When you define a new form, you need a form handler. If you copy a seeded form, you can re-use the Applaud form handler used by the seeded form. However, you need to write your handler if you define your form. See the section, Writing a form handler.
Be cautious about changing the form too radically when re-using an Applaud form handler in your form. For example, if you remove required fields, change field Ids or change a field's type, it may result in the form handler no longer functioning correctly and could lead to corrupt data.
To define a new form:
- Navigate to Applaud Administrator: Setup: Forms: Add
- Enter the form's basic information, then define the items of the form
Once you have defined a form, you can create a form block to use that form. See creating a block.
Updating a form or its items
To update a form:
- Navigate to Applaud Administrator: Setup: Forms
- Find the form you wish to edit and then click on the Edit button against that item
You cannot modify seeded Applaud forms.
Deleting a form or form items
To delete a form or its items:
- Navigate to Applaud Administrator: Setup: Forms
- Find the form you wish to delete and then click on the Edit button
- Either hit Delete to delete the entire form, or go to form items and delete individual form items
You cannot delete seeded Applaud forms or form items.
Writing a form handler
The form handler takes the raw input from the user and does something with it - typically call an Oracle API or perform some DML operation to store this in the Oracle database.
To write a form handler, please see Form blocks.
Do not trust the user's input. Browser developer tools allow a malicious user to modify form values before submitting them. That can include but is not limited to modifying hidden fields, choosing values not available in a drop-down list, and setting invisible fields. To ensure data integrity, you should re-validate a user's input inside the form handler.
File upload security
You can restriction various aspects of file uploads:
- Who is allowed to upload files? See Upload permissions.
- The size of an uploaded file. See File size.
- The type of file that can be uploaded. See Types of files.
Upload permissions
User must be granted the permission Applaud Upload to fnd_lobs Permission (XXAS_DATA_FNDLOB_UPL) to upload attachments. This permission is included in the seeded Applaud Upload to fnd_lobs Permission Set and is by default granted to All Users.
File size
The app uses the Oracle standard profile option: Upload File Size Limit (UPLOAD_FILE_SIZE_LIMIT) to control the maximum upload size via the Upload form field.
12.2 and above users: if you find that a file upload is failing for files smaller than this profile option's setting, it may be that WebLogic is restricting this at the Application Server level. To change this, ask your Database Administrator to:
- Copy the file $FND_TOP/admin/template/security2_conf_FMW.tmp to
$FND_TOP/admin/template/custom directory
(do not override if it's already present)
- Add below line after module <IfModule security2_module>
SecRequestBodyNoFilesLimit <value in bytes>
Note: <value in bytes> should be set to 50% larger than the Upload File Size Limit profile option, allowing a larger base64 encoded file during transfer.
That is:
<value in bytes> = Upload File Size Limit * 1500 (50% larger + conversion from KB to bytes)
- Run AutoConfig
- Restart the Application Tier Services
Types of files
You have several options to control the types of files uploaded:
- Front-end app restriction limits the allowed file types on an individual form field. To do this, set the File type property to a comma-separated list of allowed MIME types. For example, application/msword,application/vnd.openxmlformats-officedocument.wordprocessingml.document, application/rtf, text/rtf, application/pdf. This can also be set in the personalization Fast Formula using MY_FIELD_FILE_TYPES = '<your comma-separated list>'.
This is not validated on the server side, so you should consider implementing server-side restrictions described in options 2 and 3 below.
- Black-list disallowed file extensions using the Application Lookup Type Applaud Exclude Attachment File Types (XXAS_EMP_EXCLUDE_FILE_TYPES). Here the Lookup Code of each Lookup Value defines the file extension to be blocked.
- White-list or blocklist file extensions using standard Oracle Attachment Security. Please refer to Security Configuration Mechanism in the Attachments Feature in Oracle E-Business Suite, Doc ID 1357849.1.