You need to sign in to do that
Don't have an account?
Nochum Klein 15
Trailhead Module: Identify CRUD and FLS Violations in Visualforce and Apex
This no longer works as described in the Trailhead. Selecting "User with Limited Access to Treasures" on the CRUD & FLS Visualforce Demo tab yields an "insufficient access" error with no data returned.
I have tried and got same error.I would suggest you provide feedback from feedback link on the same page which i did.
Best Regards,
Sandhya
Hey all. Seem to be stuck on this one. I pasted an image of the code I modified. Plus when I went to check the challenge, I got the error message. What am I doing wrong? Thanks!!
so instead of using
<!-- Field 1 is vulnerable NO -->
replace to:
<!-- chestContents is vulnerable YES -->
Below worked for me
<apex:image id="theImage" value="{!$Resource.treasure_chest}"/>
<br/><br/>
<apex:commandButton value="Open Chest" action="{!getRandomTreasure}" rendered="{!ISBLANK(chestContents)}"/> <apex:OutputText rendered="{!NOT(ISBLANK(chestContents))}" value="Congrats, you've found {!chestContents}!"/> <!-- chestContents is vulnerable YES -->
</apex:form>
</apex:pageBlockSection>
<br/>
<h3>List of Potential Prizes!</h3>
<apex:pageBlockTable value="{!treasures}" var="p"> <apex:column headervalue="Name"> <apex:OutputText value="{!p.Name}" /> <!-- p.Name is vulnerable NO -->
</apex:column> <apex:column headervalue="Description"> <apex:OutputText value="{!p.Description__c}" /> <!-- p.Description__c is vulnerable NO-->
</apex:column>
</apex:pageBlockTable>
<apex:page controller="CRUD_FLS_Challenge" tabStyle="CRUD_FLS_Challenge__tab">
<apex:sectionHeader title="CRUD & FLS Challenge"/>
<apex:pageBlock >
<c:Classic_Error />
<apex:pageBlockSection title="Demo" columns="1" id="tableBlock">
<c:LoginAs string_url="/apex/CRUD_FLS_Challenge" array_permset="{!PermSets}"/>
<apex:pageBlockSection >
<apex:form >
<h1>Are you feeling lucky? Open the treasure chest to claim your prize!</h1><br/><br/>
<apex:image id="theImage" value="{!$Resource.treasure_chest}"/>
<br/><br/>
<apex:commandButton value="Open Chest" action="{!getRandomTreasure}" rendered="{!ISBLANK(chestContents)}"/> <apex:OutputText rendered="{!NOT(ISBLANK(chestContents))}" value="Congrats, you've found {!chestContents}!"/> <!-- chestContents is vulnerable YES -->
</apex:form>
</apex:pageBlockSection>
<br/>
<h3>List of Potential Prizes!</h3>
<apex:pageBlockTable value="{!treasures}" var="p"> <apex:column headervalue="Name"> <apex:OutputText value="{!p.Name}" /> <!-- p.Name is vulnerable NO -->
</apex:column> <apex:column headervalue="Description"> <apex:OutputText value="{!p.Description__c}" /> <!-- p.Description__c is vulnerable NO-->
</apex:column>
</apex:pageBlockTable>
</apex:pageBlockSection>
<apex:pageBlockSection title="Code links" columns="1">
<apex:outputPanel >
<ul>
<li><c:codeLink type="Visualforce" namespace="security_thail" name="CRUD_FLS_Challenge" description="Visualforce Page"/></li>
<li><c:codeLink type="Apex" namespace="security_thail" name="CRUD_FLS_Challenge" description="Apex Controller"/></li>
</ul>
</apex:outputPanel>
</apex:pageBlockSection>
</apex:pageBlock>
</apex:page>
insert these comments in order on lines 14, 21, 24:
<!-- chestContents is vulnerable YES -->
<!-- p.Name is vulnerable NO -->
<!-- p.Description__c is vulnerable NO -->