Froilan Benito
Rank: #1854
64Views
8Comments
Solved
Question about site property PopupUpload_UseToken
Question

Hi,

Does anyone here know what is the use of the site property PopupUpload_UseToken in richwidgets and what will happen if the effective value is set to TRUE?

0
0
on 2020-07-03
Copy link to comment
Nordin Ahdi
mvp_badge
MVP
Rank: #73
Solution

Hi Froilan,

Sorry for the late reply. This one somehow must have slipped my mind!

There should be a button that is associated with a Popup_Editor widget somewhere on that page. 

Hitting the Enter-key will trigger the one button/link that is set as Default and if this happens to be the one button/link that is bound to a Popup_Editor widget, it could result in a redirect to the Popup_Upload webscreen of the RichWidgets module.

You could open a clone of the RichWidgets module and review the logic yourself. When the Site Property PopupUpload_UseToken is set to True, it will use the Popup_Editor_WithToken Web Block.

The Popup_Editor_WithToken Web Block in its turn contains some Javascript that clicks on the Open Popup Upload Button whichs redirect the user to the Popup_Upload webscreen.

Hope this helps!

Regards,

Nordin

See solution in context
1
0
on 2020-07-06
Copy link to comment
Froilan Benito
Rank: #1854

Nordin Ahdi wrote:

Hi Froilan,

Sorry for the late reply. This one somehow must have slipped my mind!

There should be a button that is associated with a Popup_Editor widget somewhere on that page. 

Hitting the Enter-key will trigger the one button/link that is set as Default and if this happens to be the one button/link that is bound to a Popup_Editor widget, it could result in a redirect to the Popup_Upload webscreen of the RichWidgets module.

You could open a clone of the RichWidgets module and review the logic yourself. When the Site Property PopupUpload_UseToken is set to True, it will use the Popup_Editor_WithToken Web Block.

The Popup_Editor_WithToken Web Block in its turn contains some Javascript that clicks on the Open Popup Upload Button whichs redirect the user to the Popup_Upload webscreen.

Hope this helps!

Regards,

Nordin

 

In our case, there is no button that are set as default wherein there should at least 1. Anyway, thank you for your explanations. We'll just have to check every page and see to it that there is at least 1 button/link set as default.

Thanks again!

0
0
on 2020-07-06
Copy link to comment
Nordin Ahdi
mvp_badge
MVP
Rank: #73
Solution

Hi Froilan,

After all, it seems this was a bug that was fixed in Platform Server version 11.10.0.

  • Fixed a glitch in the UI that redirected users to a PopupUpload.aspx page after they pressed Enter in an Input widget, on the screen with a Popup Editor Rich Widget. (RTAF-3184)


I just wanted to leave this here for anyone who might find this thread.

Cheers,

Nordin

See solution in context
0
0
on 2020-12-16
Copy link to comment
Nordin Ahdi
mvp_badge
MVP
Rank: #73

Hi Froilan,

This is a fix for a vulnerability OutSystems has resealed two months ago, which was inside a publicly exposed Popup_Upload page available in the RichWidgets module.

More information on the issue can be found in this forum post.

https://www.outsystems.com/forums/discussion/41206/richwidget-popup-upload-security/

Enabling the PopupUpload_UseToken Site Property will enforce a token mechanism security layer for this Popup_Upload screen. This way, no file will be saved on the server without a valid upload token.

Hope this helps.

Regards,

Nordin


0
0
on 2020-07-03
Copy link to comment
Froilan Benito
Rank: #1854

We have this issue when pressing a button using enter key then suddenly the page redirects the popup upload page. This happens when that site property is set to true. setting it to false the issue don't happen.

please advise. 


0
0
on 2020-07-03
Copy link to comment
Nordin Ahdi
mvp_badge
MVP
Rank: #73

Hi Froilan,

I'm not sure I understand. 

Can you share more specific details of your issue. Also some screenshots or an example OML that replicates this behavior would help.

Thanks,

Nordin

0
0
on 2020-07-03
Copy link to comment
Froilan Benito
Rank: #1854

Hi Nordin,

Let me rephrase and here's the detailed explanation of the issue.

In our page we are using Search control under Webpatterns and have text input inside.


During runtime, when i typed/enter a value I want to search and press Enter key (keyboard), the page gets redirected to the popup upload page as you can see in the screenshot below.

This only happens when the site property PopupUpload_UseToken is set to TRUE.

I noticed as well that this is only happening when a page has no default button/link that has been set.



Does anyone here know how this is happening? 


0
0
on 2020-07-03
Copy link to comment
Nordin Ahdi
mvp_badge
MVP
Rank: #73
Solution

Hi Froilan,

After all, it seems this was a bug that was fixed in Platform Server version 11.10.0.

  • Fixed a glitch in the UI that redirected users to a PopupUpload.aspx page after they pressed Enter in an Input widget, on the screen with a Popup Editor Rich Widget. (RTAF-3184)


I just wanted to leave this here for anyone who might find this thread.

Cheers,

Nordin

0
0
on 2020-12-16
Copy link to comment
Nordin Ahdi
mvp_badge
MVP
Rank: #73
Solution

Hi Froilan,

Sorry for the late reply. This one somehow must have slipped my mind!

There should be a button that is associated with a Popup_Editor widget somewhere on that page. 

Hitting the Enter-key will trigger the one button/link that is set as Default and if this happens to be the one button/link that is bound to a Popup_Editor widget, it could result in a redirect to the Popup_Upload webscreen of the RichWidgets module.

You could open a clone of the RichWidgets module and review the logic yourself. When the Site Property PopupUpload_UseToken is set to True, it will use the Popup_Editor_WithToken Web Block.

The Popup_Editor_WithToken Web Block in its turn contains some Javascript that clicks on the Open Popup Upload Button whichs redirect the user to the Popup_Upload webscreen.

Hope this helps!

Regards,

Nordin

1
0
on 2020-07-06
Copy link to comment
Froilan Benito
Rank: #1854

Nordin Ahdi wrote:

Hi Froilan,

Sorry for the late reply. This one somehow must have slipped my mind!

There should be a button that is associated with a Popup_Editor widget somewhere on that page. 

Hitting the Enter-key will trigger the one button/link that is set as Default and if this happens to be the one button/link that is bound to a Popup_Editor widget, it could result in a redirect to the Popup_Upload webscreen of the RichWidgets module.

You could open a clone of the RichWidgets module and review the logic yourself. When the Site Property PopupUpload_UseToken is set to True, it will use the Popup_Editor_WithToken Web Block.

The Popup_Editor_WithToken Web Block in its turn contains some Javascript that clicks on the Open Popup Upload Button whichs redirect the user to the Popup_Upload webscreen.

Hope this helps!

Regards,

Nordin

 

In our case, there is no button that are set as default wherein there should at least 1. Anyway, thank you for your explanations. We'll just have to check every page and see to it that there is at least 1 button/link set as default.

Thanks again!

0
0
on 2020-07-06
Copy link to comment
Nordin Ahdi
mvp_badge
MVP
Rank: #73

You're most welcome!

0
0
on 2020-07-06
Copy link to comment