package kr.co.kihyun.tree; //import java.sql.ResultSet; import java.io.IOException; import java.io.PrintWriter; import java.sql.SQLException; //import javax.servlet.ServletException; //import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; //import kr.co.kihyun.lang.Encoder; import kr.co.kihyun.lang.MInteger; //import kr.co.kihyun.lang.MLong; import kr.co.kihyun.moumi.MoumiConfig; import kr.co.kihyun.db.DBManager; import kr.co.kihyun.lang.MString; import kr.co.kihyun.beans.user.HttpSSOLogin; import kr.co.kihyun.text.html.ServletUtil; import org.slf4j.Logger; import org.slf4j.LoggerFactory; public class DeptRegist extends DBManager { private static final Logger LOG = LoggerFactory.getLogger(DeptRegist.class); public DeptRegist(HttpServletRequest req,HttpServletResponse res) { String deptId=null; PrintWriter out=null; try { res.setContentType("text/html;charset=UTF-8"); out = res.getWriter(); if(!HttpSSOLogin.isLogin(req)) { String connURL = "location='/totsys/login/login.jsp';"; out.println(ServletUtil.getJavaScript(connURL)); return; } String name=MString.checkNull(req.getParameter("name"),"null"); String addr=MString.checkNull(req.getParameter("addr"),"null"); deptId=MString.checkNull(req.getParameter("id"),"null"); String phone=MString.checkNull(req.getParameter("phone"),"null"); String upperId = MString.checkNull(req.getParameter("upperId"),"null"); if(name.equals("null")) name=null; if(addr.equals("null")) addr=null; if(deptId.equals("null")) deptId=null; if(phone.equals("null")) phone=null; if(upperId.equals("null")) upperId=null; if(upperId!=null && upperId.equals("ROOT")) upperId=null; String selType = req.getParameter("selType"); if(selType==null || selType.equals("on")) selType="Y"; else selType="N"; int priority = MInteger.parseInt(req.getParameter("priority")); String location = req.getParameter("location"); if(location==null || location.equals("mnd")) location="1"; else location="2"; String sql="INSERT INTO MOUMI_DEPT (ID,NAME,ADDR,PHONE,SEL_TYPE,PRIORITY,UPPER_DEPT,LOCATION,SEQNUM,IS_OUT,SYS_AUTH,ORGAN) "; sql+="VALUES(?,?,?,?,?,?,?,?,'0','N',2,?)"; execUpdate(sql,deptId,name,addr,phone,selType,priority,upperId,location,deptId); out.println(ServletUtil.alert("새로운 데이터가 추가되었습니다.")); out.println(ServletUtil.redirect("/totsys/sysadm/dept/dept_view.jsp?reload=yes&deptID="+deptId)); //44.적절하지 않은 예외처리(광범위예외클래스)_CWE-754 Add by YOUNGJUN,CHO } catch (IOException ioex) { ioex.printStackTrace(); out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.popup.notCoporationChangeAdmin"))); out.println(ServletUtil.redirect("/totsys/sysadm/dept/empty.jsp?deptID="+deptId)); } catch (SQLException sqlex) { sqlex.printStackTrace(); out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.popup.notCoporationChangeAdmin"))); out.println(ServletUtil.redirect("/totsys/sysadm/dept/empty.jsp?deptID="+deptId)); //++++++++++++++++++++++++++++++++++++++++++++++++ } catch (Exception e) { e.printStackTrace(); out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.popup.notCoporationChangeAdmin"))); //v2. 9.크로스사이트 스크립트 (PrintWrier) : Update by KWON,HAN // out.println(ServletUtil.redirect("/totsys/sysadm/dept/empty.jsp?deptID="+deptId)); // 수정 : 외부 입력값 필터링 String callbackFunc = "/totsys/sysadm/dept/empty.jsp?deptID="+deptId; String filtered_callbackFunc = callbackFunc.replaceAll("<","").replaceAll(">","").replaceAll("&","").replaceAll(",",""); LOG.debug("v2 9.크로스사이트 스크립트 (PrintWrier) : DeptRegist.DeptRegist() filtered_callbackFunc={}, Not Test", filtered_callbackFunc); out.println(ServletUtil.redirect(filtered_callbackFunc)); //======================================== } finally { execClose(); } } }