Faced some weird and unusual problem with Multiselect. The problem was so severe that if you don’t have proper security implemented on RPD side, than any one can see any data. hmmmmmm.. sounds scary!! yes it is scary so here is what happens. In the following image you get to see all the name of the countries from the selected continent.
Results when clicked on ... from the base page
Results shown when clicked on the Go button on the result screen
After investigating found out that whenever GO button is clicked, the constraint value has not been passed and all the values from the dimensions, are been retrieved.
Solution:
To solve the issue we need to modify two javascript files residing in the folder res/b_mozilla/prompts/ :
- globalfilterprompt.js changes to — GFPDoMultiSelect — function
- gfpmultiselect.js changes to — GFPMultiSelect.prototype.search — function
Following is the modified — GFPMultiSelect.prototype.search — function, all the text in the bold are the changes ::
GFPMultiSelect.prototype.search = function()
{
this.sWhere = “”;
var obj1 = window.parent.document.getElementById(“customMSPromptdiv”);
/* sranka — added for MultiSelect Data Persistance*/
try{
if(obj1.value == ”){
this.sWhere = ” ( 1 = 1 ) ” ;
}else{
this.sWhere = obj1.value;
}
}catch(e){
this.sWhere = ” ( 1 = 1 ) ” ;
}
if(this.matchTable.style.display == ”)
{
if (this.searchForm.Constraint.value != “”)
{
var sValue = null;
switch (this.searchForm.Match.value)
{
case “beginsWith”:
sValue = GFPMultiSelect.SQLEscape(this.searchForm.Constraint.value) + “%”;
break;
case “endsWith”:
sValue = “%” + GFPMultiSelect.SQLEscape(this.searchForm.Constraint.value);
break;
case “contains”:
sValue = “%” + GFPMultiSelect.SQLEscape(this.searchForm.Constraint.value) + “%”;
break;
case “like”:
sValue = this.searchForm.Constraint.value;
}
if (sValue != null)
this.sWhere = this.sWhere + ” AND ” + this.vColumns[0] + ” LIKE ‘” + sValue + “‘”;
}
}
else if(this.dateTable.style.display == ”)
{
var tA = null;
var tB = null;
switch(GFPMultiSelect.primaryType)
{
case ‘date’:
tA = tDTP.parse(this.searchForm.BetweenA.value, 2 | 8 | 16 | 32);
tB = tDTP.parse(this.searchForm.BetweenB.value, 2 | 8 | 16 | 32);
break;
case ‘time’:
tA = tDTP.parse(this.searchForm.BetweenA.value, 4);
tB = tDTP.parse(this.searchForm.BetweenB.value, 4);
break;
case ‘timeStamp’:
// convert
tA = tDTP.parse(this.searchForm.BetweenA.value, 1 | 2 | 4 | 8 | 16 | 32);
tB = tDTP.parse(this.searchForm.BetweenB.value, 1 | 2 | 4 | 16 | 32);
//convert to data timezone
if (this.nDisplayToDataTZOffset)
{
if (tA != null)
tA.adjustTimeZoneOffset(this.nDisplayToDataTZOffset);
if (tB != null)
tB.adjustTimeZoneOffset(this.nDisplayToDataTZOffset);
}
break;
}
if(this.searchForm.BetweenA.value.length > 0 && !tA)
{
alert(kmsgWBInvalidInput + “\”" + this.searchForm.BetweenA.value + “\”");
return false;
}
if(this.searchForm.BetweenB.value.length > 0 && !tB)
{
alert(kmsgWBInvalidInput + “\”" + this.searchForm.BetweenB.value + “\”");
return false;
}
if(tA != null)
{
var sA = DateTimeParser.buildDateTimeClause(‘>’, this.vColumns[0], GFPMultiSelect.primaryType, tA);
if(sA != null)
this.sWhere = sA;
}
if(tB != null)
{
var sA = DateTimeParser.buildDateTimeClause(‘<’, this.vColumns[0], GFPMultiSelect.primaryType, tB);
if(sA != null)
this.sWhere = this.sWhere.length == 0 ? sA : (this.sWhere + ” AND ” + this.sWhere + ‘ AND ‘ + sA);
}
}
else if(this.numericTable.style.display == ”)
{
var tA = this.searchForm.BetweenNA.value;
var tB = this.searchForm.BetweenNB.value;
if(tA.length > 0)
{
tA = parseFloat(tA, 10);
this.sWhere = this.sWhere + ” AND ” + this.vColumns[0] + “>=” + tA;
}
if(tB.length > 0)
{
tB = parseFloat(tB, 10);
var clause = this.vColumns[0] + “<=” + tB;
this.sWhere = this.sWhere + ” AND ” + this.sWhere.length == 0 ? clause : this.sWhere + ” AND ” + clause;
}
}
this.choicesDiv.innerHTML = “”;
this.totalSpan.innerHTML = “0″;
this.totalSpan.setAttribute(“total”, 0);
this.moreLink.style.display = “none”;
VTDisplayValues(this.choicesDiv, this.vColumns, this.subjectArea, ‘kmsgGFPMultiSelectSearchValueTableRow’, this.sWhere, this.timeZone, this.timeZoneOffset,
‘scroll’, this.sId, null, null, null, null, null, “idGFPMultiSelect” + this.sId);
}
Following is the modified — GFPDoMultiSelect– function, all the text in the bold are the changes ::
function GFPDoMultiSelect(tEvent, sTextAreaID, sColumn, sSubjectArea, sWhere, sID, sCategory, sPrimaryType, sDisplay, sSQL, sDataTimeZoneOffset, sDisplayTimeZone)
{
/* sranka — Added this code as patch for persisting values for MultiSelect */
var parentElem = window.parent.document.getElementById(sTextAreaID);
//alert(‘GFPDoMultiSelect GlobalFilterPrompt.js :: ‘ +sTextAreaID);
var newdiv = window.parent.document.createElement(‘input’);
var divIdName = ‘customMSPromptdiv’;
newdiv.setAttribute(‘id’,divIdName);
newdiv.setAttribute(‘name’,'name’);
newdiv.setAttribute(‘value’,sWhere);
newdiv.setAttribute(‘type’,'text’);
var browserName=navigator.appName;
if(browserName == ‘Netscape’){
parentElem.appendChild(newdiv);
}else{
window.parent.parent.document.body.appendChild(newdiv);
}
var tMultiSelect = new GFPMultiSelect();
var tDialog = new XUIDialog(“idGFPMultiSelect”+sID, tMultiSelect, null);
tDialog.show(null, -1, -1, null, null, null, null, true);
tMultiSelect.initialize(sTextAreaID, sColumn, sSubjectArea, sWhere, sID, sCategory, sPrimaryType, sDisplay, sSQL, sDataTimeZoneOffset, sDisplayTimeZone);
return false;
}
I hope this will help solving some of the issue. I know that the code I have provided is not well formatted, please ping me or leave me a message for any questions or difficulties.
Posts
