<%@ page contentType="text/html; charset=euc-kr" import="kr.co.kihyun.beans.user.HttpSSOLogin" import="kr.co.kihyun.text.html.ServletUtil" import="java.net.URLEncoder" import="kr.co.kihyun.moumi.Moumi" import="kr.co.kihyun.lang.Encoder" import="kr.co.kihyun.lang.MString" import="java.io.File" import="java.io.FileReader" import="java.io.BufferedReader"%> <%@ include file="/totsys/common/inc/sec/secure.inc.jsp"%> <% try{ /*********** User HttpSSOLogin check ***********/ if(!HttpSSOLogin.isLogin(request)){ //login ¼º°øÈÄ µÇµ¹¾Æ¿Ã ÁÖ¼Ò String connURL="opener.location='/totsys/login/login.jsp';"; out.println(ServletUtil.getJavaScript(connURL)); out.println(ServletUtil.getJavaScript("window.close();")); return; } /********** session³»ÀÇ userId **********/ String usID = HttpSSOLogin.getLoginID(request); /****** Parameter ******/ String mode = ""; mode = clearXSS(request.getParameter("mode"),""); String fileName = MString.checkNull(request.getParameter("fileName")); String dirPath = URLEncoder.encode(""+Moumi.getMessageBundle().getString("moumi.message.tot_doc.notice")+"", "UTF-8"); File file = null; //25.µð·ºÅ丮 °æ·Î Á¶ÀÛ(BufferedReader)_CWE-22/23 : Add by KWON,HAN //29.µð·ºÅ丮 °æ·Î Á¶ÀÛ(getParameter)_CWE-22/23 : Add by KWON,HAN // Ư¼ö¹®ÀÚ¿­ Æ÷ÇÔ¿©ºÎ üũ if(fileName.contains("..") || fileName. contains("/")) { out.println(""); return; } //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ if(MString.isNull(fileName)){ file = new File(Moumi.getRoot().getPath()+System.getProperty("file.separator")+"user.csv"); }else{ //v2.15.new FileÀ» ÅëÇÑ ÀÓÀÇ ÆÄÀÏ ´Ù¿î·Îµå : Add by KWON,HAN //ºñ°í : ÀÌÀü¿¡ ÇØ°áÃ¥¿¡ µû¶ó Àû¿ëÇÏ¿´Áö¸¸ ´Ù½Ã Ãë¾àÁ¡À» ÆÇÁ¤µÇ¾î if¹®Àå Áß¿¡¼­ else¹®¿¡ ÇØ°áÃ¥À» Àû¿ëÇÔ if(fileName.contains("..") || fileName. contains("/")) { out.println(""); return; } //+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ file = new File(Moumi.getCsvFileRoot().getPath()+System.getProperty("file.separator")+fileName); } if(!file.exists()) return; FileReader fr = new FileReader(file); // À§¿¡¼­ Ư¼ö¹®ÀÚ(../)µîÀÌ ÀÔ·Â °ª¿¡ Æ÷ÇԵǾî ÀÖ´ÂÁö¸¦ °Ë»çÇÕ´Ï´Ù. BufferedReader br = new BufferedReader(fr); String user = ""; boolean error = false; %> <%@page import="kr.co.kihyun.lang.MLong"%> <%@page import="kr.co.kihyun.beans.user.Dept"%> <%=Moumi.getTitle()%>
<% for(user = br.readLine(); user != null; user = br.readLine()){ if(user.equals("") || user==null) break; String[] user_Cnvt = user.split(","); %> <%for(int i=0; i < user_Cnvt.length; i++){%> <%}%> <%}%>
<%=Moumi.getMessageBundle().getString("moumi.message.tot_doc.user")%> ID <%=Moumi.getMessageBundle().getString("moumi.message.tot_doc.password")%> <%=Moumi.getMessageBundle().getString("moumi.message.tot_doc.user")%> <%=Moumi.getMessageBundle().getString("moumi.message.tot_doc.userName")%> <%=Moumi.getMessageBundle().getString("moumi.message.tot_doc.reached")%> E-Mail <%=Moumi.getMessageBundle().getString("moumi.message.tot_doc.position")%> <%=Moumi.getMessageBundle().getString("moumi.message.tot_doc.rank")%> <%=Moumi.getMessageBundle().getString("moumi.message.tot_doc.devision")%>ID
bgcolor="red" <%}else if(user_Cnvt.length == 8 && new Dept().getName(user_Cnvt[7]).equals("")){ error = true;%> bgcolor="red" <%}%>>  <%= MString.checkNull(user_Cnvt[i].trim())%>
<%=Moumi.getMessageBundle().getString("moumi.message.tot_doc.csv")%><%=Moumi.getMessageBundle().getString("moumi.message.tot_doc.exFile")%> <%=Moumi.getMessageBundle().getString("moumi.message.tot_doc.exFileOpen")%>
<%@ include file="/totsys/common/inc/buttom/buttom.jsp"%> <% }catch(Exception ex){ //38.¿À·ù¸Þ¼¼Áö¸¦ ÅëÇÑ Á¤º¸ ³ëÃâ(getMessage)_CWE-209 : Update by YOUNGJUN,CHO ex.printStackTrace(); //out.println(ex);//¾Ø°³ //out.println("

Can't contact servlet runner



Message : "+ex.getMessage()+""); //out.println(""); //================================================ }finally{ } %>