Tuesday, May 12, 2015

Tabular Form Bug

I found bug in tabular forms created over tables that have columns with timestamp datatype (datepicker fields).
If you try to update any column value you'll get error message like this one:

Current version of data in database has changed since user initiated update process. current row version identifier = "CB89E9B0740B64051B6CA00FD81E58166C2288FA" application row version identifier = "3641B87EB52532E016A0D8377AA8F181A6E2FBCA" (Row 1)

I'm getting same error on APEX 4.2.5.00.08 and 5.0.0.00.31 (apex.oracle.com).

The bug was reported to APEX team and it will be fixed in future releases (5.1).

Quick fix for this is applying explicit format mask for timestamp datepicker columns.


Thanks to Robert and Valentino Orehoci for pointing this out and Marc Sewtz for quick fix.

Tuesday, May 5, 2015

APEX 5: Issues with configuration of Static Files (ORDS)

If you're getting this alert window when going to your APEX 5 login screen:


after upgrading from older versions of APEX you're probably missed this paragraph in installation documentation:
When using Oracle REST Data Services as your web listener, static files are served using RESTful service module built into Oracle Application Express. Therefore, you must configure RESTful Services in new installations and in upgrade installations when RESTful Services were not configured in a previous release.

To fix it don't forget to configure Oracle REST Data Services by executing this script @apex_rest_config.sql.


Thursday, April 9, 2015

APEX 5: Deprecated and Desupported Features and Changed Behavior

I've started to read APEX 5 BETA documentation (Beta Draft: 2015-01-16) Release Notes and I've found out two interesting chapters -  Deprecated and Desupported Features and Changed Behavior.

In chapter named Deprecated and Desupported Features you can find many interesting things about APEX 5 and what should you avoid to use in your future APEX 5 applications. 

Here are some things that caught my eye more than others:
  • Deprecated column types in Classic Report. Oracle recommends to use Tabular Forms or APEX_ITEM API for creating editable reports.
  • File Browse Item should use APEX_APPLICATION_TEMP_FILES table for select, update or delete operations instead of WWV_FLOW_FILES. Deletes are no longer necessary, as the file will automatically be purged after the request or when the session is purged.
  • If you used WWV_FLOW_FILES as a permanent store, the files should be copied into their own BLOB column(s) within a table within your schema.
  • In APEX 5.0 there is only one button type which can be positioned in a region or next to items. Finally, no more Item Buttons! :)
  • Dynamic actions based on DOM Objects have been deprecated. You should use jQuery Selector or JavaScript Expression instead.
  • Page computations and validations based on SQL expressions have been deprecated. You should use PL/SQL expressions or PL/SQL Function returning VARCHAR2 types
  • #PLUGIN_PREFIX# substitution string is not supported any more in plug-in files. You should use relative URLs instead.


Also, there's a nice chapter about Changed Behavior. Here are some nice bullets to remember:
  • Static files will be stored in central repository that is available for a specific application (Static Application Files) or for all applications within a workspace (Workspace Application Files)
  • Static application files uploaded to Shared Components are automatically included in an application export. No more recreating supporting object scripts. :)
  • In a future version of Oracle Application Express, the dictionary view APEX_WORKSPACE_FILES will no longer include CSS, image or static files uploaded in Shared Components. You should use the new views APEX_WORKSPACE_STATIC_FILES and APEX_APPLICATION_STATIC_FILES instead.
  • Because of internal changes to the views APEX_APPLICATION_FILES and WWV_FLOW_FILES, it is not possible anymore to lock rows with SELECT FOR UPDATE

Please check the whole documentation for details. Remember, for now this is only BETA documentation. 
Don't forget to check those chapters in full documentation before moving to APEX 5.


Saturday, April 4, 2015

APEX 5: jQuery Migration

If you like to write custom JS code in your APEX applications or to use lots of 3rd party plugins you should be aware of changes in jQuery and JS libraries in APEX 5.


APEX 5 (at least current version 5.0.0.00.28) uses jQuery 2.1.3 and if you plan to migrate from APEX 4.2 you should check for changes from jQuery version 1.7.1 which is included in APEX 4.2. There are some things that are deprecated and removed like .die() or .live() event handlers.

Here you can find things that are removed:

But APEX development team was one step ahead and they provided us with quick solution to include jQuery Migrate plugin that restores deprecated features and behaviors of jQuery.

You can turn it on under the User Interface Attributes Page, JavaScript tab. My advice is that you should clean up your code and not to use any deprecated code.

Note that, as you can read in jQuery documentation, jQuery 2.x has the same API as jQuery 1.x, but does not support Internet Explorer 6, 7, or 8. APEX development team also thought of that and they put conditional comment to handle this:

<!--[if lt IE 9]><script type="text/javascript" src="/i/libraries/jquery/1.11.2/jquery-1.11.2.min.js?v=5.0.0.00.28"></script><![endif]-->
<!--[if gte IE 9]><!--><script type="text/javascript" src="/i/libraries/jquery/2.1.3/jquery-2.1.3.min.js?v=5.0.0.00.28"></script><!--<![endif]-->

Also be aware that by default when you create new application in APEX 5 there is no more old non-namespaced APEX JavaScript functions in your application (as part of legacy.js). You can include them by turning on property Include Legacy Javascript in User Interface Attributes page, JavaScript tab.

Again, don't do that. Rather clean up your code!



Sunday, January 25, 2015

On Demand Process Bug

In my last post I wrote about security of on demand application processes. While I was testing this I've noticed a bug in APEX version 4.2.6.00.03 and APEX 5 EA2 (probably in some older versions too).

If you have on demand application process (without authorization scheme) and call it from public page (e.g. login page 101) you'll get additional unwanted data in response message.

For example, if you create public on demand application process like this that outputs some string like"OK":

and call it in some on load dynamic action on public page (like login page):

When you take a look at console window you'll see additional data with "OK" string:

If you are expecting that your message is returning something in JSON format you'll get an JS error on page.

I've reported a bug to APEX team and they've fix it for version 5.

Friday, January 23, 2015

Secure your On Demand processes

By default when you create On Demand application process there is no authorization scheme selected:


and that makes your On Demand processes very vulnerable and publicly available.

For example, if you create On Demand application process without authorization scheme named DUMMY that creates record in DEPT table:


it can easily be called from browser console window without being logged in into application (e.g. on login page 101) by executing this JS statement:
apex.server.process ("DUMMY" 
                    ,{x01: "IT",x02: "LOS ANGELES"}
                    ,{dataType:"text"}
                    );

Table before executed JS statement:
DEPTNODNAMELOC
10ACCOUNTINGNEW YORK
20RESEARCHDALLAS
30SALESCHICAGO
40OPERATIONSBOSTON

Table after executed JS statement:
DEPTNODNAMELOC
10ACCOUNTINGNEW YORK
20RESEARCHDALLAS
30SALESCHICAGO
40OPERATIONSBOSTON
50ITLOS ANGELES

If you change authorization scheme of your On Demand application process to Must Not Be Public User:

it will not be publicly available and unauthorized users will not be able to call it without logging in into application.

Environment: APEX 4.2.5.00.08 and Oracle XE 11.2.0.2.0 database.

Thursday, September 11, 2014

Remove Annoying Login Message

If you are annoyed by login message "...Please wait 5 seconds to login again..." that apears in APEX 4.2.* after failed login attempt you're lucky for reading this post. There is an easy way to switch it off.

Login to APEX Builder like instance admin and go to Manage Instance > Security option. Find General Login Control region and set property Delay after failed login attempts in Seconds to 0.




Tested with APEX 4.2.5.00.08 and Oracle XE 11.2.0.2.0 database.