/************************************************************************************************* * 프로그램명 : HttpDocCancle.java 프로그램설명 : 집계취소 파라미터 작성자 : 작성일 : 변경일 : **************************************************************************************************/ package kr.co.kihyun.beans.totsys.repoadm; import java.io.IOException; import java.io.PrintWriter; import javax.jdo.PersistenceManager; import javax.jdo.Transaction; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import kr.co.kihyun.beans.entity.Recog; import kr.co.kihyun.beans.entity.TotDocType; import kr.co.kihyun.beans.entity.TotReport; import kr.co.kihyun.beans.entity.TotReportProcess; import kr.co.kihyun.beans.entity.util.*; import kr.co.kihyun.beans.user.HttpSSOLogin; import kr.co.kihyun.lang.MLong; import kr.co.kihyun.lang.MString; import kr.co.kihyun.moumi.MoumiConfig; import kr.co.kihyun.text.html.ServletUtil; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @WebServlet("/servlet/kr.co.kihyun.beans.totsys.repoadm.HttpRecogSet") public class HttpRecogSet extends HttpServlet { private static final long serialVersionUID = -3115363713832399885L; private static final Logger LOG = LoggerFactory.getLogger(HttpRecogSet.class); public void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { res.setContentType("text/html;charset=UTF-8"); PrintWriter out = res.getWriter(); /*********** User HttpSSOLogin check ***********/ if(!HttpSSOLogin.isLogin(req)){ String connURL="location='/totsys/login/login.jsp';"; out.println(ServletUtil.getJavaScript(connURL)); return; } String usID = HttpSSOLogin.getLoginID(req); int sysAuth = HttpSSOLogin.getSysAuth(req); Long reportID = MLong.parseLong(req.getParameter("reportID")); String reportType = MString.checkNull(req.getParameter("reportType")); TotReport totReport = null; PersistenceManager pm = new MPersistenceManager(PMF.get().getPersistenceManager()); Transaction tx = pm.currentTransaction(); try { tx.begin(); totReport = pm.getObjectById(TotReport.class, reportID); if (sysAuth == MoumiConfig.TOTPER && !usID.equals(totReport.getUser(pm).getId())) { out.println(ServletUtil.alert(TotDocType.TOT_DOC + " " + MoumiConfig.getMessageBundle().getString("moumi.message.popup.upFail"))); out.println(ServletUtil .getJavaScript("document.location='/totsys/repoper/mydocbox/tempbox/report_list.jsp?reportType=" + reportType + "';")); return; } totReport.setRecog(Recog.PRSS); totReport.setProcess(TotReportProcess.APPROVE); totReport.setCurrentRepoadm(totReport.getRepoadms().get(0)); pm.makePersistent(totReport); tx.commit(); out.println(ServletUtil.alert(TotDocType.TOT_DOC + " " + MoumiConfig.getMessageBundle().getString("moumi.message.popup.upSuccess"))); out.println(ServletUtil .getJavaScript("document.location='/totsys/repoper/mydocbox/tempbox/report_view.jsp?reportID=" + reportID + "&totperInfo=true&reportType=" + reportType + "';")); } catch (Exception e) { e.printStackTrace(); out.println(ServletUtil.alert(TotDocType.TOT_DOC + " " + MoumiConfig.getMessageBundle().getString("moumi.message.popup.upFail"))); //v2. 9.크로스사이트 스크립트 (PrintWrier) : Update by KWON,HAN // out.println(ServletUtil // .getJavaScript("document.location='/totsys/repoper/mydocbox/tempbox/report_view.jsp?reportID=" // + reportID + "&totperInfo=true&reportType=" + reportType + "';")); // 수정 : 외부 입력값 필터링 String callbackFunc = "document.location='/totsys/repoper/mydocbox/tempbox/report_view.jsp?reportID=" + reportID + "&totperInfo=true&reportType=" + reportType + "';"; String filtered_callbackFunc = callbackFunc.replaceAll("<","").replaceAll(">",""); LOG.debug("v2 9.크로스사이트 스크립트 (PrintWrier) : HttpRecogSet.doPost() filtered_callbackFunc={}, Not Test", filtered_callbackFunc); out.println(ServletUtil.getJavaScript(filtered_callbackFunc)); //============================================================ } finally { if(tx.isActive()) tx.rollback(); pm.close(); } } }