Cognos Reports - No Prompt Page - prompt

I am new to Cognos reports, so bear with me.
I have a report that has two parameters (call them x and y). I have a prompt page for x and y. The user can supply those values and click finish to be taken to the report. I am looking for a way to only show that prompt page if those parameters are not passed in the url string. If those parameters are set, I want to go directly to the report. I have tried some js to automatically act as though the finish button has been called, but I am just getting cognos errors. Any suggestions as to how I can accomplish this? The prompt page is having the prompt controls set to the values for x and y in the url.
js -
<script type="text/javascript">
promptAction('finish');
</script>
cognos error -
The secondary request failed. The requested session does not exist
and the secondary request does not contain enough information to
recreate the session. Contact your Administrator.

You need to append &run.prompt=false to your URL string to skip the prompt page. This only works if you supply all the prompts - it will error if even one is missing.

Related

XSS leaking into other parts of site

I've got a web application in which there are several XSS vulnerabilities on it, on the Profile Page for example there is a text box which is vulnerable to XSS along with the Messages Page. They both have text boxes yet when I add some XSS into the Profile Page, the pop up also comes up in the messages section and I can't figure out why. I've attached some screenshots for more information. If anyone can explain why this does this, I'd be very grateful.
The below Links are for visuals of the application
These are the source code images/files
Profile Page Source Code:
https://drive.google.com/file/d/1fA_Zoa7z4fdhBBzW2-e3Wm-fWF1qwXw7/view?usp=sharing
Message Page Code:
https://drive.google.com/file/d/1YApsri_3YSmUwlRfyajcebgpe26L37TZ/view?usp=sharing
You are inserting the saved data from this text box onto the messages.php page. If you right-click and inspect the "testtest" text, you'll notice a script was also added in there (the one you added earlier). By saving this server-side it allows it to be run each time the client loads the page because the browser still reads it as code to be ran. It should not - it should view it as text.
You'll notice that the first word in the background "test" is written, and the script has appeared. This is a blocking script, meaning no further code will be ran until you click the OK button in the dialog allowing the code to continue rendering the rest of the content on the page; hence why the second "test" word waits until you click okay before rendering the rest of the page.
Please let me know if I've missed anything out. Hope this helps

Cognos 10 Report Studio: On Page Prompts & Performance

I have a report page which displays a crosstab. This is filtered by 5 paramaters. These paramaters are submitted by the user through on page checkbox prompts.
The requirement is to return the data with all values in all paramaters selected on the first run. If I leave default selections blank this behaviour is achieved but all the checkboxes are unchecked which gives misleading feedback to the user.
As an alternative I've manually specified all the values in default selections. However, this has a performance impact.
Does anyone have any alternative suggestions?
I've been looking for a way to specifically link a reprompt button to a value list so only those paramaters are resubmitted (rather than the whole page) but haven't found anything yet.
Thanks in advance - even if the answer is 'no and this is a bad way to go about it'!
One option is to use JavaScript to check all of the checkboxes after the page is rendered with no filtering applied. To do this all filters have to be set to optional. The page is rendered with all data and unchecked checkboxes. The JavaScript fires and checks all checkboxes so that the state of the prompts matches the state of the data. This happens so fast the user likely won't know the boxes weren't checked initially. A reprompt button will, when clicked, enforce whatever choices the user makes after that.
Since version 10.2, Cognos has provided a fairly simple JavaScript API to allow for render-time manipulation of prompt controls. Hopefully, you are working with 10.2 or later otherwise the code provided will not work. Here is a bit of JavaScript code that will loop through all prompts and select all values within them:
var report = cognos.Report.getReport("_THIS_");
var prompts = report.prompt.getControls();
if (typeof firstrun == "undefined") {
var values;
for (var i=0;i<prompts.length;i++) {
values = prompts[i].getValues(true);
prompts[i].addValues(values);
}
var firstrun = false;
}
Notes:
All value prompts behave the same way regarding the 10.2+ JavaScript Prompt API. It doesn't matter whether you choose a drop-down, list, checkbox or radio button interface. The way we code for all of these variations is the same. The provided code would work just as well with a list as it would with checkboxes.
Make sure that you wrap your code in script tags and that the HTML Item object you place on your page to hold the code appears below all prompt controls. If it is placed elsewhere it will not be able to find the prompt controls as they will not have been rendered when the code executes.
The code assumes that the only prompts on the page are the checkboxes you want checked. If there are other prompts on the page then you will have to target individual prompts using the getControlByName() function provided in the API rather than looping through all prompts. More information on the Cognos JavaScript Prompt API can be found here.
The key bits of code here are the getValues() and addValues() Cognos JavaScript Prompt API functions. getValues(true) returns a JSON-formatted object representing all values, selected or not, from a value prompt. addValues(values) takes a JSON-formatted object representing the values to be selected and selects them. Thus, it's a matter of grabbing all values and then passing them in to be selected.
The reason for the if block is that we only want this code to run once at first page render. When the user first runs the report we want all checkboxes checked but after that we want the checkboxes to retain state. If we didn't use the if block the user's choices would be overwritten after a reprompt. For more information on this technique check out this tutorial on my blog: JavaScript: Running Code Only Once.
Addendum
If you don't want any filters to be applied when all boxes are checked in a section even after subsequent reprompts you can do so by tweaking your filter.
Assume that we are checking against a model based item [Item1]. We have a current filter of: [Item1] in ?parameter1?. We also have four checkboxes with values of 'Choice1','Choice2','Choice3', and 'Choice4'.
The following modified filter will only apply the checkboxes to the filter when all four aren't checked:
(
'Choice1' in ?parameter1?
AND
'Choice2' in ?parameter1?
AND
'Choice3' in ?parameter1?
AND
'Choice4' in ?parameter1?
)
OR
[Item1] in ?parameter1?
If all four checkboxes are checked then the first part of the OR is satisfied and all rows will be returned. It should be fast too because most languages, including iterations of SQL, will not test the second component of an OR if the first component is satisfied.

limit number of characters entered in cognos search and select prompt

limit number of characters entered in cognos search and select prompt
`The below script works for text box.
<script>
// The ASDF here comes from the Name property of the prompt
var fW = (typeof getFormWarpRequest == "function" ? getFormWarpRequest() :
document.forms["formWarpRequest"]);
fW._textEditBoxASDF.maxLength = 3;
</script>`
I need a similiar piece of code to work with Search and select prompt.
I don't have cognos in front of me but let me tell you how i did stuff like this with Javascript. Please read entirely as there are several approaches.
Put a uniquely named/id DIV tag around your native Cognos select and search prompt(The one your typing in. This will make it easy to reference with Java's dom model for the next steps. We will eventually make this default search prompt invisible/hidden but for now keep it visible until the following steps are coded/debugged.
Create an HTML control in the simliar style as the native Select and search with the proper max-length settings that you want. Use the text box on change event to update the native Cognos select and search prompt. for debugging troubleshooting i find it handy to have javascript alert the DIV innerHTML so you can see whats under the hood with the Cognos control. Sometimes i uses this innerHTML as the starting point for my "Cloned/Shadow" HTML prompt that i have control over.
Once you have your new HTML control effectively changing the Cognos control you can make it invisible.
On complex dashboards/scorecarding i wrote routines to clone cognos prompts and expose their HTML so i could create my own control that would quietly manipulate the actual hidden controls. This gave me complete control over presentation and functionality.
There are many variations on this once you have the controls innerhtml like replacing the innerHTML with one of your own immediately after the page loads that has the restrictions on length. Or simply seeing if you can massage the property learning from the innerhtml.
In Cognos 8.4 and 10 there is a new method to dynamically add a method to a control to be called prior to any other methods. It is tricky but it is on IBM's web site. I may be more cleanly implemented in 10 and also IBM is not shy about showing off these solutions on their web site.

XPages Mobile Controls - sessionScope variable being lost

I am building a mobile app for iPhone using the mobile controls in the XPages Extension Library.
The first page displays a list of categories (happens to be a list of user names). When a category is selected the second page is displayed listing all documents belonging to the selected user.
The URL to open the second page includes a parameter with the user's name. The second page has a page heading control and on the "label" property I have added the following code:-
if (param.get("User") != null) {
sessionScope.put("UserName", param.get("User"));
}
return sessionScope.UserName;
I'm doing this so that I have access to the user name on subsequent pages, e.g. the third page is displayed when the user opens a document from the list on the second page.
When I test this in Chrome everything is fine. When I test in Safari I can see that the sessionScope variable is set when the second page is opened. However, when I select a document and the third page is opened the sessionScope variable is disappearing. I can't see any code that would explain this and when tested in Chrome the sessionScope variable is still there on page 3. Unsurprisingly I get the same issue when I test on an iPhone.
The problem this gives me is that, when navigating back from a document (p.3) to the list of documents for the selected user (p.2) I don't know which user was selected originally.
Anyone seen this before or have any explanation as to what might be going on?
Thanks for any suggestions.
you might want to refrain from the parameter approach unless you are sanetizing your input first, so instead of the URL write the userName directly into the scope - or even easier - bind the first field with the categories to the sessionScope. Did u try to modify your code to use a different variable name?

What procedure does default form submit button handler follow?

I've set (and confirmed in the database) nodes under the content type miniapps to have the alias content/miniapps/9999/test (where 9999 is a node's actual id, and test is the node's title. Everything works fine when a new node is added - i.e. I get redirected to the proper page. However, when I edit that page and press Submit, I get the "page not found" error. If I manually enter the above path in the browser I go to the proper page. This happens even though every conceivable permission has been set, and in fact happens on my (the super admin) content. Any guidance or suggestions on why the wrong redirect appears to be assigned by the form submit button handler. Thank you very much.

Resources