Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Viknesh S (IMURPALVICKY)
Tata Consultancy Services

Tata Consultancy Services
IN
IMURPALVICKY Member since 2013 27 posts
Tata Consultancy Services
Posted: Nov 25, 2016
Last activity: Dec 5, 2016
Posted: 25 Nov 2016 10:01 EST
Last activity: 5 Dec 2016 7:45 EST
Closed
Solved

using pxSessiontimer section for showing the sessiontimeout warning

Hi Team,

               I am using pxsessiontimer control with 120 min and 20 min and show in modal as parameters respectively. For some strange reason. This section is getting acted on the 120th min to show the modal window but the section inside is not getting rendered please refere the screenshot attached.

         In tracer I could find there is one interaction started on processAction activity but the next interaction to call the activity showlogOff activity is never called ... Please let me know if there is any way to find why the second interaction never starts or why I am getting this error as mentioned. Thanks in advance

To see attachments, please log in.
Java and Activities
Security
User Experience

Accepted Solution

Posted: 9 years ago
Posted: 28 Nov 2016 1:59 EST
Viknesh S (IMURPALVICKY)
Tata Consultancy Services

Tata Consultancy Services
IN

We found the issue and we are going back to PEGA on this...

From our analyze we understand before installing Hotfix for HFix-29680 : pzDisplayModalDialog is vulnerable to XSS the section in the flowaction is rendered as below

    <iframe src="/prweb/PRServlet/PxOBPOzjxiB-xx254ZjNplu_SciSRFT7*/[email protected]&amp;time=60000&amp;pzHarnessID=HID889ED4C50448AEE20A7A09E7027BEBF5" name="pzDisplayModalDialog" frameborder="0" style="width: 620px; height: 210px;" onload="pzDisplayModalDialogLoaderOnLoad(this);" id="pzDisplayModalDialog"></iframe>

From our analyze we understand after installing Hotfix for HFix-29680 : pzDisplayModalDialog is vulnerable to XSS the section in the flowaction is rendered as below (encoded characters this is causing the issue)

    <iframe src="%2Fprweb%2FPRServlet%2FPxOBPOzjxiB-xx254ZjNplu_SciSRFT7*%2F%21OpenPortal%3FpyActivity%3D%2540baseclass.ShowLogoffTimer%26time%3D60000%26pzHarnessID%3DHIDD73E2D765D89B8E7B1463653632E8A3A" name="pzDisplayModalDialog" frameborder="0" style="width: 620px; height: 210px;" onload="pzDisplayModalDialogLoaderOnLoad(this);" id="pzDisplayModalDialog"></iframe>

 

To see attachments, please log in.
Posted: 9 years ago
Posted: 26 Nov 2016 2:56 EST
Santanu Bhattacherjee (Santanu) Senior Manager, Cloud Engineering, Management Plane Services
Pegasystems Inc.
IN

From the screenshot it seems that the activity is not found on server. 

Can you try opening the acitivity once stand alone and do a  unit test ? What is the outcome ?

Can you also see PegaRULES log file to see whether it has any additional information ?

Also it is a good idea to do a server restart just to see whether that helps or not.

To see attachments, please log in.
Posted: 9 years ago
Posted: 26 Nov 2016 12:10 EST
Viknesh S (IMURPALVICKY)
Tata Consultancy Services

Tata Consultancy Services
IN

Thanks for the reply..........The other observation i have here is . If I am hitting that URL(one in the screenshot) seperately in the same session the activity is running with no issues I am able to see the screen. As i mentioned the problem is, after process action the next activity is never called. I tried seeing the log files also there is no details about that activity. Will it be related to any appserver configuration or so....?

To see attachments, please log in.
Posted: 9 years ago
Updated: 9 years ago
Posted: 26 Nov 2016 5:58 EST
Updated: 28 Nov 2016 4:51 EST
Pankaj Rawal (rawap)
PEGA
Fellow, Software Architect, Platform Engineering
Pegasystems Inc.
IN

Check if below post helps.

https://mesh.pega.com/message/60165 <internal link accessible only to Pega employees>

<reply edited by Moderator: Lochan to add internal link message>

To see attachments, please log in.
Posted: 9 years ago
Posted: 26 Nov 2016 12:07 EST
Viknesh S (IMURPALVICKY)
Tata Consultancy Services

Tata Consultancy Services
IN

Thanks for the reply, I cannot access the path you specified I have mesh login but I lack sufficient privelege. My Application is using pega 7.1.8 PRPC. Can you share the info here. Thanks in indvance  

To see attachments, please log in.

Accepted Solution

Posted: 9 years ago
Posted: 28 Nov 2016 1:59 EST
Viknesh S (IMURPALVICKY)
Tata Consultancy Services

Tata Consultancy Services
IN

We found the issue and we are going back to PEGA on this...

From our analyze we understand before installing Hotfix for HFix-29680 : pzDisplayModalDialog is vulnerable to XSS the section in the flowaction is rendered as below

    <iframe src="/prweb/PRServlet/PxOBPOzjxiB-xx254ZjNplu_SciSRFT7*/[email protected]&amp;time=60000&amp;pzHarnessID=HID889ED4C50448AEE20A7A09E7027BEBF5" name="pzDisplayModalDialog" frameborder="0" style="width: 620px; height: 210px;" onload="pzDisplayModalDialogLoaderOnLoad(this);" id="pzDisplayModalDialog"></iframe>

From our analyze we understand after installing Hotfix for HFix-29680 : pzDisplayModalDialog is vulnerable to XSS the section in the flowaction is rendered as below (encoded characters this is causing the issue)

    <iframe src="%2Fprweb%2FPRServlet%2FPxOBPOzjxiB-xx254ZjNplu_SciSRFT7*%2F%21OpenPortal%3FpyActivity%3D%2540baseclass.ShowLogoffTimer%26time%3D60000%26pzHarnessID%3DHIDD73E2D765D89B8E7B1463653632E8A3A" name="pzDisplayModalDialog" frameborder="0" style="width: 620px; height: 210px;" onload="pzDisplayModalDialogLoaderOnLoad(this);" id="pzDisplayModalDialog"></iframe>

 

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice