link manually with your own validation code. If there is only one site admin it could be enough to append the action and page_id e.g
Code: Select all
http://www.your-site.com/redirect-template.php?r=page-name&id=page-id.


We use id and page_name as a low-level form of security so that somebody cannot guess the id without the page name. We do not expose the id in our URLs though, which makes this more secure. I'm sure you'll have a million better ways to validate and protect the function, but the basics are here.

Code: Select all
<cms:set redirect="<cms:gpc 'r'/>" 'global'/>
<cms:set id="<cms:gpc 'id'/>" 'global'/>

<cms:pages masterpage='template.php' page_name=redirect limit='1'>
<cms:if k_page_id = id>
<cms:redirect "<cms:admin_link/>"/>
<cms:else/>
<cms:redirect 'index.php'/>
</cms:if>

</cms:pages>

3 posts Page 1 of 1
cron