Tuesday, February 19, 2019 6:49 PM | John Willems
I had a few minutes and decided I wanted to look at the difference between Implementing as a class library (web app) and the web site form of generation.
I cannot generate the web app if I use VB, but I can if I use C#. I raised an error in the site.aspx.vb file. Is this a bug or a limitation?
Tuesday, February 19, 2019 5:00 PM | Cris
The codeontime desktop website was submitted to a security certification, and the following problems were presented:
• It was possible to carry out a CSRF attack that automatically adds users to the platform; it was possible to add about 200 users making iterations of the same request.
Affected module: /Services/DataControllerService.asmx/Execute
• XPath Injection attacks are similar to SQL injection and occur when a website uses data supplied by a user to build an XPath query for XML data. By sending intentionally malformed information to the website, an attacker can find out how the XML data is structured. In our proof of concept we generated an error where the total of the libraries used for the parsing of the data is exposed. This information can be used to increase the privileges in the application.
Affected module: /Services/DataControllerService.asmx/Execute
/Services/DataControllerService.asmx/GetListOfValues
/Services/DataControllerService.asmx/GetPage
It will be that in the last version "realese" of the desktop codeontime site this has been mitigated, is there any way to correct the present errors?
Tuesday, February 19, 2019 1:24 PM | Shaik Shafi
Hi,
My application remains in the same page forever.even after idle time out.but once if click any other menu then only it is redirecting to login page.Due to security concerns clent asking data is displaying forever even after timeout.
Please suggest me to automatic/force to redirect to login page through code.
Thanks
Shafi
Monday, February 18, 2019 7:10 AM | Dzianis Yanuchkouski
Hi, COT support!
I've posted this bug earlier, but you've added wrong answer (honestly, looking at your answer, seems, that you even didn't read description of this bug, this is pity) and marked this topic as Solved, but obviously it is not Solved. Then i will create it again.
Within single page app with classic user interface (COT 8.7.6, 8.7.7) we have Source controller. It was generated by COT. It has Edit action with enabled "Causes Validation" setting:
In this case Edit action works fine. But if we will add JavaScript rule on "Before" phase for "Edit" command, then Edit action will not work anymore:
Now after click on button "Edit" BusinessRules.before() method will be executed, which will call BusinessRules.process() method, which will process our Before Edit action:
It will call _initialize() method, which will not initialize this._valid field:
After this BusinessRules.process() method will check not initialized that._valid field and because of it is not true it will call prevent default:
As result neither Edit action nor JavaScript business rules will be executed.
Sunday, February 17, 2019 8:10 AM | Nahuel Gonzalez
When using Active Directory authentication, the site does not load with the error shown in the image. I must add that there is no ApplicationRoleProvider type in any of the text or binary files of the project as generated by Code OnTime, not in App_Code/Security nor anywhere else.
Friday, February 15, 2019 4:34 PM | altVader
The app I'm developing has six images in a single db record and lots of other fields. All worked fine in 8.7.4, i.e. images saved perfectly. Upgraded to 8.7.8 and found images no longer saved- just a horizontal line above the image field.
Trying to find a workaround, I changed the on demand style from thumbnail to link. No other changes. Images saved perfectly after making the change.
Friday, February 15, 2019 2:08 PM | Dzianis Yanuchkouski
Hi, COT support!
Within single page app with classic user interface (COT 8.7.6) we have generated from SQL controller. This controller has "Select editForm1 when Insert action" with "When Key Selected" equals Yes, which was generated automatically:
Before COT 8.7.6 it worked fine. But COT 8.7.6 changed _refreshSelectedKey method by adding additional validation (!dataView.editing()) before setting dataView._selectedKey:
Now if user will try to create new record and click Save button, then _refreshSelectedKey will be executed, but dataView._selectedKey will be not initialized. After this in _onExecuteComplete action will be not executed, because dataView.get_selectedKey() is empty array. As result form will be not closed at all, but new record will be created:
I know, that if I select "When Key Selected" equals false for this view, then this scenario will work fine. But why then you generate this action with "When Key Selected" equals true, if this doesn't work by default? Looks like, if you generate this action with "When Key Selected" equals true, then you should fix this bug.
Friday, February 15, 2019 11:59 AM | Steven Wright
Does Touch UI support the displaying of child records inline? I can only seem to get this to work when I select a Classic theme. In Touch UI I have unselected "Show Model Forms" in all the locations I can find but when I select a master record the child record opens in a separate model window instead of below the master records.
Steve
Friday, February 15, 2019 11:37 AM | Paul Shearing
There is a bug with the handling of custom classes when material icons are used. The effect that I want is shown in the attached image - to colourise text icons by adding a simple class to an icon that changes its colour.
Let's say I have a simple class called redIcon that has the definition { color: red !important; }. I would expect the text that goes into the "Icon / Custom style" entry for the page node in the menu definition ([Design] | [Pages] tab) should be: "material-icon-assignment, redIcon" because the associated explanation in the Presentation area states: "Specify an icon name and/or custom CSS classes to apply to this page, separated by commas."
It doesn't work, using F12 to trace the generated source I can see that the material icon classes are applied to the html anchor and its enclosing div, followed by a comma but no sign of the custom class. If I specify a space between the icon and the custom class, that space makes it to the html but again, no sign of the class itself.
After five+ hours of experimentation I found a workaround but it is a massive kludge that I don't want to post here (unless somebody has a particular need). Better that COT fix the issue that is, I think, buried in Touch.js where the material-icon handling is performed
Kind regards,
Paul
vs 8.7.8.0 Unilimted, Touch UI
.
Friday, February 15, 2019 1:58 AM | Vivi Woolford
Hi there, I wonder if there is a tag that we can use to force a field appear in the child form. I have spoken with another COT developer that said that he has impression to see this before, but I cannot find it anywhere.
Scenario:
- The child has a virtual field read only that is calculated as SQL expression and it set as a copy (with another 10 fields) from the master ID field.
- When I see the child controller alone in a page it shows this field.
- When I see the edit or create form of the child coming for a data view field in the master, it doesn’t show. But I need this to be shown as the master data is not visible when in the child form.
- The other fields that I copy are all physically present in the child’s table record shows nicely.
- This field is not the alias of the master ID, another one is which is also hidden which is how we expect.
I have also tried to not to copy on the master field id and use business rules to calculate (on new and on change of the master ID), when I do that the field is always displayed empty in the form, I have put an alert in the business rule and I can see the calculated field value in the message but it never displays in the form, probably for been a virtual read only field.
With touch interface you don’t get to see the master in the same screen as the child edit and create form, and I must to ensure that it is there when they are entering information into the system.
Please let me know if there is tag so we can make this field visible in the child. Or how I could make this work, happy to answer further questions.
Friday, February 15, 2019 12:45 AM | Joshua Koppel
Calling Generic Handler from java script from Cloud On Time app not working.
Not sure how I should reference the URL.
I have a handler setup called Special.ashx it inherited from GenericHandlerBase.
from my page in javascript I called it like this.
$.ajax({
type: "POST",
contentType: "application/json; charset=utf-8",
url: "../Special.ashx?Method=GetFeatures",
This works when the app is run from the browser. But when running in the window 10 or window 7 Cloud on time app it does not.
Do I need to reference the url differently in Cloud on Time? or call it using a different method?
Any help in the right direction is welcome.
Thursday, February 14, 2019 5:12 PM | Greg Bosen
Is the Roles whitelist suppose to restrict login to only users inside a particular group in active directory? I'm trying to achieve this behavior but when I try to whitelist the only groups I want to have access it doesn't seem to work. Any active directory account can log into the system still. Any pointers? I've been searching all over these boards and tutorials and haven't found anything useful.
I followed this:
https://codeontime.com/learn/security...
Thursday, February 14, 2019 5:03 PM | bdageek
I have a table that has a binary field (varbinary(max)) where the records are inserted using data access objects. COT (8.7.6 Unlimited) does not generate the binary field as part of data access objects. The contents of the binary field is generated in code, but I am unable to save the field along with the rest of the record. I know there is a two step process for saving blob fields but unsure how to achieve this using data access objects.
Thursday, February 14, 2019 11:44 AM | Mentations, Inc.
I have a controller which has some somewhat complex/involved SQL business rules that do validation against the DB, etc. and ultimately are used to submit data updates versus using the built-in automatic COT update. Everything has been working fine with these rules up until now but moving forward we want to begin submitting updates using a REST PUT command. Through testing, I have found that this works with the "happy path" scenario of a COT controller using the default COT-generated update. However, a custom update does not appear to work. I have created a stripped-down version of what I'm trying to do in the screenshot below. Even if I get rid of the "SET" statement and the call to the "ConcatAndEnsureCRLF" stored proc it still doesn't work but I've included them here just so you see there are other things which occur in the business rule. Also, there is some SQL validation that will also need to prevent the update if it fails.
Thursday, February 14, 2019 6:59 AM | bdageek
I need to add tags to the HEAD section of site.html. Currently I have to manually add the tags and remember to add them again each time the project is regenerated. It would be nice if there was a 'First-time-only' option for the main site template.
Wednesday, February 13, 2019 6:44 PM | Aaron 'Shegs' Shegrud
I have a navigate action on Contracts that navigates to SubContracts that contain that specific ContractID
SubContract.aspx?ContractID={ContractID}&_display=ContractID
which is great for of course filtering out only the subcontracts you want, but when editing the subcontract it lets me choose the ContractID look-up but only has one Contract in the list (for example if I want to move this subcontract to a new contract)
Is there any way to ignore the ContractID URL parameter when in the editform so all the contracts would be selectable from the look-up?
Wednesday, February 13, 2019 11:05 AM | Shaik Shafi
Hi,
In codeontime touchui When a when invalid date is entered ,I am unable to clear the date filed to empty.
Please suggest me to clear datefiled from $.app.Update value. i am trying with null update but.it is not clearing.but other fileds getting cleared.
Kindly suggest me.
Thanks
Shafi
Tuesday, February 12, 2019 9:53 PM | Vivi Woolford
Hi there, I have been having problems which I have found out to be caused by automatic created identity select in Code on Time, when there is a trigger in a table that touches other records the @@Identity Command will be returning the value of last record touched, this causes problem with one to many, many to many fields as well as with displaying the edit form after inserting.
I reckon that if code on time change the select @@identity to select SCOPE_IDENTITY() for the automatic generated code it will avoid a lot of problems with saving related records to the wrong master record and also will consistently save the child records to the correct master.
This is a suggestion that would greatly improve my life because at the moment I am having to edit the commands manually so it returns the right ID, but I also don't like customising commands as I rather have that generated automatically by Code on time.
I hope you can take my suggestion on board and improve code on time with it.
Tuesday, February 12, 2019 9:45 PM | BEN
Hello everyone,
The Help button of our COT application displays nothing after clicking on it.
We would like to create a dedicated help page when clicking on the Help button.
Please help.
Thank you.
Tuesday, February 12, 2019 8:27 PM | BEN
Hello,
Do you know how can I hide the help button from the application generated with COT?
Thank you.