We are running into an issue where the link generated by 2sxc when linking to documents that are housed within a protected directory are pointing to an invalid link.
Example:
/Root/Member Resources/Example.pdf
If the Member Resources directory is locked to users with a specific role, the 2sxc document manager folder will correctly map to the resources within file file manager viewer, however the link rendered on page load is linking to Example.pdf where it should link to something like: /LinkClick.aspx?fileticket=8wCAB4arm_8%3d&portalid=0
I tried modifying the Server Resource References setting in the Advanced settings for the field manager (which tells 2sxc to either use a file:0000 value or actual link) and that did not seem to modify the output type/format.
welcome to StackOverflow :)
We at 2sic (the makers of 2sxc) don't often use protected resources, so this may be an oversight on our side, but AFAIK, quite a lot of people use it so it must work.
I believe something like this should actually do the trick (not tested...):
// assuming your item is called Content
// and the file field is called CaseStudy
<a
href="#DotNetNuke.Common.Globals.LinkClick(Content.CaseStudy, Dnn.TabId, Dnn.ModuleId,false)">
download
</a>
Related
MDN docs state:
To enable a web page to contain an <img> element whose src attribute points to this image,
you could specify "web_accessible_resources" like this:
"web_accessible_resources": ["images/my-image.png"]
The file will then be available using a URL like:
moz-extension://<extension-UUID>/images/my-image.png"
<extension-UUID> is not your extension's ID.
It is randomly generated for every browser instance.
This prevents websites from fingerprinting a browser by examining
the extensions it has installed.
So, I would think that these resources cannot be read by any web page outside the extension, since they would need to know the random UUID.
However, the same MDN docs also state:
Note that if you make a page web-accessible, then any website may then link or redirect
to that page. The page should then treat any input (POST data, for examples)
as if it came from an untrusted source, just as a normal web page should.
I don't understand how "any website may then link or redirect to that page". Wouldn't it need to know the random UUID? How else could a webpage access this resource?
The point of Web Accessible Resources is to be able to include them in a web context.
While you can communicate the random UUID to the webpage so that it can use the file, it doesn't have to be included by the website code itself. Here's a hypothetical scenario:
You're writing an extension that adds a button to evil.com site's UI. That button is supposed to have an image on it.
You bundle the image with your extension, but to add it as src or CSS property to the webpage you need to be able to reference it from a web context.
So, you make it web-accessible, and then inject your UI element with a content script.
Perfectly plausible scenario.
Note that a random third-party site villains-united.com can't just scrape the URL to know if your extension is installed, since the URL is per-browser unique. This is the intent behind WebExtensions's UUID over Chrome's extension-id model.
However, let's continue our hypothetical scenario, from a security perspective.
The operators of evil.com are unhappy with your extra UI. They add a script to their code that looks for added buttons.
That script can see the DOM properties of the button, including the address of the image. Now evil.com's code can see your UUID.
Being the good guy, your extension's source code is available somewhere, including the page that launches nuclear missiles if called (why you would have that and why it would be web-accessible is another matter, perhaps to provide the functionality to good-guys-last-resort.org).
evil.com's script now can reconstruct the URL of this trigger page and XHR it, plunging the planet into nuclear apocalypse. Oops. You probably should've checked the origin of that request.
Basically, if a web-accessible resource is used in a page, the UUID likely leaks to that page's context via DOM. That may not be a page you control.
In ClearCase, is there anyway to make a straight hyperlink to file? Like of the form
http://mysite/myfile
where all a user has to do is click on the link to view a page or download a file?
We have several non-technical people at our organization who want to look at some of the documentation that developers are storing on ClearCase.
On Windows, you can try and version (add to source control) an xxx.lnk file: a shortcut file, which is set to open an http url.
Once loaded in a snapshot view (or even accessed in a dynamic view), a simple click should open a browser.
An even simpler solution would be to store an xxx.html static page, which would:
open the same browser when double-clicked
list all the actual documentation urls you want.
One file, multiple links!
I need list of all the pages that DotNetNuke uses as part of its functionality like:
/Login.aspx
/Admin/*
/LinkClick.aspx
etc...
How can I find this information?
EDIT: So far I have found:
/Default.aspx
/KeepAlive.aspx
/ErrorPage.aspx
/Login.aspx
/Logoff.aspx
/LinkClick.aspx
/Rss.aspx
/Sitemap.aspx
/*.captcha.aspx
/User.aspx
/Admin/*
/Host/*
/DesktopModule/*
Try going to /sitemap.aspx on your site, that will list off public pages.
You could take a look at the web.config, the handlers section, you can also check out the SITEURLS.config file, and ultimately you may simply need to do a command line search for .ASPX in the DNN directory itself, to get a full list.
It is possible for Custom modules to use their own ASPX pages, which will vary by module.
Our company have some data in excels/images files that we want to make available to our employee through our sharepoint portal. However we do not want them to be able to download the files or copy/paste them to their PCs.
For this problem, I have written a silverlight app to display excel file and disable select/copy function. So now we upload the files to a document library, make this library 'viewable' to all users. We have a webpart that access the library and pass the links in encrypted form to the silverlight app to display. From the webpart page, the user can not see the links to the actually files. We will give the users link to this webpart page but not the document library itself.
However if a user goes to the 'All site contents' page, he can still easily see the document library and hence download the files.
My question is : is there a way to have the files viewable without letting the user having the link to download it ?
If there are any better ways, I would like to know as well.
Many thanks
A relatively simple way to hide the library from the "All site contents page" is by making it hidden. You can't do this from the UI, but you can either change the list instance (if you build the list definition and instance yourself) to have the list created as hidden, or you can open the list / library with SharePoint Designer and check "Hide from browsers" in the settings of the list.
Alternatively you can mark the list as hidden using the SharePoint Management Shell:
$w = get-spweb http://yoursite
$l = $w.Lists["yourlistname"]
$l.Hidden = $true
$l.Update()
Notice though that making a library hidden doesn't prevent users from browsing to it if they know the URL of the library. Through a developer proxy/network sniffer (like Fiddler), even if using Silverlight, one could figure out the url of the library if one really want to. Even if the links are passed to the Silverlight app encrypted, the Silverlight app itself will likely have to access the full urls, and as such they are trackable.
We currently are running DotNetNuke 4.0.6. On the portals there are links that we have created to access files located on fileshares. When we set them up and save the page, then when we click that link nothing happens.
I have currently set the link up like this:
Link Type - URL
Protocol - Other
URL - file://///myfileshare/filesharename/folder1/folder2/myitem.pdf
If I select anything else (http, https, ftp) it doesn't work. When I mouse over the link it looks to be rendering correctly.
Can anyone help with why this may be happening? Am I missing a setting or selecting the wrong item?
The text in the editor is this:
Service Station for
Please remember the information presented in the newsletter is confidential and should not be shared outside the company.
Read more... (where "Read More" is the link)
There are a few items that you want to remember here.
Users need to have access to that share, so it is possible that could be your issue
It looks like you have a few extra //'s in your link. Should be file://, might need to switch to HTML view in the editor to modify.