-Hello, looking for some help.
We currently have a winform app used to do approvals in our company. The app sends html emails to the "approvers" who read the relevant info in the email and click on a hyperlink which launches the app so they can do their approval.
Currently this is done by including the following in the email html:
<a href=file:///C:\Temp\test.exe>Click to Approve</a>
This correctly launches the app, after a couple of security warnings which we are OK with. We use Outlook 2010.
Now, in order to improve this process I would need to pass an argument identifying the approver to the app. This works correctly if I pass the argument from, say, a windows shortcut, however, I cannot find a way to pass the argument to the exe in the href attribute in order to do it from the email. I looked everywhere, and found nothing except questions.
I have tried the following to no avail:
<a href=file:///C:\Temp\test.exe approverID>Click to Approve</a>
<a href=file:///C:\Temp\test.exe 'approverID'>Click to Approve</a>
Click to Approve
Also I have tried doing it with JavaScript, which from an HTML page works fine, but not from an email in Outlook.
I thought maybe there is a security threat with this approach hence it is not possible, but if I can successfully from an email run an exe, why can I not run an exe with parameters? It doesnt make sense.
Thank you for your help.
Leo
after not getting any suitable responses and after continuing my research for this without success, I will temporarily conclude that what I am looking for is not possible. If the reasons for this not being possible concern security, then I am completely puzzled as to why running an exe without parameters is allowed and therefore considered LESS harmful than running an exe with parameters. Surely, an exe does not require parameters to be harmful. If anyone would care to elaborate on this, it would be educational for me, thank you.
Nevertheless, I have thought of an alternative to my problem, which is not as elegant as would otherwise be stating parameters in href, but it serves my purpose. Because our app is run from a network drive, I have changed it so that it creates user-specific cmd files on the network drive and the hyperlink in the email it creates points to these cmd instead of the exe. That way, the cmd files contains the call to the exe with the correct parameters and as the cmd files are very light and quickly written, this is OK.
I am closing this as "answered", but it is not.
Thanks for taking your time to read.
Leo
I recommend you take a look to "How to create a protocol and assign it an app with parameters".
Example : http://kb.mozillazine.org/Register_protocol
http://msdn.microsoft.com/en-us/library/aa767914.aspx
I have had the same problem and one alternative I have found was to create a .bat file that is attached to the e-mail that includes the command line and respective parameters, the user double-click the attachment, confirms that wants to open the file and the .bat runs. It is not as cleaner as the link but I guess It is an acceptable workaround in some cases.
Important: My OS is Win7 and e-mail client is Lotus Notes, I am not sure if this alternative works with other mail clients/OSs .
Related
I have a created an Html body for a mail and I am sending the mail via Power Automate Flow.
In the html if I just give the link like href='C:\WINDOWS\system32\mstsc.exe' then it is opening the the remote desktop application but if I try to pass the argument as well like href='C:\WINDOWS\system32\mstsc.exe -v:<Server name>', it is giving me error saying Could find 'C:\WINDOWS\system32\mstsc.exe -v:<Server name>'
Does anyone know if there is a way to do so via html mail or any other way?
In HTML you can pass links but the links aren't necessarily intended to be able to run files like the way you are looking for. You are looking for a way to run an executable with parameters which is a major security risk and so technically there really isn't a documented way to do that. But I recommend you check this out HTML hyperlink to call exe with parameters
I have a CGI script written in bash that performs certain actions and calculations on data passed to it from a parent web page. It does not display anything on its own page. When it is complete, I want to launch an ordinary flat HTML web page. How can I do this without user intervention? I know, I could create a submit button or a hyperlink, but I just want the script to finish its work and then link to a URL all by itself.
Muru had an idea that might work, although there may be instances where it might fail or work in an unexpected manner. I found a very simple solution, however:
curl -s "http://web-page-to-display"
I honestly don't know why I did not thnk of it sooner. It's pretty obvious, really.
I'm trying to add some functionality to an internal Access database that will automatically create tasks on Asana.
My VBA experience is somewhat limited but by examining various code samples online and tinkering I've been able to POST tasks with all the necessary data and GET info back.
But I'm now struggling with being able to upload file attachments to a task. I'm not sure how to go about it.
Leaving the content type as application/x-www-form-urlencoded which works for the normal POST statements when creating tasks and just pointing the send command to a file location using doesn't work and results in an error of "file is not an object", I'm guessing this is because all that's contained in the send command is a file=path pair.
Do I need to encode the file at all, if so how?
I'm hoping someone can point me in the right direction.
Thanks.
You can check out how curl does it, but I believe it needs to be multipart/form-data - I would strongly recommend using a library rather than doing the encoding manually, since there are often subtle gotchas.
Basically, it works a lot like a standard form upload from a web browser.
Hope that helps!
I have a new client who asked me to make 2 websites and no payment so far!
I have the ftp accounts, but he can always close my access and leave me without pay.
Can I upload the CSS to another server of mine and encrypt the link to CSS file?
If yes, can I restrict peoples to see the file if they find the URL to CSS file?
Thank you!
If they are his hosting accounts, then accessing them to tamper with the code for the purpose of disabling his sites without his authorisation is probably illegal.
If he hasn't paid you, you own the copyright. If he refuses to pay you, file a DMCA complaint with his hosting company.
Technological measures like this are futile and unprofessional. Next time use a contract.
This is simple. Same scenario happened to me, and what I did was added an new index.html which was an under-construction page, and renamed the original index.php as index_to_be.php.
I then added a redirection using htaccess to the new index.html.
The client contacted me straight away and paid up in no time.
If you don't know how to use htaccess, you can simply add a header location value to the top php page.
header("location:index.html");
The best way to do this is to create a simple PHP file that allows you to access, edit and delete files on the server. You can also search for a ready made lightweight ftp script. Place the PHP file somewhere on the server nested in other folders and name it something like temp.php. Now even if the client blocked you access to the server, you can still access, edit and delete files on the server by pointing your URL to temp.php. When you get paid, be kind enough to remove the file. Don't forget to password protect it.
In your PHP file you can use opendir() to read files from a directory, and unlink() to delete files. If all you want to do is be able to delete files, then the script will not take you more then a minute to create.
UPDATE
You can use the following lightweight ftp script that will let you view, edit delete files and also give you the option to password protect it. http://sourceforge.net/projects/pafm/
You could remove the style sheet from the client's site, upload it to one of your servers and embed it from there:
<link rel="stylesheet" href="http://your.server/styles.css">
however, you will not be able to seriously obfuscate this. One idea that comes to mind is to add a huge number of spaces before the "link" tag to hide it in the source code view.
<link rel="stylesheet".....>
You could also lazy load it using jQuery, but that would disable the style sheet for users who have JavaScript turned off - mostly a no-go.
In the end, no matter what you do, all this will be trivially easy to circumvent. There is no way to reliably keep control over the site in the scenario you describe. Like #thirtydot says, the best thing to do is to send a screenshot instead.
This is probably like trying to kill a fly with a ICBM but...
You could always use a JavaScript to add the link element to the DOM, and run the JavaScript code through a JS obfusticator.
But still, that's hackish, and overkill, and ways you can get the link anyway.
I am developing a website in PHP and I am using mod-rewrite rules. I want to use the Netbeans Run Configuration (under project properties) to set code entry points that looks like http://project/news or http://project/user/12
It seems Netbeans have a problem with this and needs an entry point to a physical file like http://project/user.php?id=12
Has anyone found a good way to work around this?
I see your question is a bit old, but since it has no answer, I will give you one.
What I did to solve the problem, was to give netbeans what it wants in terms of a valid physical file, but provide my controller (index.php in this case) with the 'data' to act correctly. I pass this data using a query parameter. Using your example of project being the web site domain and user/12 as the URL, use the following in the NetBeans Run Configuration and arguments boxes. netbeans does not need the ? as it inserts that automatically, see the complete url below the input boxes
Project URL: http://project
Index File: index.php *(put your controller name here)*
Arguments: url=user/12
http://project/index.php?url=user/12
Then in your controller (index.php in this example), test for the url query param and if it exists parse it instead of the actual Server Request, as you would do normally.
I also do not want the above URL to be publically accessible. So, by using an IS_DEVELOPER define, which is true only for configured developer IP addresses, I can control who has access that special url.
If you are trying to debug specific pages, alternatively, you can set the NetBeans run configuration to:
http://project/
and debug your project, but you must run through your home page once and since the debugger is now active, just navigate to http://project/user/12 in your browser and NetBeans will debug at that entry point. I found passing through my home page every time a pain, so I use the technique above.
Hopefully that provides enough insight to work with your project. It has worked good for me and if you need more detail, just ask.
EDIT: Also, one can make the Run Configuration Project URL the complete url http://project/user/12 and leave the Index File and Arguments blank and that works too without any special code in controller. (tested in NetBeans 7.1). I think I will start using this method.