/************************************************************************************************* * 프로그램명 : HttpAcptDocUpdate.java 프로그램설명 : 연계등록 취소 작성자 : 작성일 : 변경일 : **************************************************************************************************/ package kr.co.kihyun.beans.totsys.repoper; import java.io.IOException; import java.io.PrintWriter; //import java.util.Date; import javax.jdo.PersistenceManager; import javax.jdo.Transaction; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; //import kr.co.kihyun.beans.entity.TotDoc; import kr.co.kihyun.beans.entity.TotReport; import kr.co.kihyun.beans.entity.TotReportProcess; import kr.co.kihyun.beans.entity.util.MPersistenceManager; import kr.co.kihyun.beans.entity.util.*; import kr.co.kihyun.beans.user.HttpSSOLogin; //import kr.co.kihyun.lang.MInteger; import kr.co.kihyun.lang.MLong; import kr.co.kihyun.lang.MString; import kr.co.kihyun.moumi.MoumiConfig; //import kr.co.kihyun.moumi.report.MReport; import kr.co.kihyun.text.html.ServletUtil; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @WebServlet("/servlet/kr.co.kihyun.beans.totsys.repoper.HttpAcptDocUpdate") public class HttpAcptDocUpdate extends HttpServlet { /** * */ private static final long serialVersionUID = 1L; private static final Logger LOG = LoggerFactory.getLogger(HttpAcptDocUpdate.class); public void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { res.setContentType("text/html;charset=UTF-8"); PrintWriter out = res.getWriter(); HttpSession session = req.getSession(true); /*********** User HttpLogin check ***********/ if (!HttpSSOLogin.isLogin(req)) { String connURL = "location='/totsys/login/login.jsp';"; out.println(ServletUtil.getJavaScript(connURL)); return; } /********** session내의 userId **********/ String usID = HttpSSOLogin.getLoginID(req); /********** parameter value **********/ Long reportID = MLong.parseLong(req.getParameter("reportID"), null); String callbackFunc = MString.checkNull(req.getParameter("callbackFunc")); PersistenceManager pm = new MPersistenceManager(PMF.get().getPersistenceManager()); Transaction tx = pm.currentTransaction(); try { tx.begin(); TotReport totReport = pm.getObjectById(TotReport.class, reportID); totReport.setSlaveTotDoc(null); totReport.setProcess(TotReportProcess.ACCEPT); totReport.setUser(null); pm.makePersistent(totReport); tx.commit(); if( MString.isNull(callbackFunc) ) { out.println(ServletUtil .getJavaScript("document.location.replace('/totsys/repoper/mydocbox/returnbox/report_list.jsp')")); }else{ out.println(ServletUtil.getJavaScript(callbackFunc)); } } catch (Exception ex) { LOG.error(TotReportProcess.COMP + "{}, {}, {}", new Object[] { usID, req.getRemoteAddr(), reportID }); out.println(ServletUtil.alert(TotReportProcess.COMP + MoumiConfig.getMessageBundle().getString("moumi.message.popup.failTryAgain"))); //v2. 9.크로스사이트 스크립트 (PrintWrier) : Update by KWON,HAN // out.println(ServletUtil.getJavaScript("history.back();")); // 수정 : 외부 입력값 필터링 String callbackFunc2 = "history.back();"; String filtered_callbackFunc2 = callbackFunc2.replaceAll("<","").replaceAll(">","").replaceAll("&","").replaceAll(",",""); LOG.debug("v2 9.크로스사이트 스크립트 (PrintWrier) : HttpAcptDocUpdate.doPost() filtered_callbackFunc2={}, Not Test", filtered_callbackFunc2); out.println(ServletUtil.getJavaScript(filtered_callbackFunc2)); //============================================================ ex.printStackTrace(); } finally { if (tx.isActive()) tx.rollback(); pm.close(); } } }