KnuGit/webapps/totsys/sysadm/org/file_upload.jsp

<%@ page contentType="text/html; charset=UTF-8"
	import="kr.co.kihyun.beans.user.HttpSSOLogin"
	import="kr.co.kihyun.text.html.ServletUtil"
	import="java.net.URLEncoder" import="kr.co.kihyun.moumi.Moumi"
	import="kr.co.kihyun.lang.Encoder" import="kr.co.kihyun.lang.MString"
	import="java.io.File" import="java.io.FileReader"
	import="java.io.BufferedReader"%>

<%@ include file="/totsys/common/inc/sec/secure.inc.jsp"%>

<%
try{
	/*********** User HttpSSOLogin check ***********/
	if(!HttpSSOLogin.isLogin(request)){
		//login 성공후 되돌아올 주소
		String connURL="opener.location='/totsys/login/login.jsp';";
		out.println(ServletUtil.getJavaScript(connURL));
		out.println(ServletUtil.getJavaScript("window.close();"));
		return;
	}

	/********** session내의 userId **********/
	String usID = HttpSSOLogin.getLoginID(request);

	/****** Parameter ******/
	String boardGroupID = "";
	String strPage = "";
	String findOption = "";
	String findWord = "";
	String mode = "";
	
	boardGroupID  = clearXSS(request.getParameter("boardGroupID"),"");
	strPage  = clearXSS(request.getParameter("strPage"),"");
	findOption  = clearXSS(request.getParameter("findOption"),"");
	findWord  = clearXSS(request.getParameter("findWord"),"");
	mode = clearXSS(request.getParameter("mode"),"");
	
	String usrFilenames = clearXSS(Encoder.toJava(MString.checkNull(request.getParameter("usrFilenames"))),"");
	String svrFilenames = clearXSS(Encoder.toJava(MString.checkNull(request.getParameter("svrFilenames"))),"");
	
	String[] usrFileNameList = null;
	String[] svrFileNameList = null;
	
	usrFileNameList = usrFilenames.split(";");
	svrFileNameList = svrFilenames.split(";");

	String dirPath = URLEncoder.encode("<a href=\"/totsys/sysadm/qaboard/board_list.jsp\" class=\"d11_blue\">"+Moumi.getMessageBundle().getString("moumi.message.tot_doc.notice")+"</a>", "UTF-8");
	session.setAttribute("writeTargetURI","location='/totsys/sysadm/qaboard/board_list.jsp?strPage=" + strPage + "&findOption=" +findOption+ "&boardGroupID=" +boardGroupID+ "&findWord=" + findWord +"'");
	
	//File file = new File(Moumi.getCsvFileRoot()+"user.csv");
	//file.delete();
%>

<HTML>
<HEAD>
<TITLE><%=Moumi.getTitle()%></TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8">
<link rel="stylesheet" href="/totsys/common/css/text.css"
	type="text/css">
<script src="/totsys/common/js/rollover.js"></script>
<link rel="stylesheet" href="/totsys/common/css/kecttep.css"
	type="text/css">
<script language="javascript">
			num = 0;
			usrFilenames = "";
	  		svrFilenames = "";
	  		fileInfos = "";
	  		userFilePath = "";

			function checkFile(Filename, Filename2){
				frm = document.multiUpload;
				mkFileList(Filename, Filename2, 'add');
				num++;
				frm.fileCount.value = num;
			}

			function mkFileList(Filename, Filename2, size, mode) {
				var tmpSvrFilenames = "";
				var tmpUsrFilenames = "";
				var tmpFileInfos = "";
				//var nList4 = "";

				if (!mode){
					mode = "add";
				}

				subFilename = Filename;
				subFilename2 = cut_str( 1, Filename2, "/");
				subinfo = size;

				usrFilenameList = usrFilenames.split(";", num);
				svrFilenameList = svrFilenames.split(";", num);
				fileInfoList = fileInfos.split(";", num);

				if (mode == "add") {
					if (svrFilenames && usrFilenames) {
						for (i=0; i<num; i++) {
							tmpSvrFilenames += svrFilenameList[i] + ";";
							tmpUsrFilenames += usrFilenameList[i] + ";";
							tmpFileInfos += fileInfoList[i] + ";";
						}
						tmpSvrFilenames += subFilename;
						tmpUsrFilenames += subFilename2;
						tmpFileInfos += subinfo;
					} else {
						tmpSvrFilenames = subFilename;
						tmpUsrFilenames = subFilename2;
						tmpFileInfos = subinfo;
					}
				} else {
					for (i=0; i<num; i++) {
						if (subFilename == svrFilenameList[i])
							continue;
						else {
							tmpSvrFilenames += svrFilenameList[i] + ";";
							tmpUsrFilenames += usrFilenameList[i] + ";";
							tmpFileInfos += fileInfoList[i] + ";";
						}
					}
				}
				usrFilenames = tmpUsrFilenames;
				svrFilenames = tmpSvrFilenames;
				fileInfos = tmpFileInfos;
			}

			function cut_str( state, value, separator ) {
				if (!separator){
					separator = ".";
				}
				if ( state == 0 ){
					return value.substring(0, value.lastIndexOf(separator));
				}
				if ( state == 1 ){
					return value.substring(value.lastIndexOf(separator)+1, value.length );
				}
			}

			function delFrm() {
				var list = document.subUpload.delFrm.fileList;
				var a = list.options[list.selectedIndex].value;
				var no = -1;

				usrFilenameList = usrFilenames.split(";", num);
				svrFilenameList = svrFilenames.split(";", num);

				for(i=0; i<num; i++) {
					if (a == svrFilenameList[i]) {
						no = i;
						mkFileList(svrFilenameList[i], usrFilenameList[i], 0,"delete");
					}
				}
				if (no != -1) {
					frm = document.multiUpload;

					dname = "uForm_" + no;

					if (num > 0){
						num--;
					}
					frm2 = document.subUpload.delFrm;
					frm2.submit();
				}
			}

			function ProcKeyDown() {
				keyPressed = String.fromCharCode(window.event.keyCode);
				if ((keyPressed == "/r") || (keyPressed == "/n")){
				}
			}

			function checkForm(mode){
				var frm = document.multiUpload;
				/*frm.fileCount.value = num;
				frm.usrFilenames.value = usrFilenames;
				frm.svrFilenames.value = svrFilenames;
				frm.fileInfos.value = fileInfos;*/
				if(mode == "start"){
					if(frm.fileCount.value == 0){
						alert('<%=Moumi.getMessageBundle().getString("moumi.message.popup.attachFileRestart")%>');
						return;
					}else{
						if(viewPage.insertPersonData.error.value == "true"){
							alert('<%=Moumi.getMessageBundle().getString("moumi.message.popup.redDeptCh")%>');
							return;
						}else{
							frm.fileName.value = viewPage.insertPersonData.fileName.value;
							frm.mode.value = "start";
							frm.submit();
						}
					}
				}else{
					if(frm.fileCount.value == 0){
						self.close();
					}else{
						frm.fileName.value = viewPage.insertPersonData.fileName.value;
						frm.mode.value = "delete";
						frm.submit();
					}
				}
			}
		</script>

</HEAD>

<body style='' BGCOLOR=#FFFFFF LEFTMARGIN=0 TOPMARGIN=0 MARGINWIDTH=0
	MARGINHEIGHT=0>
<table width="100%" height="70" border="0" cellpadding="0"
	cellspacing="0">
	<!---- top menu 시작 ---->
	<jsp:include page="/totsys/common/inc/sysadm/top/top.jsp" flush="true">
		<jsp:param name="dirPath" value="<%= dirPath %>" />
	</jsp:include>
	<!---- top menu  끝 ---->
	<tr>
		<td nowrap width="0"></td>
		<td valign="top">
		<table width="100%" border="0" cellspacing="0" cellpadding="0">
			<jsp:include page="/totsys/common/inc/title/title.jsp" flush="true" />
			<tr>
				<td height="31" valign="top"><iframe
					src="./file_view.jsp?mode=<%= mode %>" name='viewPage' width="100%"
					frameborder=0 scrolling=yes marginheight=0 marginwidth=2
					height="600"></iframe></td>
			</tr>
			<tr>
				<td height="10"></td>
			</tr>
			<tr>
				<td height="31" valign="top">
				<table border="1px" class="kecttep_list_table" bordercolor="#e3e3e3"
					width="100%" cellpadding="0" cellspacing="0">
					<FORM name="multiUpload"
						action="/servlet/kr.co.kihyun.beans.totsys.sysadm.input.HttpUserRegister"
						method="post"><INPUT type="hidden" name="userID"
						value="<%= usID %>"> <INPUT type="hidden"
						name="boardGroupID" value="<%= boardGroupID %>"> <INPUT
						type="hidden" name="fileCount"
						value="<%=MString.isNull(usrFileNameList[0]) == true? 0: usrFileNameList.length%>">
					<INPUT type="hidden" name="usrFilenames"
						value="<%= usrFilenames %>"> <INPUT type="hidden"
						name="svrFilenames" value="<%= svrFilenames %>"> <INPUT
						type="hidden" name="fileInfos"> <INPUT type="hidden"
						name="mode"> <INPUT type="hidden" name="fileName">
					<tr valign="top">
						<td class="kecttep_list_tdmenu" width="120" valign="middle"><img
							src="/totsys/common/images/reg_icon.gif" align="absmiddle"><%=Moumi.getMessageBundle().getString("moumi.message.tot_doc.relationDoc")%><%=Moumi.getMessageBundle().getString("moumi.message.tot_doc.add")%></td>
						<td class="kecttep_list_graytd" valign=top><iframe
							src="/totsys/common/inc/board/doc/write_file_upload.jsp?boardGroupID=<%=boardGroupID%>&execMode=init&mode=csv&svrFilename<%= svrFilenames %>&usrFilename<%=usrFilenames %>"
							name='subUpload' width="100%" frameborder=0 scrolling=no
							marginheight=0 marginwidth=2 height="45"></iframe></td>
					</tr>
					</FORM>
				</table>
				</td>
			</tr>
			<tr>
				<td height="10"></td>
			</tr>
			<tr>
				<td>
				<table border="0" cellspacing="0" cellpadding="0" align="center">
					<!----  버튼 (확인, 취소) ---->
					<tr>
						<td height="10"><a href="#"
							onclick="javascript:checkForm('start');"><img name="bt_enter"
							border="0" src="../board/images/bt_enter.gif"></a></td>
						<td width="10">&nbsp;</td>
						<td height="10"><a href="#"
							onclick="javascript:checkForm('delete');"><img
							name="bt_cancel3.gif" border="0"
							src="../board/images/bt_cancel3.gif"></a></td>
					</tr>
				</table>
				</td>
			</tr>
		</table>
		</td>
		<td nowrap width="10">&nbsp;</td>
	</tr>
	<!------------------------------- top menu start ------------------------------->
	<%@ include file="/totsys/common/inc/buttom/buttom.jsp"%>
	<!------------------------------- top menu end ------------------------------->
</table>
</BODY>
</HTML>
<%
}catch(Exception ex){
        //38.오류메세지를 통한 정보 노출(getMessage)_CWE-209 : Update by YOUNGJUN,CHO
        ex.printStackTrace();
	//out.println(ex);//앤개
	//out.println("<html><body style='overflow=auto' bgcolor='white'><h1>Can't contact servlet runner</h1><br><br>Message : "+ex.getMessage()+"</body></html>");
	//out.println("<META HTTP-EQUIV='refresh' CONTENT='0.1; URL=/error/exception.jsp'>");
        //================================================
}finally{
}
%>