moumiKnu/src_bak/kr/co/kihyun/tree/DeptModify.java

package kr.co.kihyun.tree;

//import java.sql.ResultSet;
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.SQLException;
//import javax.servlet.ServletException;
//import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
//import kr.co.kihyun.lang.Encoder;
import kr.co.kihyun.lang.MInteger;
//import kr.co.kihyun.lang.MLong;
import kr.co.kihyun.moumi.MoumiConfig;
import kr.co.kihyun.db.DBManager;
import kr.co.kihyun.lang.MString;
import kr.co.kihyun.beans.user.HttpSSOLogin;
import kr.co.kihyun.text.html.ServletUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class DeptModify extends DBManager
{
    private static final Logger LOG = LoggerFactory.getLogger(DeptModify.class);
    
	public DeptModify(HttpServletRequest req,HttpServletResponse res)
	{
		String oldId=null;
		PrintWriter out=null;
		try
		{
			res.setContentType("text/html;charset=UTF-8");
			out = res.getWriter();
    	if(!HttpSSOLogin.isLogin(req))
			{
				String connURL = "location='/totsys/login/login.jsp';";
				out.println(ServletUtil.getJavaScript(connURL));
				return;
			}
			oldId=MString.checkNull(req.getParameter("oldID"),"null");
			String name=MString.checkNull(req.getParameter("name"),"null");
			String addr=MString.checkNull(req.getParameter("addr"),"null");
			String phone=MString.checkNull(req.getParameter("phone"),"null");
    	String upperId=MString.checkNull(req.getParameter("upperId"),"null");
			if(name.equals("null")) name=null;   if(addr.equals("null")) addr=null;
			if(phone.equals("null")) phone=null; if(upperId.equals("null")) upperId=null;
			if(upperId!=null && upperId.equals("ROOT")) upperId=null;
    	String selType=req.getParameter("selType");
			if(selType==null || selType.equals("on")) selType="Y";
			else selType="N";
    	int priority=MInteger.parseInt(req.getParameter("priority"));
    	String location=req.getParameter("location");
			if(location==null || location.equals("mnd")) location="1";
			else location="2";
			String sql="UPDATE MOUMI_DEPT SET NAME=?,ADDR=?,PHONE=?,PRIORITY=?,";
			sql+="SEL_TYPE=?,LOCATION=? WHERE ID=?";
			execUpdate(sql,name,addr,phone,priority,selType,location,oldId);
			out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.popup.coporationChange")));
			out.println(ServletUtil.redirect("/totsys/sysadm/dept/dept_view.jsp?reload=yes&deptID="+oldId));
                //44.적절하지 않은 예외처리(광범위예외클래스)_CWE-754 Add by YOUNGJUN,CHO
                } catch (IOException ioex) {
                    ioex.printStackTrace();
                    out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.popup.notCoporationChangeAdmin")));
                    out.println(ServletUtil.redirect("/totsys/sysadm/dept/dept_view.jsp?deptID="+oldId));
                } catch (SQLException sqlex) {
                    sqlex.printStackTrace();
                    out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.popup.notCoporationChangeAdmin")));
                    out.println(ServletUtil.redirect("/totsys/sysadm/dept/dept_view.jsp?deptID="+oldId));
                    //++++++++++++++++++++++++++++++++++++++++++++++++
                }
		catch (Exception e)
		{
			e.printStackTrace();
			out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.popup.notCoporationChangeAdmin")));
                        
                        //v2. 9.크로스사이트 스크립트 (PrintWrier) : Update by KWON,HAN
//			out.println(ServletUtil.redirect("/totsys/sysadm/dept/dept_view.jsp?deptID="+oldId));
                        
                        // 수정 : 외부 입력값 필터링
                        String callbackFunc = "/totsys/sysadm/dept/dept_view.jsp?deptID="+oldId;
                        String filtered_callbackFunc = callbackFunc.replaceAll("<","").replaceAll(">","").replaceAll("&","").replaceAll(",","");
                        LOG.debug("v2 9.크로스사이트 스크립트 (PrintWrier) : DeptModify.DeptModify() filtered_callbackFunc={}, Not Test", filtered_callbackFunc);
                        out.println(ServletUtil.redirect(filtered_callbackFunc));      
                        //========================================                        
		}
		finally { execClose(); }
	}
}