<% /********************************************************************************** 프로그램명 : part_view.jsp 프로그램설명 : 작 성 자 : 조용준 작 성 일 : 04.06.10 최신변경일 : ***********************************************************************************/ %> <%@ page contentType="text/html; charset=UTF-8"%> <%@ page import="kr.co.kihyun.beans.user.HttpSSOLogin"%> <%@ page import="kr.co.kihyun.beans.totsys.sysadm.part.PartUtil"%> <%@ page import="kr.co.kihyun.text.html.ServletUtil"%> <%@ page import="kr.co.kihyun.lang.Encoder"%> <%@ page import="kr.co.kihyun.moumi.Moumi"%> <%@ page import="kr.co.kihyun.lang.MString"%> <%@ page import="java.net.URLEncoder"%> <%@ include file="/totsys/common/inc/sec/secure.inc.jsp"%> <% try{ /***** user Login check *****************/ if(!HttpSSOLogin.isLogin(request)){ String connURL="parent.location='/totsys/login/login.jsp';"; out.println(ServletUtil.getJavaScript(connURL)); return; } /********** session내의 userId **********/ String usID = ""; usID = HttpSSOLogin.getLoginID(request); /****** Parameter ******/ String partID = ""; String findOption = ""; String findWord = ""; String dirPath = URLEncoder.encode("기관관리", "UTF-8"); String uri = URLEncoder.encode("./part_list.jsp?findOption="+findOption+"&findWord="+findWord, "UTF-8"); partID = clearXSS(request.getParameter("partID"),""); /****** part view data get ******/ String name = ""; String sysAuth = ""; String des = ""; String upperID = ""; //v2. 13.SQL 삽입 : partView.executeQuery()에서 prepare SQL 문으로 되어 있다. partView.executeQuery(partID); //================= name = partView.getName(); sysAuth = partView.getSysAuth(); des = partView.getDes(); upperID = partView.getUpperID(); if(des==null) des=""; %> <%=Moumi.getTitle()%> <%@ include file="/totsys/common/inc/buttom/buttom.jsp"%>

기관 ID	<%=partID%>
기관명	<%=name%>
기관권한	<%=PartUtil.getPartAuth(sysAuth)%>
상위부서	<%=partView.getUpperName(upperID)%>
설명	<% out.println(MString.checkNull(MString.replaceString(des,"\r\n"," "))); %>

<% }catch(Exception ex){ //38.오류메세지를 통한 정보 노출(getMessage)_CWE-209 : Update by YOUNGJUN,CHO ex.printStackTrace(); //out.println(ex); //out.println("

Can't contact servlet runner

Message : "+ex.getMessage()+""); //out.println(""); //================================================ }finally{ } %>