1 Reply Latest reply on Jun 13, 2018 10:49 PM by Pavel_p

    Bug report - Classic report download


      See https://apex.oracle.com/pls/apex/f?p=134181:22


      Classic report region with Function Body returning SQL query. 



      q varchar2(32767);


        /* Build query using complex logic, page item values, etc */

      htp.p('<!-- @@QUERY: '||q||'-->');

      return q;



      The page output contains the SQL query as a HTML comment in the markup to help with troubleshooting.


      This works fine in APEX 5.1 but in APEX 18.1 we see that the report CSV download contains the HTML comment before the report output!


      Is there a way to fix this other than changing the function body to stop emitting the HTML comment and maybe storing it in a hidden page item instead? I want to avoid this since it involves changing a bunch of report regions!


      Any ideas?



        • 1. Re: Bug report - Classic report download


          I'm not sure if it's a good idea in general to expose SQL queries to end users, so no matter if this is a "bug" or not, maybe it's worth the effort to review your entire app and replace

          htp.p('<!-- @@QUERY: '||q||'-->');

          with something like

          apex_debug.message('@@QUERY: %s', q);

          That's what debugging messages are good for after all... Problem solved and as an added bonus you will get rid of a potential security vulnerability.



          1 person found this helpful