IV97719: Form action indefinitely spins when form is read-only


When a record is in a read-only state, any form action text links (not a button) on the form no longer run the workflow assigned to the OnClick event for the action. The “busy spinner” comes up and the action is never taken. The only recourse is to close the form window. If the record is editable, the form action text links run their workflows as expected.

The JavaScript in the form field action was losing focus. Moving forward, clicking a form field action when the record is in a read-only state will no longer cause the record to lose focus.

[Admin: To see other related posts, use the OnClick tag or OnChange tag.]

Continue reading

Advertisements

IV97418: Data Modeler locator mapping cannot open in Firefox


When trying to edit the mapping of a locator field within Data Modeler, the spyglass next to the field does not pop up the mapping window.

Firefox did not recognize the event JavaScript object. Moving forward, the user will be able to open the Data Modeler locator mapping window in the Firefox browser.

[Admin: A similar article is also posted in the IBM Support Portal as a technote. To see other related posts, use the Firefox tag.]

Continue reading

IV97281: Malicious file uploads by bypassing JavaScript validation


Malicious file uploads are possible by bypassing the JavaScript validation, even after the appropriate properties are set to restrict EXE files.

Moving forward, we resolved an issue where malicious files can be uploaded via document upload by bypassing the client side validation.

[Admin: This post is related to the 01.25.16 post and 07.18.15 post about restricting the upload of certain file types. To see other related posts, use the Vulnerability tag or CVE tag.]

Continue reading

IV95426: Non-English user typing minus in currency causes error


A non-English user puts a negative sign on the existing currency amount. Save the record. Navigate away and go back to the tab. A MID error occurs.

The null check must also check for “Not a Number” (NaN) in JavaScript when validating numbers. Moving forward, we resolved an issue where entering a currency value as a non-English user would throw an error.

[Admin: To see other related posts, use the Currency tag.]

Continue reading

UX: Is there a way to export a Space Assessment floor plan to PDF?


In Space Assessment, when creating a new assessment, I want to be able to save the floor plan on <triplat-graphic> as a PDF. Is it possible to do so?

There is no TRIRIGA UX feature to export a floor plan to PDF at the moment. One possible way of doing this is to create a page containing only the floor plan and use the browser (for example, Chrome) to export the page to PDF…

Also note that the floor plan you see rendered is just an SVG on the page. There are a number of ways on the client side to export an SVG to PDF. You could employ one of these approaches and add your own button on the view to trigger the export via JavaScript.

Continue reading

Security: IBM TRIRIGA Application Platform vulnerabilities & fixes


[Updated 03.29.17]

For convenience, here are the some recent CVE IDs.

CVE ID Summary APAR
CVE-2016-9737 The IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the web UI, thus altering the intended functionality and potentially leading to credentials disclosure within a trusted session.
CVE-2017-1153 The IBM TRIRIGA Report Manager contains a vulnerability that could allow authenticated users to execute actions to which they do not have access.
CVE-2017-1171 The IBM TRIRIGA Application Platform contains a vulnerability that could allow authenticated users to execute application actions to which they do not have access.
CVE-2017-1180 The IBM TRIRIGA Document Manager contains a vulnerability that could allow authenticated users to execute actions to which they do not have access.

[Admin: This post is related to the 05.17.16 post and the 04.04.16 post about vulnerabilities and fixes. To see other related posts, use the Vulnerability tag.]

Continue reading