XSS bugs in apex 4.1.1.00.23?
Hi,
During XSS testing of new application by loading every char database column with html markup I came across 2 area's where HTML is executed by Apex where I didn't expect it to be.
I'm wondering if these are bug or that they are intentional and I should program around them?
Interactive report column dropdown
HTML tags in a table column on which an IRR is created
By default every column is "display as text (escape special characters)".
The column value in the report itself are displayed correctly with the HTML escaped.
However when I click on the column header and the dropdown menu appears the column value isn't escaped in the search list . It is actually rendered with HTML
item substitution variables in region header
Create a form on a table (EMP) with automatic row fetch
Create a record with (P1_)EMP_NAME containing HTML markup
Reference the page item in the region title &P1_EMP_NAME.
If you then load the page/record you'll see the value of EMP_NAME properly escaped in both your page item as in the region title
Now edit the page and set P1_EMP_NAME to display only
If you then load the page/record again you'll see the value of EMP_NAME properly is still escaped in your page item, however the HTML is rendered in the region title
Can anyone confirm this as bugs or intentional?
Apodictus
This is a known bug. Refer to the following thread for more details:
Re: HTTP Header Variable
This is fixed in 4.1.1 or you may apply the patchset:
12955671 - HTTP HEADER VARIABLE AUTH: ENDLESS REDIRECT IF USERNAME IS CASE SENSITIVE
Similar Messages
-
Hi Everyone.
I would like to report what I think is a bug in Apex 4.0.2.
If you go to my workspace on apex.oracle.com:
Workspace = EEG
Username = [email protected]
Password = galaxy (all lowercase)
Run the application: 37796 - Elie_Various_Goodies [no credentials are required]
This app was imported from my 4.0.1 workspace at my job. On the page I created two Date Picker items, P1_BEGIN_DATE and P1_END_DATE. I set them up so that whenever a user selects a begin date, a dynamic action "MANAGE_DATES" fires and automatically sets P1_END_DATE to this selected begin date value. Now when a user goes to select an end date, the displayed calendar starts at the previously selected begin date rather than the default of "Today".
All of this worked fine on my office (4.0.1) workspace. However, after exporting this app and then importing onto apex.oracle.com, none of this functionality would work. Even worse, whenever I try to select a begin date or even an end date, the selected dates never make it into the date picker fields. Displaying the "Session" window shows these fields as empty.
It was only after I copied the two date picker fields and also re-created my dynamic action (P1_BEGIN_DATE2, P1_END_DATE2, MANAGE_DATES) did my functionality return.
This behavior is quite strange. I can only think this is some sort of bug attributed to the export/import process when exporting a 4.0.1 app into a 4.0.2 workspace. I am not sure if this bizarre behavior happens with non-date picker items. Nor am I sure if this beavior would be repeated if I export/import from 4.0.2 into the another 4.0.2 environment.
Another strange thing I noticed. If I change my date picker items to be "date picker (classic)" type items, the dynamic action does not work at all. This is true in both 4.0.2 and 4.0.1. I'm not sure if this a bug or not. It could be that the classic date picker is just not "javascript" enabled so to speak. If that is true, then it would have been nice if the docs would have warned us about this.
Has anyone else seen this behavior?
Thank you.
ElieHi Joel.
First let me thank you for the warning about allowing "everyone" access to my workspace.
You're correct, of course. Anyone could destroy anything within my workspace. I guess I was too trusting especially as I have seen many posts on the Forum where others have given access to their workspace so that responders can offer help. I really should be more discreet about this. Again, thank you. Needless to say, I have changed my password.
With respect to the possible bug, the MANAGE_DATES dynamic action is intended to be a submit page because that is the only way I can see to get BOTH the P1_END_DATE date picker item as well as the end date textual field to be assigned the selected P1_BEGIN_DATE. I tried to use a dynamic action in which javascript sets the value of the end date textual field to the selected P1_BEGIN_DATE value. This works without the need to submit the page. Unfortunately, this does not cause the P1_END_DATE date picker item to default to this value. Instead, the default remains at today's date. This is why I finally resorted to a dynamic action that submits the page whenever a new value is selected (that is, a "change" event) from the P1_BEGIN_DATE date picker item.
All of this works in my office 4.0.1 environment. However, I was puzzled when this fails under 4.0.2 on the hosted web site at apex.oracle.com. This is why I posted a "possible" bug in 4.0.2.
I hope this all makes sense.
One more thing, as already mentioned in my original post, this "defaulting a date picker" functionality does NOT work at all for the "classic" date picker items in both 4.0.1 nor in 4.0.2. I realize one can implement this functionality (I' guessing) my using, say, a "onChange" javascript call to submit the page. It's just funny that the "classic" date picker items are not acted upon by the dynamic action MANAGE_DATES that submits the page.
Thank you.
Elie -
Open Cursor Issue because of file browse Item - Is this a Bug in APEX 3.2
Hi All,
I am using file browse Item to upload file into the database at two places in my application, but it seems whenever I am submitting those two pages, with file path or without file path, its opening an cursor which remains open after that, because of this open cursor count in the application is getting exceeding every time.
For testing this I have made an dummy page containing just file browse item and submit button, and still it is increasing the open cursor count.
Is this a bug in Apex file browse item or there is some other way to handle this.
Please kindly help me in the above issue as this is affecting the production application.
Thanks & Regards
Sanjay
Edited by: user11204334 on Dec 5, 2010 9:57 PM
Edited by: user11204334 on Dec 5, 2010 9:58 PMHi,
One observation, Apex is switching the Session ID after one got killed ? I was working on Apex page with browse Item to test open cursor count,
after killing the SID (227) on which the open cursor count was getting increase, it APEX automatically switches to new SID(149) for that session.
Now the problem is even if I have two SID's and one hits the maximum open cursor count, It is not switching to other SID instead the whole application becomes unavailable.
STATNAME SID VALUE USER
opened cursors current 20 14 APEX_PUBLIC_USER
opened cursors current 149 74 APEX_PUBLIC_USER
opened cursors current 194 71 APEX_PUBLIC_USER
opened cursors current 211 5 APEX_PUBLIC_USER
opened cursors current 227 325 APEX_PUBLIC_USER Killed
opened cursors current 244 15 APEX_PUBLIC_USER
opened cursors current 20 14 APEX_PUBLIC_USER
opened cursors current 149 76 APEX_PUBLIC_USER
opened cursors current 194 71 APEX_PUBLIC_USER
opened cursors current 211 5 APEX_PUBLIC_USER
opened cursors current 244 15 APEX_PUBLIC_USER
Please kindly help in this.
Thanks in Advance
Thanks & Regards
Sanjay
Edited by: user11204334 on Dec 8, 2010 1:02 AM -
Re: BUG? APEX 4.0: ORA-20503 error editing report with 400+ columns
Hello Everyone.
I've run into something quite strange and am hoping you can help me.
I am using Apex 4.0.1 and Oracle version 10.2.0.5. I've created a "classical" report in which the underlying SQL is a very simple:
select * from pvtabThe Oracle table pvtab consists of 419 columns, all of which are varchar2(88) and number type. That's it.
When I run the report, al of the columns show up as expected.
However, when I go into the "Report Attributes" tab and click on one of the fields (any of them, it doesn't matter which one), I immediately get the following error:
ORA-20503: Current version of data in database has changed since user initiated update process. current checksum = "598CAA7B68746A66F4B99E1512C36DED" application checksum = "0"If if replace the "*" with a few actual column names, then I am able to access any of these columns without problem.
If I put back the "*", I then encounter this error again.
I have never seen this error with other SQL SELECT statements in which I use the "*" qualifier to retrieve all columns from the table.
And so, I am wondering if the error is caused because of the large number of columns (419) in my table.
I've seen this same error mentioned in connection with forms but never with a report.
So, is there some limit to the number of columns one can have in a "classic" or interactive report?
Any idea why I would be getting this error?
Here is the DDL for my table pvtab:
CREATE TABLE "PVTAB"
( "MICRO" VARCHAR2(4),
"PRIM" VARCHAR2(4),
"UNIT" NUMBER,
"SEC_REF_1" NUMBER,
"SECN_1" VARCHAR2(88),
"SEC_REF_2" NUMBER,
"SECN_2" VARCHAR2(88),
"SEC_REF_3" NUMBER,
"SECN_3" VARCHAR2(88),
"SEC_REF_4" NUMBER,
"SECN_4" VARCHAR2(88),
"SEC_REF_5" NUMBER,
"SECN_5" VARCHAR2(88),
"SEC_REF_6" NUMBER,
"SECN_6" VARCHAR2(88),
"SEC_REF_7" NUMBER,
"SECN_7" VARCHAR2(88),
"SEC_REF_8" NUMBER,
"SECN_8" VARCHAR2(88),
"SEC_REF_9" NUMBER,
"SECN_9" VARCHAR2(88),
"SEC_REF_10" NUMBER,
"SECN_10" VARCHAR2(88),
"SEC_REF_11" NUMBER,
"SECN_11" VARCHAR2(88),
"SEC_REF_12" NUMBER,
"SECN_12" VARCHAR2(88),
"SEC_REF_13" NUMBER,
"SECN_13" VARCHAR2(88),
"SEC_REF_14" NUMBER,
"SECN_14" VARCHAR2(88),
"SEC_REF_15" NUMBER,
"SECN_15" VARCHAR2(88),
"SEC_REF_16" NUMBER,
"SECN_16" VARCHAR2(88),
"SEC_REF_17" NUMBER,
"SECN_17" VARCHAR2(88),
"SEC_REF_18" NUMBER,
"SECN_18" VARCHAR2(88),
"SEC_REF_19" NUMBER,
"SECN_19" VARCHAR2(88),
"SEC_REF_20" NUMBER,
"SECN_20" VARCHAR2(88),
"SEC_REF_21" NUMBER,
"SECN_21" VARCHAR2(88),
"SEC_REF_22" NUMBER,
"SECN_22" VARCHAR2(88),
"SEC_REF_23" NUMBER,
"SECN_23" VARCHAR2(88),
"SEC_REF_24" NUMBER,
"SECN_24" VARCHAR2(88),
"SEC_REF_25" NUMBER,
"SECN_25" VARCHAR2(88),
"SEC_REF_26" NUMBER,
"SECN_26" VARCHAR2(88),
"SEC_REF_27" NUMBER,
"SECN_27" VARCHAR2(88),
"SEC_REF_28" NUMBER,
"SECN_28" VARCHAR2(88),
"SEC_REF_29" NUMBER,
"SECN_29" VARCHAR2(88),
"SEC_REF_30" NUMBER,
"SECN_30" VARCHAR2(88),
"SEC_REF_31" NUMBER,
"SECN_31" VARCHAR2(88),
"SEC_REF_32" NUMBER,
"SECN_32" VARCHAR2(88),
"SEC_REF_33" NUMBER,
"SECN_33" VARCHAR2(88),
"SEC_REF_34" NUMBER,
"SECN_34" VARCHAR2(88),
"SEC_REF_35" NUMBER,
"SECN_35" VARCHAR2(88),
"SEC_REF_36" NUMBER,
"SECN_36" VARCHAR2(88),
"SEC_REF_37" NUMBER,
"SECN_37" VARCHAR2(88),
"SEC_REF_38" NUMBER,
"SECN_38" VARCHAR2(88),
"SEC_REF_39" NUMBER,
"SECN_39" VARCHAR2(88),
"SEC_REF_40" NUMBER,
"SECN_40" VARCHAR2(88),
"SEC_REF_41" NUMBER,
"SECN_41" VARCHAR2(88),
"SEC_REF_42" NUMBER,
"SECN_42" VARCHAR2(88),
"SEC_REF_43" NUMBER,
"SECN_43" VARCHAR2(88),
"SEC_REF_44" NUMBER,
"SECN_44" VARCHAR2(88),
"SEC_REF_45" NUMBER,
"SECN_45" VARCHAR2(88),
"SEC_REF_46" NUMBER,
"SECN_46" VARCHAR2(88),
"SEC_REF_47" NUMBER,
"SECN_47" VARCHAR2(88),
"SEC_REF_48" NUMBER,
"SECN_48" VARCHAR2(88),
"SEC_REF_49" NUMBER,
"SECN_49" VARCHAR2(88),
"SEC_REF_50" NUMBER,
"SECN_50" VARCHAR2(88),
"SEC_REF_51" NUMBER,
"SECN_51" VARCHAR2(88),
"SEC_REF_52" NUMBER,
"SECN_52" VARCHAR2(88),
"SEC_REF_53" NUMBER,
"SECN_53" VARCHAR2(88),
"SEC_REF_54" NUMBER,
"SECN_54" VARCHAR2(88),
"SEC_REF_55" NUMBER,
"SECN_55" VARCHAR2(88),
"SEC_REF_56" NUMBER,
"SECN_56" VARCHAR2(88),
"SEC_REF_57" NUMBER,
"SECN_57" VARCHAR2(88),
"SEC_REF_58" NUMBER,
"SECN_58" VARCHAR2(88),
"SEC_REF_59" NUMBER,
"SECN_59" VARCHAR2(88),
"SEC_REF_60" NUMBER,
"SECN_60" VARCHAR2(88),
"SEC_REF_61" NUMBER,
"SECN_61" VARCHAR2(88),
"SEC_REF_62" NUMBER,
"SECN_62" VARCHAR2(88),
"SEC_REF_63" NUMBER,
"SECN_63" VARCHAR2(88),
"SEC_REF_64" NUMBER,
"SECN_64" VARCHAR2(88),
"SEC_REF_65" NUMBER,
"SECN_65" VARCHAR2(88),
"SEC_REF_66" NUMBER,
"SECN_66" VARCHAR2(88),
"SEC_REF_67" NUMBER,
"SECN_67" VARCHAR2(88),
"SEC_REF_68" NUMBER,
"SECN_68" VARCHAR2(88),
"SEC_REF_69" NUMBER,
"SECN_69" VARCHAR2(88),
"SEC_REF_70" NUMBER,
"SECN_70" VARCHAR2(88),
"SEC_REF_71" NUMBER,
"SECN_71" VARCHAR2(88),
"SEC_REF_72" NUMBER,
"SECN_72" VARCHAR2(88),
"SEC_REF_73" NUMBER,
"SECN_73" VARCHAR2(88),
"SEC_REF_74" NUMBER,
"SECN_74" VARCHAR2(88),
"SEC_REF_75" NUMBER,
"SECN_75" VARCHAR2(88),
"SEC_REF_76" NUMBER,
"SECN_76" VARCHAR2(88),
"SEC_REF_77" NUMBER,
"SECN_77" VARCHAR2(88),
"SEC_REF_78" NUMBER,
"SECN_78" VARCHAR2(88),
"SEC_REF_79" NUMBER,
"SECN_79" VARCHAR2(88),
"SEC_REF_80" NUMBER,
"SECN_80" VARCHAR2(88),
"SEC_REF_81" NUMBER,
"SECN_81" VARCHAR2(88),
"SEC_REF_82" NUMBER,
"SECN_82" VARCHAR2(88),
"SEC_REF_83" NUMBER,
"SECN_83" VARCHAR2(88),
"SEC_REF_84" NUMBER,
"SECN_84" VARCHAR2(88),
"SEC_REF_85" NUMBER,
"SECN_85" VARCHAR2(88),
"SEC_REF_86" NUMBER,
"SECN_86" VARCHAR2(88),
"SEC_REF_87" NUMBER,
"SECN_87" VARCHAR2(88),
"SEC_REF_88" NUMBER,
"SECN_88" VARCHAR2(88),
"SEC_REF_89" NUMBER,
"SECN_89" VARCHAR2(88),
"SEC_REF_90" NUMBER,
"SECN_90" VARCHAR2(88),
"SEC_REF_91" NUMBER,
"SECN_91" VARCHAR2(88),
"SEC_REF_92" NUMBER,
"SECN_92" VARCHAR2(88),
"SEC_REF_93" NUMBER,
"SECN_93" VARCHAR2(88),
"SEC_REF_94" NUMBER,
"SECN_94" VARCHAR2(88),
"SEC_REF_95" NUMBER,
"SECN_95" VARCHAR2(88),
"SEC_REF_96" NUMBER,
"SECN_96" VARCHAR2(88),
"SEC_REF_97" NUMBER,
"SECN_97" VARCHAR2(88),
"SEC_REF_98" NUMBER,
"SECN_98" VARCHAR2(88),
"SEC_REF_99" NUMBER,
"SECN_99" VARCHAR2(88),
"SEC_REF_100" NUMBER,
"SECN_100" VARCHAR2(88),
"SEC_REF_101" NUMBER,
"SECN_101" VARCHAR2(88),
"SEC_REF_102" NUMBER,
"SECN_102" VARCHAR2(88),
"SEC_REF_103" NUMBER,
"SECN_103" VARCHAR2(88),
"SEC_REF_104" NUMBER,
"SECN_104" VARCHAR2(88),
"SEC_REF_105" NUMBER,
"SECN_105" VARCHAR2(88),
"SEC_REF_106" NUMBER,
"SECN_106" VARCHAR2(88),
"SEC_REF_107" NUMBER,
"SECN_107" VARCHAR2(88),
"SEC_REF_108" NUMBER,
"SECN_108" VARCHAR2(88),
"SEC_REF_109" NUMBER,
"SECN_109" VARCHAR2(88),
"SEC_REF_110" NUMBER,
"SECN_110" VARCHAR2(88),
"SEC_REF_111" NUMBER,
"SECN_111" VARCHAR2(88),
"SEC_REF_112" NUMBER,
"SECN_112" VARCHAR2(88),
"SEC_REF_113" NUMBER,
"SECN_113" VARCHAR2(88),
"SEC_REF_114" NUMBER,
"SECN_114" VARCHAR2(88),
"SEC_REF_115" NUMBER,
"SECN_115" VARCHAR2(88),
"SEC_REF_116" NUMBER,
"SECN_116" VARCHAR2(88),
"SEC_REF_117" NUMBER,
"SECN_117" VARCHAR2(88),
"SEC_REF_118" NUMBER,
"SECN_118" VARCHAR2(88),
"SEC_REF_119" NUMBER,
"SECN_119" VARCHAR2(88),
"SEC_REF_120" NUMBER,
"SECN_120" VARCHAR2(88),
"SEC_REF_121" NUMBER,
"SECN_121" VARCHAR2(88),
"SEC_REF_122" NUMBER,
"SECN_122" VARCHAR2(88),
"SEC_REF_123" NUMBER,
"SECN_123" VARCHAR2(88),
"SEC_REF_124" NUMBER,
"SECN_124" VARCHAR2(88),
"SEC_REF_125" NUMBER,
"SECN_125" VARCHAR2(88),
"SEC_REF_126" NUMBER,
"SECN_126" VARCHAR2(88),
"SEC_REF_127" NUMBER,
"SECN_127" VARCHAR2(88),
"SEC_REF_128" NUMBER,
"SECN_128" VARCHAR2(88),
"SEC_REF_129" NUMBER,
"SECN_129" VARCHAR2(88),
"SEC_REF_130" NUMBER,
"SECN_130" VARCHAR2(88),
"SEC_REF_131" NUMBER,
"SECN_131" VARCHAR2(88),
"SEC_REF_132" NUMBER,
"SECN_132" VARCHAR2(88),
"SEC_REF_133" NUMBER,
"SECN_133" VARCHAR2(88),
"SEC_REF_134" NUMBER,
"SECN_134" VARCHAR2(88),
"SEC_REF_135" NUMBER,
"SECN_135" VARCHAR2(88),
"SEC_REF_136" NUMBER,
"SECN_136" VARCHAR2(88),
"SEC_REF_137" NUMBER,
"SECN_137" VARCHAR2(88),
"SEC_REF_138" NUMBER,
"SECN_138" VARCHAR2(88),
"SEC_REF_139" NUMBER,
"SECN_139" VARCHAR2(88),
"SEC_REF_140" NUMBER,
"SECN_140" VARCHAR2(88),
"SEC_REF_141" NUMBER,
"SECN_141" VARCHAR2(88),
"SEC_REF_142" NUMBER,
"SECN_142" VARCHAR2(88),
"SEC_REF_143" NUMBER,
"SECN_143" VARCHAR2(88),
"SEC_REF_144" NUMBER,
"SECN_144" VARCHAR2(88),
"SEC_REF_145" NUMBER,
"SECN_145" VARCHAR2(88),
"SEC_REF_146" NUMBER,
"SECN_146" VARCHAR2(88),
"SEC_REF_147" NUMBER,
"SECN_147" VARCHAR2(88),
"SEC_REF_148" NUMBER,
"SECN_148" VARCHAR2(88),
"SEC_REF_149" NUMBER,
"SECN_149" VARCHAR2(88),
"SEC_REF_150" NUMBER,
"SECN_150" VARCHAR2(88),
"SEC_REF_151" NUMBER,
"SECN_151" VARCHAR2(88),
"SEC_REF_152" NUMBER,
"SECN_152" VARCHAR2(88),
"SEC_REF_153" NUMBER,
"SECN_153" VARCHAR2(88),
"SEC_REF_154" NUMBER,
"SECN_154" VARCHAR2(88),
"SEC_REF_155" NUMBER,
"SECN_155" VARCHAR2(88),
"SEC_REF_156" NUMBER,
"SECN_156" VARCHAR2(88),
"SEC_REF_157" NUMBER,
"SECN_157" VARCHAR2(88),
"SEC_REF_158" NUMBER,
"SECN_158" VARCHAR2(88),
"SEC_REF_159" NUMBER,
"SECN_159" VARCHAR2(88),
"SEC_REF_160" NUMBER,
"SECN_160" VARCHAR2(88),
"SEC_REF_161" NUMBER,
"SECN_161" VARCHAR2(88),
"SEC_REF_162" NUMBER,
"SECN_162" VARCHAR2(88),
"SEC_REF_163" NUMBER,
"SECN_163" VARCHAR2(88),
"SEC_REF_164" NUMBER,
"SECN_164" VARCHAR2(88),
"SEC_REF_165" NUMBER,
"SECN_165" VARCHAR2(88),
"SEC_REF_166" NUMBER,
"SECN_166" VARCHAR2(88),
"SEC_REF_167" NUMBER,
"SECN_167" VARCHAR2(88),
"SEC_REF_168" NUMBER,
"SECN_168" VARCHAR2(88),
"SEC_REF_169" NUMBER,
"SECN_169" VARCHAR2(88),
"SEC_REF_170" NUMBER,
"SECN_170" VARCHAR2(88),
"SEC_REF_171" NUMBER,
"SECN_171" VARCHAR2(88),
"SEC_REF_172" NUMBER,
"SECN_172" VARCHAR2(88),
"SEC_REF_173" NUMBER,
"SECN_173" VARCHAR2(88),
"SEC_REF_174" NUMBER,
"SECN_174" VARCHAR2(88),
"SEC_REF_175" NUMBER,
"SECN_175" VARCHAR2(88),
"SEC_REF_176" NUMBER,
"SECN_176" VARCHAR2(88),
"SEC_REF_177" NUMBER,
"SECN_177" VARCHAR2(88),
"SEC_REF_178" NUMBER,
"SECN_178" VARCHAR2(88),
"SEC_REF_179" NUMBER,
"SECN_179" VARCHAR2(88),
"SEC_REF_180" NUMBER,
"SECN_180" VARCHAR2(88),
"SEC_REF_181" NUMBER,
"SECN_181" VARCHAR2(88),
"SEC_REF_182" NUMBER,
"SECN_182" VARCHAR2(88),
"SEC_REF_183" NUMBER,
"SECN_183" VARCHAR2(88),
"SEC_REF_184" NUMBER,
"SECN_184" VARCHAR2(88),
"SEC_REF_185" NUMBER,
"SECN_185" VARCHAR2(88),
"SEC_REF_186" NUMBER,
"SECN_186" VARCHAR2(88),
"SEC_REF_187" NUMBER,
"SECN_187" VARCHAR2(88),
"SEC_REF_188" NUMBER,
"SECN_188" VARCHAR2(88),
"SEC_REF_189" NUMBER,
"SECN_189" VARCHAR2(88),
"SEC_REF_190" NUMBER,
"SECN_190" VARCHAR2(88),
"SEC_REF_191" NUMBER,
"SECN_191" VARCHAR2(88),
"SEC_REF_192" NUMBER,
"SECN_192" VARCHAR2(88),
"SEC_REF_193" NUMBER,
"SECN_193" VARCHAR2(88),
"SEC_REF_194" NUMBER,
"SECN_194" VARCHAR2(88),
"SEC_REF_195" NUMBER,
"SECN_195" VARCHAR2(88),
"SEC_REF_196" NUMBER,
"SECN_196" VARCHAR2(88),
"SEC_REF_197" NUMBER,
"SECN_197" VARCHAR2(88),
"SEC_REF_198" NUMBER,
"SECN_198" VARCHAR2(88),
"SEC_REF_199" NUMBER,
"SECN_199" VARCHAR2(88),
"SEC_REF_200" NUMBER,
"SECN_200" VARCHAR2(88),
"SEC_REF_201" NUMBER,
"SECN_201" VARCHAR2(88),
"SEC_REF_202" NUMBER,
"SECN_202" VARCHAR2(88),
"SEC_REF_203" NUMBER,
"SECN_203" VARCHAR2(88),
"SEC_REF_204" NUMBER,
"SECN_204" VARCHAR2(88),
"SEC_REF_205" NUMBER,
"SECN_205" VARCHAR2(88),
"SEC_REF_206" NUMBER,
"SECN_206" VARCHAR2(88),
"SEC_REF_207" NUMBER,
"SECN_207" VARCHAR2(88),
"SEC_REF_208" NUMBER,
"SECN_208" VARCHAR2(88)
);Thank you for any help/advice.
Elie
Edited by: EEG on Jun 12, 2011 2:09 PMSo, is there some limit to the number of columns one can have in a "classic" or interactive report?Yes. See Oracle® Application Express Application Builder User's Guide Release 4.0, Appendix B: Oracle Application Express Limits.
Any idea why I would be getting this error?No, but I've replicated it in APEX 4.0.2.00.07 on 11.2.0.1.0 EE using a table of 420 <tt>varchar2(88)</tt> columns:
>
ORA-20503: Current version of data in database has changed since user initiated update process. current checksum = "50C9BDC0AA1AEF0EB272E9158B2117B4" application checksum = "0"
>
Happens whether using <tt>select *</tt> or including all column names in the query. (I know you don't want to type all the column names, but I'd never use <tt>select *</tt> in a production application: always use a proper column list. You can get one without typing by drag-and-drop of a table in most IDEs, or a query from <tt>user_tab_columns</tt>.)
I hit the problem at 274 columns. Such an arbitrary number leads me to think that the problem is not one of the number of columns per se, but is due to some other limit (possibly a 32K VARCHAR2/RAW buffer somewhere).
Workaround:
Updates to the report column attributes are actually being saved, and you can navigate them using the Page Definition tree view as described in Appendix B.
Getting More Help:
This is probably a bug. If you have a support agreement with Oracle raise an SR with Oracle Support.
Also:
<li>Search the forum using the "ORA-20503" code and other possible terms to see if there's anything relevant. I had a quick look but the only thread in this context recommended an upgrade on an Oracle 9 DB version that's not compatible with APEX 4.0.
<li>To get the attention of the Oracle APEX team or anyone else who may know more about this problem than we do, edit your original post and change the Subject to be more specific about the actual nature of the problem: <em>BUG? APEX 4.0: ORA-20503 error editing report with 400+ columns</em>, and include your database version/edition and the definition of the <tt>PVTAB</tt> table.
Finally:
Somebody's bound to ask, so we might as well get started:
<li>Why so many columns?
<li>What requirement is this trying to fulfil? -
Is this a bug in APEX 3.0.1 Installation RAC database with RAW device???
Hello,
I am getting the following error when I try to complete approval process.
ORA-20001: Unable to create tablespace. ORA-01
119: error in creating database file '//./FLOW_1.dbf' ORA-27040: skgfrcre: creat
e error, unable to create file OSD-04002: unable to open file O/S-Error: (OS 2)
The system cannot find the file specified.
I checked the alert log for error here is the error in the alert log file.
ORA-1119 signalled during: CREATE TABLESPACE FLOW_1 DATAFILE '//./FLOW_1.dbf'..
and i found the syntax for create tablespace was wrong.
To create a tablespace in RAC with RAW device environment under windows.
it should have forward black slash instead of backward slash "/" without .dbf extension.
so, I changed the syntax i was able to create tablespace through sqlplus.
When APEX tool try to create this tablespace it throws this error..
Old: CREATE TABLESPACE FLOW_1 DATAFILE
'\\.\FLOW_1.dbf' SIZE 10304 K REUSE AUTOEXTEND OFF
EXTENT MANAGEMENT LOCAL AUTOALLOCATE SEGMENT SPACE MANAGEMENT AUTO
error : ORA-01119: error in creating database file '\\.\FLOW_1.dbf'
New:
CREATE TABLESPACE FLOW_1 DATAFILE
'\\.\FLOW_1' SIZE 10304 K REUSE AUTOEXTEND OFF
EXTENT MANAGEMENT LOCAL AUTOALLOCATE SEGMENT SPACE MANAGEMENT AUTO
Tablespace created.
Is it a bug in APEX 3.0.1.??
Is anyone installed APEX in RAC ??
JamesHi,
One observation, Apex is switching the Session ID after one got killed ? I was working on Apex page with browse Item to test open cursor count,
after killing the SID (227) on which the open cursor count was getting increase, it APEX automatically switches to new SID(149) for that session.
Now the problem is even if I have two SID's and one hits the maximum open cursor count, It is not switching to other SID instead the whole application becomes unavailable.
STATNAME SID VALUE USER
opened cursors current 20 14 APEX_PUBLIC_USER
opened cursors current 149 74 APEX_PUBLIC_USER
opened cursors current 194 71 APEX_PUBLIC_USER
opened cursors current 211 5 APEX_PUBLIC_USER
opened cursors current 227 325 APEX_PUBLIC_USER Killed
opened cursors current 244 15 APEX_PUBLIC_USER
opened cursors current 20 14 APEX_PUBLIC_USER
opened cursors current 149 76 APEX_PUBLIC_USER
opened cursors current 194 71 APEX_PUBLIC_USER
opened cursors current 211 5 APEX_PUBLIC_USER
opened cursors current 244 15 APEX_PUBLIC_USER
Please kindly help in this.
Thanks in Advance
Thanks & Regards
Sanjay
Edited by: user11204334 on Dec 8, 2010 1:02 AM -
Bug in Apex 4.1 tabular form with rowid as PK
Hi
I think this is a bug in Apex 4.1. I tested it on apex.oracle.com. This is the simple scenario.
Create a simple table:
create table dropme (code number, description varchar2(200));
Now use the wizard to create a tabular form.
Select Allowed Operations insert and update for this table.
Select ROWID as Primary key type.
After finishing the wizard click on Run and you get:
failed to parse SQL query:
ORA-00904: "APEX$ROWID": invalid identifier
Note: this does not happen when you select insert, update and delete.Hello,
>> Select Allowed Operations insert and update for this table.
>> Select ROWID as Primary key type.
It seems that you are correct. I was able to reconstruct your scenario on my local system. Now we need the verification of the dev team.
Regards,
Arie.
♦ Please remember to mark appropriate posts as correct/helpful. For the long run, it will benefit us all.
♦ Author of Oracle Application Express 3.2 – The Essentials and More -
Bug in Apex 4.0.2 with filename parameter in APEX_MAIL.ADD_ATTACHMENT
When you call APEX_MAIL.ADD_ATTACHMENT where filename parameter has value with more then one "." (punctuation), file name is not send correctly.
Bug reproduction.
p_filename=>'Report (2011.05.01).pdf'is received in mail as
Report (2011.).pdfWorkaround:
Change the value to have only 1 punctuation char in it.
I think this is not OK and as long the file name is correct (i.e. no ":" "\", "/" or special chars) it should be the same as it was.
Hope this helps,
Damir Vadas
Edited by: Damir Vadas on May 18, 2011 6:56 PMDamir,
I've tried to replicate this on apex.oracle.com, and could not. I sent a JPG file to my Yahoo account using the name 'Report (2011.05.01).jpg', and didn't encounter any issues. The name of the file received on Yahoo was still 'Report (2011.05.01).jpg'.
I reviewed the code in APEX_MAIL. There isn't anything in there that would modify the filename as you suggest.
Is there a chance it's being changed in your SMTP server / relay?
Joel -
Apex 3.0 (I believe it was) introduced the "Calendar Icon Details" settings, so that the calendar icon could be customized for each theme. (I like to think of this as my own little contribution to Apex, since I suggested it in the 3.0 beta testing... :-)
Anyway, if you use the apex_item.date_popup function to generate datepickers for tabular forms, it still uses the (fixed) default datepicker icon ("/i/asfdcldr.gif"), ignoring the Calendar Icon Details settings.
For consistency, the API function should return an icon based on the theme setting...Hi, what's your first name?
I will file a bug for this observation.
As a workaround, when using the function, you can specify an alternate image with something like:
select replace(apex_item.date_popup (1,null,sysdate,'DD-MON-YYYY'),'asfdcldr.gif','people.gif')
...for example.
Scott -
Is this a bug in APEX or I'm missing something
Hi,
I have a table chr10bug( id number , sample_text varchar2(4000)).
I am using simple form with textarea to populate sample_text.
I have a report based on above table.
The report query is select id , sample_text from chr10bug. The Link tab has Target as URL. URL is javascript:void(0); and Link attribute has a very simple function
onmouseover="alter('#SAMPLE_TEXT#')"
Now, my question is when a user hits enter in the textarea eg.
User enter some text **User Press Enter**
User enter some text again
In the reports the onmouseover="alert('#SAMPLE_TEXT#')" does not work for recrod where users pressed enter key. (In fact none of the function which accept string is working) . If we do not press enter while entering data in textarea... the above function is working...
Example is here....
http://apex.oracle.com/pls/apex/f?p=32555:1 ( report)
http://apex.oracle.com/pls/apex/f?p=32555:2 ( form to enter data via text area)
Is this a bug...
Regards,
Shijesh
Edited by: Apex_Noob on Nov 18, 2010 12:18 PMHi,
Thanks once again for reply.
I create two report with same javascript function alert('#sample_text#')
CASE1 >> Javascript function call is placed in Link attribute section as ** onmouseover="alert('#sample_text#')" >>> This is not working
CASE2 >> Javascript function call is place in URL section as ** javascript:alert('#sample_text#') >>>> This is working however I'm not able to have onmouseover feature.
Any alternative to have onmouseover=myFunction('#COLUMN_NAME#').
http://apex.oracle.com/pls/apex/f?p=32555:1:8742069995710311:::::
thanks,
Shijesh
Edited by: Apex_Noob on Nov 18, 2010 12:45 PM -
Hi all could you please open a ticket for the following bug.
Reproducing the bug very simple.
Apex specification :
version 4.2.1.00.08
I'm not using HTML 5 template but the classic "Blue and Tan" one.
1) Create a page with date picker with mask (DD-MON-YYY HH24.MI).
2) set as default value the SYSDATE using the PLSQL expression (not specifying the mask to_char()).
3) Try to use it and you will see that the year shown is not the correct one but is something like 1911.
I fixed using to_char(SYSDATE,'DD-MON-YYY HH24.MI') in the PLSQL expression.Hi Zere,
one very important thing to remember when dealing with session state (the value of a page item) is that everything is stored as string.
If you specify SYSDATE as your default expression, then the Oracle database will evaluate that as date data type, but as soon as it's stored in session state, the database will do an implicit data type conversion using the default format mask specified for your database session.
That's why it works when you do the TO_CHAR with the explicit format mask.
Regards
Patrick
Member of the APEX development team
My Blog: http://www.inside-oracle-apex.com
APEX Plug-Ins: http://apex.oracle.com/plugins
Twitter: http://www.twitter.com/patrickwolf
Edited by: Patrick Wolf on Apr 10, 2013 3:37 PM -
Bug Report APEX 4.2(.1) : Unable to find item ID for item "P3500_RELEASE"
1. On the Home Page, click the "Settings" wheel in the header of the Team Development region on the right side.
2. On the Home Page Preferences popup set "Show" to something else as "All" and click [Apply Changes]
3. Back on the Home Page, in the Team Development region on the right side, click the number next to "Bugs"
4. ERR-1002 Unable to find item ID for item "P3500_RELEASE" in application "4800".Patrick -
I decided to drop back and implement the demo to change the email address on my EBS login per the 2015 white paper.
Something is definitely wrong here..
The FND: APEX URL Profile option is set to: http://appstest4.fubar.com:7001/ords
The Function to call the pag is set toe: GWY.jsp?targetAppType=APEX&p=110:1:::::EBS_RESP_ID, EBS_APP_ID,EBS_SEC_GROUP:[RESPONSIBILITY_ID],[RESP_APPL_ID],[SECURITY_GROUP_ID]
When I call the page though, the URL is http://appstest4.fubar.com:7001/ords/f?p=110:LOGIN_DESKTOP::::::
Is is possible the jsp is not the correct one? -
Bug in APEX 4.2.4 User Interface defaults
Hi,
I set the user defaults in a table. I select to create a static set of values for a field. All is good. Saved and used in a form like a charm.
When I go back to edit and add a new set of values to an existing List, I click on Add Row Button but nothing happens.
the path is: SQL Workshop > Utilities > User Interface Defaults > Table Dictionary > Table and Column Properties > Column Defaults > Static List of Values
Am I missing something? or is this a bug?I tried (SELECT ...) UNION (SELECT ...) as simple Interactive Report query in APEX 4.1.0.00.32 and received "SQL statement needs to start with SELECT".
What version are you upgrading from?
I was able to do this in a Classic Report but it complained, wanting a unique key in the Interactive Report.
select * from ((select 1, EMPNO from EMP) UNION (select 2, EMPNO from EMP))
Howard -
Error applying patch for bug 4554072 (APEX 2.2.1 requirement)
All,
I am installing APEX 2.2.1 and is trying to apply the patch for bug 4554072. I have checked the OWA version:
SQL> select owa_util.get_version from dual;
GET_VERSION
10.1.2.0.0
And When I am trying to execute the privht8.sql script I get the following errors:
SQL> @904x_1012x/privht8.sql
Warning: Package Body created with compilation errors.
Errors for PACKAGE BODY HTF:
LINE/COL ERROR
19/10 PLS-00323: subprogram or cursor 'TITLE' is declared in a package
specification and must be defined in the package body
21/10 PLS-00323: subprogram or cursor 'HTITLE' is declared in a package
specification and must be defined in the package body
35/7 PL/SQL: Statement ignored
35/15 PLS-00307: too many declarations of 'TITLE' match this call
205/7 PL/SQL: Statement ignored
205/15 PLS-00307: too many declarations of 'ANCHOR' match this call
433/7 PL/SQL: Statement ignored
LINE/COL ERROR
433/14 PLS-00307: too many declarations of 'EM' match this call
443/7 PL/SQL: Statement ignored
443/14 PLS-00307: too many declarations of 'KBD' match this call
829/7 PL/SQL: Statement ignored
829/14 PLS-00307: too many declarations of 'TABLEDATA' match this call
834/7 PL/SQL: Statement ignored
834/14 PLS-00307: too many declarations of 'TABLEDATA' match this call
836/7 PL/SQL: Statement ignored
836/14 PLS-00307: too many declarations of 'TABLEDATA' match this call
840/8 PL/SQL: Statement ignored
840/15 PLS-00307: too many declarations of 'TABLEDATA' match this call
LINE/COL ERROR
914/9 PL/SQL: Statement ignored
914/24 PLS-00307: too many declarations of 'ESCAPE_SC' match this call
Warning: Package Body created with compilation errors.
Errors for PACKAGE BODY HTP:
LINE/COL ERROR
14/11 PLS-00323: subprogram or cursor 'TITLE' is declared in a package
specification and must be defined in the package body
15/11 PLS-00323: subprogram or cursor 'HTITLE' is declared in a package
specification and must be defined in the package body
1691/7 PL/SQL: Statement ignored
1691/7 PLS-00307: too many declarations of 'PRINT' match this call
1694/7 PL/SQL: Statement ignored
1694/7 PLS-00307: too many declarations of 'PRINT' match this call
1697/7 PL/SQL: Statement ignored
LINE/COL ERROR
1697/7 PLS-00307: too many declarations of 'PRN' match this call
1700/7 PL/SQL: Statement ignored
1700/7 PLS-00307: too many declarations of 'PRN' match this call
1703/7 PL/SQL: Statement ignored
1703/7 PLS-00307: too many declarations of 'PRINT' match this call
1706/7 PL/SQL: Statement ignored
1706/7 PLS-00307: too many declarations of 'PRINT' match this call
1709/7 PL/SQL: Statement ignored
1709/7 PLS-00307: too many declarations of 'P' match this call
1712/7 PL/SQL: Statement ignored
1712/7 PLS-00307: too many declarations of 'P' match this call
LINE/COL ERROR
1715/7 PL/SQL: Statement ignored
1715/7 PLS-00307: too many declarations of 'P' match this call
SQL>
Any ideas? I am hoping that I am just tired and is doing something really stooopid ;-)
Cheers,
AndyAndy,
From the README.txt included with that patch:
- If the PL/SQL Web Toolkit version is either 9.0.4 series or 10.1.2 series and
the database version is higher than 8.1.7.4
SQL> @904x_1012x/privht.sql
SQL> exit
I’m assuming your database version is higher than 8.1.7.4. If so, then you need to run privht.sql and not privht8.sql.
Joel -
POSSIBLE BUG in APEX Version 3.2 "Copy Page"
Has anyone experienced an error in the *"Copy Lists of Values" step in the "Copy Page" application in 3.2*? I am experiencing a _"Report Error: ORA-06502: PL/SQL: numeric or value error: character string buffer too small"_ sometimes when I copy a page from one application to another. It appears to be page content related because I either always get it for a page or I never get it depending on what page I copy. When I get the error on a page copy, APEX hard codes the LOVs on the page into the list of values definitions instead of copying the appropriate Lists of Values in shared components and using them on the page. It is VERY irritating! Anyone know if this is a bug or if there is a way around it?
DaleI was able to upload and install my application on apex.oracle.com and recreate the issue with the string length on the copy lists of values step in the page copy process. I have created an SR in Oracle Support and have provided them with the necessary information. Hopefully, they will be able to get a patch for the problem.
I was also able to recreate the problem with the change to the button template but, in the process, found that there is a simple work-around. When the page copy process gets to the copy templates step, it provides a list of the templates to be used. For some reason it does not choose the correct "Button for Javascript" template. Instead, it chooses the standard "Button" template. I was able to change it to use the correct template prior to clicking next. However, I think that the page copy process should be corrected to default the proper template in the first place.
Thanks Scott,
Dale -
BUG: URL /apex/wwv_flow.accept was not found on this server error
Hi all,
I have a page with 3 regions:
- pl/sql(javascript, html)
- chart
- html(form)
Everything works fine until I add a html table to my pl/sql region.
When I do this I can't create any records anymore(html form).
When I press the create button on the html form it results in:
The requested URL /apex/wwv_flow.accept was not found on this server.
When I delete the html table on my pl/sql region, the create button works fine.
It seems like somekind of bug, is there a way to get around this.
Thanx,
PimHi,
When I add (in the pl/sql region with htp.p procedure)the code below:
<table summary="" cellspacing="0" cellpadding="0" border="0"
width="100%">
<tr>
<td align="left" nowrap="nowrap" align="left" colspan="2">
<input type="BUTTON" value="Test"
onclick="javascript:TestOnDemand()">
Adres
<input type="text" name="address" size="30" maxlength="200"
value=""/>
Land
<input type="text" name="land" size="30" maxlength="200"
value=""/>
</td>
</tr>
</table>
The create button on the third(html_form) will result in the error.
I did some more tests, it's the button in the above table which causes the error. When I delete the button all is OK. It seems that the dynamic html button has somekind of conflict with the form(html region) button. When I replace the table with a form it makes no difference.
The reason why I'm doing this, is that I need button on the page which doesn't do a 'dosubmit' (page reload). In a standard htmldb button there's always a 'dosumbit' present. I posted another thread, which confirmed this.
Thanx,
Pim
Maybe you are looking for
-
HI, i am configuring jdbc sender adapter, can anyone guide me in getting Java class of the JDBC driver that the JDBC adapter must load to be able to access the driver. thanks,
-
Error in vendor upload using LSMW
Hi all, If I create central vendor manually using XK01, fields for postal code and city in 'street address' are optional. But if I try to upload vendors with LSMW and with central management active, these fields becomes mandatory. Can anyone tell me
-
AdobeColorCommonSetRGB/Error 1603 installation solution
I wanted to share this fix I found at another Adobe forum. I was getting this error, when trying to install CS4. I run Windows XP. AdobeColorCommonSetRGB Error: Error 1603. Fatal error during installation. What was happening here is that CS4 is tryin
-
Computation VAT on Freight amount too
Dear Experts, Assigned subtotal 4 or 6 against the freight condition. Assigned alternate base value routine 362 or 363 against the VAT condition. Also found that : DO NOT ASSIGN SUBTOTAL 5 or 2, as these are meant for manual excise and ADC & will cau
-
I cant get my mail to send in a JSP running on JRun on Windows Web Server. It keeps giving me message: javax.mail.sendFailedException...Could not connect to SMTP host: 123.45.67.999...connection refused What or how do I find the SMTP address? <%@ pag