jskim
/
moumiKnu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
knu project
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
69 MiB
 
 
 
 
 
 
Tag: Branch: Tree: 1420a4cf07
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1420a4cf07'
${ noResults }
moumiKnu/src_bak/kr/co/kihyun/beans/user/UserApproSetModify.java

123 lines
5.5 KiB
Raw Blame History

package kr.co.kihyun.beans.user;
//import kr.co.kihyun.tree.*;
import java.io.PrintWriter;
import java.net.URLEncoder;
import java.sql.ResultSet;
import java.sql.SQLException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import kr.co.kihyun.beans.entity.SubmitReport;
import kr.co.kihyun.db.DBManager;
import kr.co.kihyun.lang.Encoder;
import kr.co.kihyun.lang.MString;
import kr.co.kihyun.moumi.MoumiConfig;
import kr.co.kihyun.text.html.ServletUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class UserApproSetModify extends DBManager {
private static final Logger LOG = LoggerFactory.getLogger(UserApproSetModify.class);
public UserApproSetModify(HttpServletRequest req, HttpServletResponse res) {
String userId = null;
String docID = null;
String deptID = null;
String userID = null;
String Appro = null;
String reportID = null;
String reportType = null;
String docType = null;
String strPage = null;
// String findOption = null;
// String findWord = null;
String findOption = MString.checkNull(Encoder.toJava(req.getParameter("findOption")));
String findWord = MString.checkNull(Encoder.toJava(req.getParameter("findWord")));
String[] reportIDList = null;
String[] userIDList = null;
String strGubun = null;
String usID = HttpSSOLogin.getLoginID(req);
int sysAuth;
ResultSet rs = null;
String stDate = MString.checkNull(req.getParameter("stDate"));
String edDate = MString.checkNull(req.getParameter("edDate"));
PrintWriter out = null;
try {
res.setContentType("text/html;charset=UTF-8");
out = res.getWriter();
if (!HttpSSOLogin.isLogin(req)) {
String connURL = "location='/totsys/login/login.jsp';";
out.println(ServletUtil.getJavaScript(connURL));
return;
}
reportID = MString.checkNull(req.getParameter("reportID"), "null");
docType = MString.checkNull(req.getParameter("docType"), "null");
strPage = Encoder.toJava(req.getParameter("strPage"));
strGubun = MString.checkNull(req.getParameter("strGubun"), "null");
reportIDList = reportID.split(",");
SubmitReport submitReport = new SubmitReport();
submitReport.getSysAuth(usID);
sysAuth = submitReport.getAuthNum();
String tmpSysAuth = Integer.toString(sysAuth);
for (int i = 0; i < reportIDList.length; i++) {
String tmpSysAuthRlpc = tmpSysAuth.replace(" ", "");
String tmpGubun = strGubun.replace(" ", "");
String sql = "UPDATE MOUMI_TOT_DOC SET ACC_AUTH=? WHERE ID=?";
execUpdate(sql, tmpGubun, reportIDList[i]);
if (tmpGubun.equals("1")) {
out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.tot_doc.approModify")));
} else {
out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.tot_doc.approCancel")));
}
out.println(ServletUtil.getJavaScript("document.location='/totsys/totper/mydocbox/prssbox/doc_list.jsp?docType=" + docType + "&strPage="+ strPage + "&findOption="+ findOption + "&findWord="+ URLEncoder.encode(MString.checkNull(findWord), "UTF-8") + "&stDate=" + stDate + "&edDate=" + edDate + "&method=GET" + "';"));
}
} catch (Exception e) {
e.printStackTrace();
out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.tot_doc.approModifyCancel")));
//v2. 9.크로스사이트 스크립트 (PrintWrier) : Update by KWON,HAN
// 수정 : 외부 입력값 필터링
String callbackFunc = "document.location='/totsys/totper/mydocbox/prssbox/doc_list.jsp?docType=" + docType + "&strPage="+ strPage + "&findOption="+ findOption + "&findWord="+ findWord + "&stDate=" + stDate + "&edDate=" + edDate + "';";
String filtered_callbackFunc = callbackFunc.replaceAll("<","").replaceAll(">","").replaceAll(",","");
LOG.debug("v2 9.크로스사이트 스크립트 (PrintWrier) : UserApproModify.UserApproModify() filtered_callbackFunc={}, Not Test", filtered_callbackFunc);
out.println(ServletUtil.redirect(filtered_callbackFunc));
} finally {
//execClose();
try {
if (rs != null) {
rs.close();
}
} catch (SQLException ex) {
//31.오류 상황 대응 부재_CWE-390 Add by YOUNGJUN,CHO
ex.printStackTrace();
//++++++++++++++++++++++++++++++++++++++++++++++++
}
try {
if (pstmt != null) {
pstmt.close();
}
} catch (SQLException ex) {
//31.오류 상황 대응 부재_CWE-390 Add by YOUNGJUN,CHO
ex.printStackTrace();
//++++++++++++++++++++++++++++++++++++++++++++++++
}
try {
if (con != null) {
con.close();
}
} catch (SQLException ex) {
//31.오류 상황 대응 부재_CWE-390 Add by YOUNGJUN,CHO
ex.printStackTrace();
//++++++++++++++++++++++++++++++++++++++++++++++++
}
}
}
}