某些 Creative Cloud 应用程序、服务和功能在中国不可用。
This document concerns Adobe Campaign v6.0.x instances.
What follows can also be used for v6.1 builds until 8767 but, in this case, a build upgrade is highly recommended.
Note:
Even on the latest 6.1.1, only version 6.x (HTML 5 & Webkit HTML to PDF) is fixed. Update your web applications to this rendering engine. Otherwise, you can follow the v6.0 mitigation procedure below.
You can:
- Replace all Storage activities by your javascript code (define yourself the reconciliation keys).
- Add a Script activity before all Storage ones to do the cleanup (force reconciliation keys & operation).
You can patch two javascript server files:
- formbase.js (datakit/xtk/fra/js/server/formbase.js). Functions to patch are:
- FormBase.prototype.loadContext
- FormBase.prototype.pushActivityHistory
- FormBase.prototype.popActivityHistory
- webApp.js (/datakit/xtk/fra/js/server/webApp.js). Functions to patch are:
- PreFillActivity.prototype.checkIdentifierImpl
- PreFillActivity.prototype.loadEntityImpl
- WriterActivity.prototype.write
You can find these patches in the Extranet Download Center.
Extra protection: restrict the "webapp" operator rights (avoid deleting something else than recipient)
You can also remove administration rights from the "webapp" operator. Detailed instructions are available in the documentation:
- Create a "webapp" security group.
- Remove the ADMINISTRATION named rights from the "webapp" operator.
- Add the "webapp" operator to the "webapp" security group.
- Add the "webapp" security group for each recipient (or profile) folder which can be populated by web applications or surveys.
Or import the following package:
<package ignoreWarnings="true">
<entities schema="xtk:group">
<group label="Web Application agents" name="webapp" type="1">
<folder _operation="none" name="xtkGroup"/>
<operatorGroup>
<group _operation="none" name="webapp" type="1"/>
<operator _operation="none" name="webapp" type="0"/>
</operatorGroup>
</group>
</entities>
<entities schema="xtk:operatorGroup">
<operatorGroup _operation="delete">
<group _operation="none" name="admin" type="2"/>
<operator _operation="none" name="webapp" type="0"/>
</operatorGroup>
</entities>
<installScript>
var folders = NLWS.xtkQueryDef.create({queryDef:{
schema: "xtk:folder",
operation: "select",
select: { node: [
{expr: "@name"}, {expr: "@id"}, {expr: "@model"}
]},
where: { condition: [
{expr:"@model IN ('nmsRecipient', 'nmsVisitor', 'nmsPurl')"}
]}
}}).ExecuteQuery();
for each( folder in folders.getElements("folder") ) {
if( folder.$model == "nmsPurl" )
folderRights = "read";
else
folderRights = "read|write";
NLWS.xtkSession.Write({folder: {
id: folder.$id,
xtkschema: "xtk:folder",
_operation: "update",
rights: {
_operation:"insertOrUpdate",
propagate: "true",
rights: folderRights,
"folder-id": folder.$id,
operator: {
name: "webapp",
type: "1",
_operation: "none"
}
}
}
});
}
</installScript>
</package>
As explained in the documentation, you can also create different "webapp" operator to improve security.
Note:
If you want to allow web applications to delete recipients, you have to replace rights: "read|write" by rights: "read|write|delete" in the above package.