Hi folks,

We're trying to pull data from a long text field via the PHP SOAP API.  When we do, any of the line breaks that exist within the field disappear in the SOAP request answer.  For instance, this...

Line 1 here.

Line 2 here.

...turns into this....

Line 1 here.Line 2 here.

Has anyone else experienced this?  We seem to not be receiving any notification of where the line breaks should exist.

Cheers!

Hi folks,

In building an app, we need our users to ensure that a new lead process they've created has specific picklist values set for their "converted" state.  Oddly enough, some of our users have run into an issue where they're in Setup > Customize > Leads > Fields > Lead Status > Edit mode, and they're trying to edit one of the Lead Status values to become a "converted" status by checking the checkbox for "Converted".  Instead, when they hit the save button, the screen simply refreshes, with the converted checkbox unchecked, and no error message.  It's seemingly impossible for them to add the converted value to a new lead status.

Anyone else face this before?

I have a trigger that is doing a query and building a rather large found set.  It's one trigger that is firing as part of a larger execution, and it just so happens that the full execution is failing because I'm hitting a governor limit on the number of SOQL rows in the found sets.  Since the data isn't necessary to have immediately, I'm trying to get the queries in this trigger into a class with an @future notation.

The problem is that I'm not sure how to convert this trigger below into a trigger that references an Apex, so I can put the query into the @future notation.  Here's the trigger code I have now...

trigger MyRollup on CampaignMember (after delete, after insert, after undelete, after update) {

	Map<Id,Campaign> updateCampaigns = new Map<Id,Campaign>();
	Set<Id> updateCampaignIds = new Set<Id>();

	// If we are inserting, updating, or undeleting, use the new ID values
	if(Trigger.isInsert || Trigger.isUpdate || Trigger.isUndelete)
		for(CampaignMember testing:Trigger.new)
			updateCampaignIds.add(testing.CampaignId);

	// If we are updating, some campaigns might change, so include that as well as deletes
	if(Trigger.isUpdate || Trigger.isDelete)
		for(CampaignMember testing:Trigger.old)
			updateCampaignIds.add(testing.CampaignId);

	// Do not create a record for null field
	updateCampaignIds.remove(null);

	// Create in-memory copies for all campaigns that will be affected
	for(Id campaignId:updateCampaignIds)
		updateCampaigns.put(campaignId,new Campaign(id=campaignId,MyRollup__c=0));

	// Run an optimized query that looks for all campaigns that meet the if/then criteria
	for(CampaignMember testing:[select id,campaignid from CampaignMember where CampaignId in :updateCampaignIds and Ready__c=true])
		updateCampaigns.get(testing.CampaignId).MyRollup__c++;

	// Update all the campaigns with new values.
	Database.update(updateCampaigns.values());
		    
}

Any recommendations as to how I can modify this trigger so that it's paired with a new Apex class?

Cheers!

Hi folks,

We're looking to build a simple proposal app that allows users to add line items from price books, and then sort them as they'd like them to appear within the proposal.  Currently, the Quotes object does exactly this process, and I'm wondering if there's a native Apex/VF function that would allow us to have the same "Sort" button to sort the related list (product line items) that the Quotes object has in our custom object's related list?

Thoughts on how to achieve this easily?

Cheers!

We're building an app that requires the user to be able to input raw HTML (for a design template) and then be able to display that within SFDC. The challenge we've found in a security process is that we need to find a way to ensure that the HTML is stripped of any "unsafe" constructs.

While it's been recommended we utilize the ESAPI Validator getValidSafeHTML method...

http://owasp-esapi-java.googlecode.com/svn/trunk_doc/latest/org/owasp/esapi/Validator.html#getValidSafeHTML(java.lang.String, java.lang.String, int, boolean)

...that doesn't seem to be included in the ESAI SFDC suite...

http://code.google.com/p/force-dot-com-esapi

Any recommendations as to how we could leverage the ESAPI Validator getValidSafeHTML method within our app, or potentially another way to scrub our HTML to ensure safe constructs?

I wonder how SFDC does this, as it allows you to input raw HTML when creating email templates.

In order to more securely store a password as part of my app, I have created a hierarchy custom setting that stores two variables that will be used across the org in connection with the app.  Per the requirements of SFDC security, I need to make sure that the form is blank (that none of the fields have values listed) after the user submits the form (so that the passwords aren't displayed in the clear to the user).

From the feedback I've seen thus far, using the transient keyword is the way to go.  I'm just running into some challenges.

After looking at some examples provided by Salesforce, I've come up with the following code.

public with sharing class TestCustomSettings {

public Transient TestR__c myPref {get;set;}
		
public TestCustomSettings(){
		
myPref = TestR__c.getvalues(System.UserInfo.getOrganizationId());
			
if(myPref == null)
myPref = new TestR__c(setupOwnerId = System.Userinfo.getOrganizationId());
}

public PageReference save() {
if(myPref.id == null){
insert myPref;
} else
update myPref;
return null;
}
}

 You'll see that right at the beginning, I've included the "transient" keyword, in hopes that after the POST, I won't receive the values back in the view state.  Unfortunately, when I submit the POST, I get the following response from SFDC:

"Attempt to de-reference a null object

<apex:page controller="TestCustomSettings" title="Test Custom Settings Title">
<h1>Test Custom Setting</h1>
 <apex:form >
    <apex:pageBlock title="Edit Preferences" mode="edit">
          <apex:pageBlockButtons location="bottom">
            <apex:commandButton action="{!save}" value="Save"/>
          </apex:pageBlockButtons>
              <apex:pageBlockSection title="Change my preferences" columns="2">
                <apex:inputField value="{!myPref.Password1__c}"/>
                <apex:inputField value="{!myPref.Password2__c}"/>
              </apex:pageBlockSection>
    </apex:pageBlock>
  </apex:form>
</apex:page>

Hi folks,

We're getting ready to go through the security scan so we can take our app public on the AppExchange.  In our pre-scan report, however, we're getting a couple XSFR/CSFR reports.  Why?  When we have someone load a particular URL, we'll grab an Id from the URL params and use that to make a hard-coded update to the Id's record.  So, let's say this URL is used to update a custom object's checkbox field when loaded.  No login required, no cookie created.

That's it.  No data can be forced into the object's record from the URL, we've protected against XSS, and the change is hard-coded in the controller.

So, my question is this:  considering the limitation of this update, would the SFDC security review team flag this as an unpassable situation for their security review?  If so, are there other options that we can use (we don't want to require user button clicking or input to do something this simple ... they're being redirected to another page).

I have a trigger that is doing a query and building a rather large found set.  It's one trigger that is firing as part of a larger execution, and it just so happens that the full execution is failing because I'm hitting a governor limit on the number of SOQL rows in the found sets.  Since the data isn't necessary to have immediately, I'm trying to get the queries in this trigger into a class with an @future notation.

The problem is that I'm not sure how to convert this trigger below into a trigger that references an Apex, so I can put the query into the @future notation.  Here's the trigger code I have now...

trigger MyRollup on CampaignMember (after delete, after insert, after undelete, after update) {

	Map<Id,Campaign> updateCampaigns = new Map<Id,Campaign>();
	Set<Id> updateCampaignIds = new Set<Id>();

	// If we are inserting, updating, or undeleting, use the new ID values
	if(Trigger.isInsert || Trigger.isUpdate || Trigger.isUndelete)
		for(CampaignMember testing:Trigger.new)
			updateCampaignIds.add(testing.CampaignId);

	// If we are updating, some campaigns might change, so include that as well as deletes
	if(Trigger.isUpdate || Trigger.isDelete)
		for(CampaignMember testing:Trigger.old)
			updateCampaignIds.add(testing.CampaignId);

	// Do not create a record for null field
	updateCampaignIds.remove(null);

	// Create in-memory copies for all campaigns that will be affected
	for(Id campaignId:updateCampaignIds)
		updateCampaigns.put(campaignId,new Campaign(id=campaignId,MyRollup__c=0));

	// Run an optimized query that looks for all campaigns that meet the if/then criteria
	for(CampaignMember testing:[select id,campaignid from CampaignMember where CampaignId in :updateCampaignIds and Ready__c=true])
		updateCampaigns.get(testing.CampaignId).MyRollup__c++;

	// Update all the campaigns with new values.
	Database.update(updateCampaigns.values());
		    
}

Any recommendations as to how I can modify this trigger so that it's paired with a new Apex class?

Cheers!

Hi folks,

We're looking to build a simple proposal app that allows users to add line items from price books, and then sort them as they'd like them to appear within the proposal.  Currently, the Quotes object does exactly this process, and I'm wondering if there's a native Apex/VF function that would allow us to have the same "Sort" button to sort the related list (product line items) that the Quotes object has in our custom object's related list?

Thoughts on how to achieve this easily?

Cheers!

We're building an app that requires the user to be able to input raw HTML (for a design template) and then be able to display that within SFDC. The challenge we've found in a security process is that we need to find a way to ensure that the HTML is stripped of any "unsafe" constructs.

While it's been recommended we utilize the ESAPI Validator getValidSafeHTML method...

http://owasp-esapi-java.googlecode.com/svn/trunk_doc/latest/org/owasp/esapi/Validator.html#getValidSafeHTML(java.lang.String, java.lang.String, int, boolean)

...that doesn't seem to be included in the ESAI SFDC suite...

http://code.google.com/p/force-dot-com-esapi

Any recommendations as to how we could leverage the ESAPI Validator getValidSafeHTML method within our app, or potentially another way to scrub our HTML to ensure safe constructs?

I wonder how SFDC does this, as it allows you to input raw HTML when creating email templates.

In order to more securely store a password as part of my app, I have created a hierarchy custom setting that stores two variables that will be used across the org in connection with the app.  Per the requirements of SFDC security, I need to make sure that the form is blank (that none of the fields have values listed) after the user submits the form (so that the passwords aren't displayed in the clear to the user).

From the feedback I've seen thus far, using the transient keyword is the way to go.  I'm just running into some challenges.

After looking at some examples provided by Salesforce, I've come up with the following code.

public with sharing class TestCustomSettings {

public Transient TestR__c myPref {get;set;}
		
public TestCustomSettings(){
		
myPref = TestR__c.getvalues(System.UserInfo.getOrganizationId());
			
if(myPref == null)
myPref = new TestR__c(setupOwnerId = System.Userinfo.getOrganizationId());
}

public PageReference save() {
if(myPref.id == null){
insert myPref;
} else
update myPref;
return null;
}
}

 You'll see that right at the beginning, I've included the "transient" keyword, in hopes that after the POST, I won't receive the values back in the view state.  Unfortunately, when I submit the POST, I get the following response from SFDC:

"Attempt to de-reference a null object

<apex:page controller="TestCustomSettings" title="Test Custom Settings Title">
<h1>Test Custom Setting</h1>
 <apex:form >
    <apex:pageBlock title="Edit Preferences" mode="edit">
          <apex:pageBlockButtons location="bottom">
            <apex:commandButton action="{!save}" value="Save"/>
          </apex:pageBlockButtons>
              <apex:pageBlockSection title="Change my preferences" columns="2">
                <apex:inputField value="{!myPref.Password1__c}"/>
                <apex:inputField value="{!myPref.Password2__c}"/>
              </apex:pageBlockSection>
    </apex:pageBlock>
  </apex:form>
</apex:page>

Hi folks,

We're getting ready to go through the security scan so we can take our app public on the AppExchange.  In our pre-scan report, however, we're getting a couple XSFR/CSFR reports.  Why?  When we have someone load a particular URL, we'll grab an Id from the URL params and use that to make a hard-coded update to the Id's record.  So, let's say this URL is used to update a custom object's checkbox field when loaded.  No login required, no cookie created.

That's it.  No data can be forced into the object's record from the URL, we've protected against XSS, and the change is hard-coded in the controller.

So, my question is this:  considering the limitation of this update, would the SFDC security review team flag this as an unpassable situation for their security review?  If so, are there other options that we can use (we don't want to require user button clicking or input to do something this simple ... they're being redirected to another page).

I'm facing a problem trying to search for Content. We are basically trying to return search results using SOSL on the ContentVersion object. We're expecting full-text search results (words within the PDF or DOC), but results are returned only on ContentVersion.Title.

List<List<SObject>> contentresults1 = [FIND :SearchVal IN ALL FIELDS RETURNING ContentVersion (id, Title, Description)];

I am wondering if its possible to get info about packages via the API. For example, what version of a Managed Package a person might have installed. My package integrates heavily with an external website, and I need my external website to know what version of a package a person has installed so I can modify the appropriate API calls. 

Is this possible? I know with Apex you can call Package.Version.Request for example...

Hi,

I want to create a rollup field in Account Object with Opportunity Amount. Can any one help me on this, Actually i'm new in  trigger.

First of all, good work on adding XSRF (cross-site request forgery) to the security scanner.

Secondly, I'd like to ask for some tips on a more secure way of doing things.

Currently I have a button for a ticketing system that most compeditors have, one that takes ownership of the current record. Currently I have this implemnted as a visualforce page something like this:

<apex:page standardController="ticket__c" extensions="sObjectUtils" action="{!takeOwnership}">
<apex:outputPanel rendered="false">
<!-- here to let the standardController.getRecord() method rather than SOQL -->
	{!ticket__c.ownerId}
</apex:outputPanel>

Ownership taken.
</apex:page>

The problem is I can't see a way to put a button on a detail page that doesn't open me up to XSRF without requiring an exta step. I'd love it if I could call an action with a button directly, which would mitigate the XSRF issues, but that's currently not supported by the platfrom.

So mighty security gurus, what's the "proper" way of implementing this button?