You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
123 lines
6.4 KiB
123 lines
6.4 KiB
/********************************************************************************** |
|
* 프로그램명 : HttpAdmFileDelete.java 프로그램설명 : 작 성 자 : 작 성 일 : 최신변경일 : |
|
***********************************************************************************/ |
|
|
|
package kr.co.kihyun.beans.totsys.board; |
|
|
|
import java.io.File; |
|
import java.io.IOException; |
|
import java.io.PrintWriter; |
|
|
|
import javax.servlet.ServletException; |
|
import javax.servlet.annotation.WebServlet; |
|
import javax.servlet.http.HttpServlet; |
|
import javax.servlet.http.HttpServletRequest; |
|
import javax.servlet.http.HttpServletResponse; |
|
import kr.co.kihyun.io.FileUtil; |
|
|
|
import kr.co.kihyun.lang.Encoder; |
|
import kr.co.kihyun.moumi.MoumiConfig; |
|
import kr.co.kihyun.text.html.ServletUtil; |
|
import org.slf4j.Logger; |
|
import org.slf4j.LoggerFactory; |
|
@WebServlet("/servlet/kr.co.kihyun.beans.totsys.board.HttpAdmFileDelete") |
|
public class HttpAdmFileDelete extends HttpServlet { |
|
|
|
private static final Logger LOG = LoggerFactory.getLogger(FileUtil.class); |
|
|
|
/** |
|
* |
|
*/ |
|
private static final long serialVersionUID = 1L; |
|
// DB관련 변수 |
|
String sql; |
|
String writeDate; |
|
|
|
public void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { |
|
|
|
res.setContentType("text/html"); |
|
res.setContentType("text/html;charset=UTF-8"); |
|
PrintWriter out = res.getWriter(); |
|
|
|
String usrFilename = ""; |
|
String svrFilename = ""; |
|
String boardGroupID = ""; |
|
StringBuilder savePath = new StringBuilder(MoumiConfig.getSysAdmFileRoot().getPath()) |
|
.append(System.getProperty("file.separator")).append("board") |
|
.append(System.getProperty("file.separator")).append("upfiles") |
|
.append(System.getProperty("file.separator")); |
|
boolean isDel = false; |
|
|
|
try { |
|
svrFilename = req.getParameter("fileList"); |
|
boardGroupID = req.getParameter("boardGroupID"); |
|
|
|
// 저장 파일 경로 |
|
// savePath = Moumi.getRoot()+boardGroup.getSavePath(boardGroupID); |
|
if (svrFilename != null) { |
|
svrFilename = Encoder.toJava(svrFilename); |
|
|
|
//3.디렉토리 경로 조작(getParameter)_CWE-22/23/36 : Add by KWON,HAN |
|
LOG.debug("svrFilename: {}", svrFilename); |
|
if(svrFilename.contains("..") || svrFilename. contains("/")) { // 특수문자열 검증 |
|
LOG.debug("HttpAdmFileDelete doPost ==="); |
|
LOG.debug("3.디렉토리 경로 조작(getParameter)_CWE-22/23/36 : Not Test {}", svrFilename); |
|
LOG.debug("============================"); |
|
return; |
|
} |
|
//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |
|
|
|
//v2. 4.경로 조작 및 자원 삽입_CWE-22/23/36/99 : Update by KWON,HAN |
|
// File file = new File(savePath + System.getProperty("file.separator") + svrFilename); |
|
// isDel = file.delete(); |
|
|
|
if (svrFilename != null && !"".equals(svrFilename)) { |
|
// 수정 : 외부 입력값 필터링 |
|
svrFilename = svrFilename.replaceAll("/",""); |
|
svrFilename = svrFilename.replaceAll("\\",""); |
|
//svrFilename = svrFilename.replaceAll(".",""); |
|
//svrFilename = svrFilename.replaceAll("&",""); |
|
|
|
LOG.debug("v2. 4.경로 조작 및 자원 삽입_CWE-22/23/36/99 : HttpAdmFileDelete.doPost svrFilename={} / Not Test", svrFilename); |
|
File file = new File(savePath + System.getProperty("file.separator") + svrFilename); |
|
if (file != null) file.delete(); |
|
} |
|
//================================================================ |
|
} |
|
|
|
if (isDel) { |
|
//v2. 1.HTTP 응답분할 : Update by KWON,HAN |
|
// res.sendRedirect("/totsys/sysadm/board/write_file_upload.jsp?execMode=del&svrFilename=" + svrFilename |
|
// + "&usrFilename=" + usrFilename + "&boardGroupID=" + boardGroupID); |
|
if (svrFilename != null) { |
|
// 수정 : 외부 입력값 필터링 |
|
String filtered_svrFilename = svrFilename.replaceAll("\r","").replaceAll("\n",""); |
|
LOG.debug("v2 1.HTTP 응답분할 : HttpAdmFileDelete.doPost() isDel=true filtered_svrFilename={}, Not Test", filtered_svrFilename); |
|
res.sendRedirect("/totsys/sysadm/board/write_file_upload.jsp?execMode=del&svrFilename=" + filtered_svrFilename |
|
+ "&usrFilename=" + usrFilename + "&boardGroupID=" + boardGroupID); |
|
} |
|
//======================================== |
|
return; |
|
} else { |
|
out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.popup.fileDeleteFail"))); |
|
|
|
//v2. 1.HTTP 응답분할 : Update by KWON,HAN |
|
// res.sendRedirect("/totsys/sysadm/board/write_file_upload.jsp?execMode=del&svrFilename=" + svrFilename |
|
// + "&usrFilename=" + usrFilename + "&boardGroupID=" + boardGroupID); |
|
if (svrFilename != null) { |
|
// 수정 : 외부 입력값 필터링 |
|
String filtered_svrFilename = svrFilename.replaceAll("\r","").replaceAll("\n",""); |
|
LOG.debug("v2 1.HTTP 응답분할 : HttpAdmFileDelete.doPost() isDel=false filtered_svrFilename={}, Not Test", filtered_svrFilename); |
|
res.sendRedirect("/totsys/sysadm/board/write_file_upload.jsp?execMode=del&svrFilename=" + filtered_svrFilename |
|
+ "&usrFilename=" + usrFilename + "&boardGroupID=" + boardGroupID); |
|
} |
|
//======================================== |
|
} |
|
} catch (IOException ex) { |
|
ex.printStackTrace(); |
|
} catch (Exception ex) { |
|
ex.printStackTrace(); |
|
} |
|
} |
|
|
|
}
|
|
|