jskim
/
moumiKnu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
knu project
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
69 MiB
 
 
 
 
 
 
Tag: Branch: Tree: main
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
moumiKnu/src_bak/kr/co/kihyun/beans/totsys/board/HttpBoardModify.java

165 lines
6.7 KiB
Raw Permalink Blame History

/*************************************************************************************************
* 프로그램명 : HttpReportRegist.java 프로그램설명 : 집계 문서에대한 보고자 보고 또는 보고자 자료 변경에 사용 작성자 : 강원중 작성일 : 2004.01.12 변경일 : 2003.11.30
**************************************************************************************************/
package kr.co.kihyun.beans.totsys.board;
import java.io.IOException;
import java.io.PrintWriter;
import javax.jdo.PersistenceManager;
import javax.jdo.Transaction;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import kr.co.kihyun.beans.entity.Category;
import kr.co.kihyun.beans.entity.util.*;
import kr.co.kihyun.beans.user.HttpSSOLogin;
import kr.co.kihyun.db.DBManager;
import kr.co.kihyun.io.FileUtil;
import kr.co.kihyun.lang.Encoder;
import kr.co.kihyun.lang.MInteger;
import kr.co.kihyun.lang.MLong;
import kr.co.kihyun.lang.MString;
import kr.co.kihyun.moumi.MoumiConfig;
import kr.co.kihyun.text.html.ServletUtil;
import kr.co.kihyun.text.html.TagFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@WebServlet("/servlet/kr.co.kihyun.beans.totsys.board.HttpBoardModify")
public class HttpBoardModify extends HttpServlet {
private static final Logger LOG = LoggerFactory
.getLogger(HttpBoardModify.class);
/**
*
*/
private static final long serialVersionUID = 1L;
public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
doPost(req, res);
}
public void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
res.setContentType("text/html;charset=UTF-8");
PrintWriter out = res.getWriter();
HttpSession session = req.getSession(true);
try {
/*********** User HttpLogin check ***********/
if (!HttpSSOLogin.isLogin(req)) {
String connURL = "location='/totsys/login/login.jsp';";
out.println(ServletUtil.getJavaScript(connURL));
return;
}
String usID = HttpSSOLogin.getLoginID(req);
/********** parameter value **********/
String userID = Encoder.toJava(req.getParameter("userID"));
String title = Encoder.toJava(req.getParameter("title"));
// 게시판 글 수정시 제목도 특수기호를 치환하도록 수정. 2014.12.10 by YOUNGJUN,CHO
title = TagFilter.convertMeta(title);
String contents = Encoder.toJava(req.getParameter("contents"));
contents = TagFilter.convertMeta(contents);
Long boardID = MLong.parseLong(req.getParameter("boardID"), null);
Long id = MLong.parseLong(req.getParameter("id"), null);
int fileCount = MInteger.parseInt(req.getParameter("fileCount"));
String usrFilenames = Encoder.toJava(req.getParameter("usrFilenames"));
String svrFilenames = Encoder.toJava(req.getParameter("svrFilenames"));
String checkPopup = req.getParameter("checkPopup");
String callbackFunc = req.getParameter("callbackFunc");
String returnURL = "";
PersistenceManager pm = new MPersistenceManager(PMF.get().getPersistenceManager());
Transaction tx = pm.currentTransaction();
try {
tx.begin();
kr.co.kihyun.beans.entity.Board mBoard = pm.getObjectById(kr.co.kihyun.beans.entity.Board.class, boardID);
if (!mBoard.getUser(pm).getId().equals(usID) && HttpSSOLogin.getSysAuth(req) != MoumiConfig.SYSADM) {
out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.popup.commonWay")));
returnURL = "document.location.replace('/totsys/sysadm/board/board_list.jsp?boardGroupID=" + mBoard.getCategory().getId() + "')";
} else {
mBoard.setTitle(title);
mBoard.setContents(contents);
if ("Y".equals(checkPopup)){
mBoard.setPopupYn("Y");
}else{
mBoard.setPopupYn("N");
}
pm.makePersistent(mBoard);
tx.commit();
FileUtil.putInFiles(svrFilenames, mBoard);
out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.popup.alter")));
if (mBoard.getCategory().equals(Category.ID_TOT_DOC_COMMENT)) {
returnURL = (String) session.getAttribute("modifyTargetURI");
out.println(ServletUtil.getJavaScript(returnURL));
out.println(ServletUtil.getJavaScript("window.close();"));
out.println(ServletUtil.getJavaScript("parent.opener.window.close();"));
} else {
if (id == null){
returnURL = "document.location.replace('/totsys/sysadm/board/board_view.jsp?boardID=" + boardID + "')";
} else {
returnURL = "document.location.replace('/totsys/sysadm/board/board_view.jsp?boardID=" + id + "')";
}
if (MString.isNull(callbackFunc)) {
out.println(ServletUtil.getJavaScript(returnURL));
} else {
// v2. 9.크로스사이트 스크립트 (PrintWrier) : Update by
// KWON,HAN
// out.println(ServletUtil.getJavaScript(callbackFunc));
// 수정 : 외부 입력값 필터링
String filtered_callbackFunc = callbackFunc.replaceAll("<", "").replaceAll(">", "").replaceAll("&", "").replaceAll(",", "");
LOG.debug("v2 9.크로스사이트 스크립트 (PrintWrier) : HttpBoardModify.doPost() filtered_callbackFunc={}, Not Test", filtered_callbackFunc);
out.println(ServletUtil.getJavaScript(filtered_callbackFunc));
// ============================================================
}
}
}
// 44.적절하지 않은 예외처리(광범위예외클래스)_CWE-754 : Update by YOUNGJUN,CHO
} catch (IOException ioex) {
ioex.printStackTrace();
// ================================================
} catch (Exception ex) {
out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.popup.alterFail")));
// v2. 9.크로스사이트 스크립트 (PrintWrier) : Update by KWON,HAN
// out.println(ServletUtil.getJavaScript("history.go(-1);"));
// 수정 : 외부 입력값 필터링
String filtered_callbackFunc = "history.go(-1);";
filtered_callbackFunc = filtered_callbackFunc.replaceAll("<", "").replaceAll(">", "").replaceAll("&", "").replaceAll(",", "");
LOG.debug("v2 9.크로스사이트 스크립트 (PrintWrier) : HttpBoardModify.doPost() filtered_callbackFunc={}, Not Test", filtered_callbackFunc);
out.println(ServletUtil.getJavaScript(filtered_callbackFunc));
// ============================================================
ex.printStackTrace();
} finally {
if (tx.isActive())
tx.rollback();
pm.close();
}
// 업데이트시 파일도 업데이트
FileUtil.getBoardAttachmentsFileNames(boardID, req, true);
} catch (Exception ex) {
ex.printStackTrace();
}
}
}