001 /* 002 * Copyright (c) 2009 The openGion Project. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 013 * either express or implied. See the License for the specific language 014 * governing permissions and limitations under the License. 015 */ 016 package org.opengion.hayabusa.taglib; 017 018 import org.opengion.hayabusa.common.HybsSystem; 019 020 import static org.opengion.fukurou.util.StringUtil.nval ; 021 022 /** 023 * æŒ?®šã•れ㟠value 値ã®{@XXXX} 変数ãŒè¨å®šã•れãŸå ´åˆã?ã¿è¡¨ç¤ºã™ã‚‹ã‚¿ã‚°ã§ã™ã? 024 * 025 * value 値ã«ã€{@XXXX} 変数を使用ã—ã¦ã€ãƒªã‚¯ã‚¨ã‚¹ãƒˆå?ãŒè¨å®šã•れãŸå ´åˆã?ã¿ 026 * ãã?値を表示ã—ã¾ã™ã?ã“れã¯ã€{@XXXX} 変数ã¨å›ºå®šå?ã‚’çµ?¿åˆã‚ã›ãŸå ´åˆã§ã‚? 027 * åŒæ§˜ã«ã€å?ãŒè¨å®šã•れã¦ã?ªã??åˆã?ã€ä½¿ç”¨ã•れã¾ã›ã‚“ã€? 028 * defaultVal ãŒè¨å®šã•れã¦ãŠã‚Šã€ãƒªã‚¯ã‚¨ã‚¹ãƒˆå?ãŒè¨å®šã•れã¦ã?ªã??åˆã?defaultVal 値ã? 029 * 使用ã•れã¾ã™ã? 030 * ã“ã?ã‚¿ã‚°ãŒä½¿ç”¨ã•れるケースã®ä»£è¡¨ã¯ã€SQLã§ã® order by å¥ã§ã™ã?ä¸?ˆ¬ã®ãƒªã‚¯ã‚¨ã‚¹ãƒˆæ™‚ã«ã¯ã€? 031 * order by å¥ã‚’リクエストã§è¨å®šã—ã¦ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒæ¤œç´¢ã™ã‚‹æ™‚ã«ã€å?り替ãˆãŒã§ãるよã†ã« 032 * ã—ã¾ã™ã?別画é¢ã‹ã‚‰ã€ãƒªãƒ³ã‚¯ç‰ã§ç”»é¢ã‚’呼ã³å‡ºã™å?åˆã?ã€??常 order by å¥ã®æ¡ä»¶ã¾ã§ã€? 033 * æŒ?®šã—ã¾ã›ã‚“。ãã®ã‚ˆã†ãªå ´åˆã«å‚™ãˆã¦ã€og:appear ã‚¿ã‚°ã§defaultVal 値をè¨å®šã—ã¦ãŠãã€? 034 * 未æŒ?®šæ™‚ã®æ¤œç´¢é ?‚’äºˆã‚æŒ?®šã—ã¦ãŠãã¾ã™ã? 035 * 036 * @og.formSample 037 * â—å½¢å¼ï¼?lt;og:appear startKey="[order by|…]" value="…" defaultVal="[…]" /> 038 * â—body?šãªã? 039 * 040 * â—Tag定義 041 * <og:appear 042 * startKey ã€TAG】開始文å—å?ã‚’è¨å®šã—ã¾ã?åˆæœŸå€¤:"") 043 * value â—‹ã?TAG】å?ã‚’ã‚»ãƒ?ƒˆã—ã¾ã?æŒ?®šã•れãŸå€¤ã?è¨å®šã•れã¦ã?‚‹å ´åˆã?ã¿ä½¿ç”¨ã•れã¾ã?(å¿??) 044 * defaultVal ã€TAG】å?期å?ã‚’è¨å®šã—ã¾ã?value値ãŒNULLã®å ´åˆã«ã€ã“ã®åˆæœŸå€¤ãŒè¡¨ç¤º) 045 * quotCheck ã€TAGã€‘ãƒªã‚¯ã‚¨ã‚¹ãƒˆæƒ…å ±ã® ã‚¯ã‚©ãƒ¼ãƒ?‚£ã‚·ãƒ§ãƒ³(') å˜åœ¨ãƒã‚§ãƒ?‚¯ã‚’実施ã™ã‚‹ã‹ã©ã?‹[true/false]ã‚’è¨å®šã—ã¾ã?(åˆæœŸå€¤:USE_SQL_INJECTION_CHECK[=true]) 046 * xssCheck ã€TAGã€‘ãƒªã‚¯ã‚¨ã‚¹ãƒˆæƒ…å ±ã® HTMLTagé–‹å§?終äº?–‡å?><) å˜åœ¨ãƒã‚§ãƒ?‚¯ã‚’実施ã™ã‚‹ã‹ã©ã?‹[true/false]ã‚’è¨å®šã—ã¾ã?(åˆæœŸå€¤:USE_XSS_CHECK[=true]) 047 * debug ã€TAG】デãƒãƒƒã‚°æƒ??ã‚’å?力ã™ã‚‹ã‹ã©ã?‹[true/false]を指定ã—ã¾ã?åˆæœŸå€¤:false) 048 * /> 049 * 050 * â—使用ä¾? 051 * <!-- DB検索 SQLæ–?¨˜è¿° debug="true" ã§SQLæ–?‚’確èªã§ãã¾ã™ã?--> 052 * <og:query command="{@command}" debug="{@debug}" maxRowCount="{@maxRowCount}"> 053 * select CLM,NAME_JA,LABEL_NAME,URL,KBSAKU, 054 * SYSTEM_ID,LANG,FGJ,(CASE WHEN URL IS NULL THEN 0 ELSE 1 END) AS ONMARK 055 * from GF41 056 * <!-- 検索æ¡ä»¶ã§WhereTagを使用ã™ã‚Œã°{@xxxx}ãŒNULLã®å ´åˆã?ãã?æ¡ä»¶ã¯ç„¡è¦–ã•れã¾ã™ã? --> 057 * <og:where> 058 * <og:and value = "FGJ in ('0','1')" /> 059 * <og:and value = "SYSTEM_ID = '{@SYSTEM_ID}'" /> 060 * <og:and value = "LANG = '{@LANG}'" /> 061 * <og:and value = "CLM like '{@CLM}%'" /> 062 * <og:and value = "NAME_JA like '{@NAME_JA}%'" /> 063 * <og:and value = "LABEL_NAME like '{@LABEL_NAME}%'" /> 064 * <og:and value = "KBSAKU = '{@KBSAKU}'" /> 065 * </og:where> 066 * <!-- ORDER BYå¥ã§AppearTagを使用ã™ã‚Œã°{@ORDER_BY}ãŒNULLã®å ´åˆã?ORDER BYå¥ã¯ç„¡è¦–ã•れã¾ã™ã? --> 067 * <!-- ã¾ãŸã?{@ORDER_BY}ãŒNULLã®å ´åˆã«ã€defaultVal属æ?を指定ã™ã‚Œã?ã€ãã®å€¤ã§ORDER BY表示ã•れã¾ã™ã? --> 068 * <og:appear startKey = "order by" value = "{@ORDER_BY}" 069 * defaultVal = "SYSTEM_ID,CLM,LANG" /> 070 * </og:query> 071 * 072 * @og.group ç”»é¢éƒ¨å“? 073 * 074 * @version 4.0 075 * @author Kazuhiko Hasegawa 076 * @since JDK5.0, 077 */ 078 public class AppearTag extends CommonTagSupport { 079 //* ã“ã?プãƒã‚°ãƒ©ãƒ??VERSIONæ–?—å?ã‚’è¨å®šã—ã¾ã™ã? {@value} */ 080 private static final String VERSION = "5.7.8.1 (2014/07/18)" ; 081 082 private static final long serialVersionUID = 578120140718L ; 083 084 private String startKey = ""; 085 private String value = null; 086 private String defaultVal = null; 087 private boolean quotCheck = HybsSystem.sysBool( "USE_SQL_INJECTION_CHECK" ); // 5.7.8.1 (2014/07/18) 088 private boolean xssCheck = HybsSystem.sysBool( "USE_XSS_CHECK" ); // 5.7.8.1 (2014/07/18) 089 090 /** 091 * Taglibã®çµ‚äº?‚¿ã‚°ãŒè¦‹ã¤ã‹ã£ãŸã¨ãã«å‡¦ç?™ã‚?doEndTag() ã‚?オーãƒã?ライドã—ã¾ã™ã? 092 * 093 * @og.rev 3.1.1.2 (2003/04/04) Tomcat4.1 対応ã?release2() ã‚?doEndTag()ã§å‘¼ã¶ã€? 094 * @og.rev 5.7.8.1 (2014/07/18) quotCheck,xssCheck 追åŠ? 095 * 096 * @return 後続å?ç??æŒ?¤º(EVAL_PAGE) 097 */ 098 @Override 099 public int doEndTag() { 100 debugPrint(); // 4.0.0 (2005/02/28) 101 102 // 5.7.8.1 (2014/07/18) quotCheck,xssCheck 追åŠ? 103 useQuotCheck( quotCheck ); 104 useXssCheck( xssCheck ); 105 106 String output = getRequestParameter( value ); 107 if( isNull() ) { 108 output = defaultVal; 109 } 110 111 if( output != null ) { 112 jspPrint( startKey + " " + output ); 113 } 114 115 return EVAL_PAGE ; 116 } 117 118 /** 119 * タグリブオブジェクトをリリースã—ã¾ã™ã? 120 * 121 * ã‚ャãƒ?‚·ãƒ¥ã•れã¦å†åˆ©ç”¨ã•れるã?ã§ã€ãƒ•ィールドã?åˆæœŸè¨å®šã‚’行ã„ã¾ã™ã? 122 * 123 * @og.rev 2.0.0.4 (2002/09/27) カスタãƒ?‚¿ã‚°ã® release() メソãƒ?ƒ‰ã‚’ã?追åŠ? 124 * @og.rev 3.1.1.2 (2003/04/04) Tomcat4.1 対応ã?release2() ã‚?doEndTag()ã§å‘¼ã¶ã€? 125 * @og.rev 5.7.8.1 (2014/07/18) quotCheck , xssCheck 追åŠ? 126 * 127 */ 128 @Override 129 protected void release2() { 130 super.release2(); 131 startKey = ""; 132 value = null; 133 defaultVal = null; 134 quotCheck = HybsSystem.sysBool( "USE_SQL_INJECTION_CHECK" ); // 5.7.8.1 (2014/07/18) 135 xssCheck = HybsSystem.sysBool( "USE_XSS_CHECK" ); // 5.7.8.1 (2014/07/18) 136 } 137 138 /** 139 * ã€TAG】開始文å—å?ã‚’è¨å®šã—ã¾ã?åˆæœŸå€¤:"")ã€? 140 * 141 * @og.tag 142 * ã“ã?ã‚ーã¯ã€ãƒãƒªãƒ¥ãƒ¼ã¨æŽ¥ç¶šã•ã‚Œã‚‹å ´åˆã«ç©ºç™½æ–?—ã‚’ä¸?¤æŒ¿å…¥ã—ã¾ã™ã? 143 * 144 * @param val é–‹å§‹æ–‡å—å?(例:startKey="order by") 145 */ 146 public void setStartKey( final String val ) { 147 startKey = nval( getRequestParameter( val ),startKey ); 148 } 149 150 /** 151 * ã€TAG】å?ã‚’ã‚»ãƒ?ƒˆã—ã¾ã?æŒ?®šã•れãŸå€¤ã?è¨å®šã•れã¦ã?‚‹å ´åˆã?ã¿ä½¿ç”¨ã•れã¾ã?ã€? 152 * 153 * @og.tag 154 * æŒ?®šã•れãŸå€¤ã?è¨å®šã•れã¦ã?‚‹å ´åˆã?ã¿ã€?–‹å§‹æ–‡å—å?(startKey)ã¨çµ?¿åˆã‚ã›ã‚Œã¦ã€ä½¿ç”¨ã•れã¾ã™ã? 155 * ã“れã¯ã€ä¸?ˆ¬ã«value値ãŒå¤‰å‹•ã™ã‚‹å ´åˆã«ã€defaultVal ç‰ã«é‡è¤?™ã‚‹å?ã‚? 156 * è¨å®šã—ãŸããªã??åˆã«ä½¿ç”¨ã—ã¾ã™ã?{@XXXX}æ–?—ãŒä½¿ç”¨ã§ãã¾ã™ã? 157 * 158 * @param val 値 159 */ 160 public void setValue( final String val ) { 161 value = val; 162 } 163 164 /** 165 * ã€TAG】å?期å?ã‚’è¨å®šã—ã¾ã?value値ãŒNULLã®å ´åˆã«ã€ã“ã®åˆæœŸå€¤ãŒè¡¨ç¤º)ã€? 166 * 167 * @og.tag 168 * value値ãŒNULL(æŒ?®šã•れãªã?ã®å ´åˆã«ã€ã“ã®åˆæœŸå€¤ãŒå?ã¨ã—ã¦ä½¿ç”¨ã•れã¾ã™ã? 169 * 170 * @param val åˆæœŸå€¤ 171 */ 172 public void setDefaultVal( final String val ) { 173 defaultVal = nval( getRequestParameter( val ),defaultVal ); 174 } 175 176 /** 177 * ã€TAGã€‘ãƒªã‚¯ã‚¨ã‚¹ãƒˆæƒ…å ±ã® ã‚¯ã‚©ãƒ¼ãƒ?‚£ã‚·ãƒ§ãƒ³(') å˜åœ¨ãƒã‚§ãƒ?‚¯ã‚’実施ã™ã‚‹ã‹ã©ã?‹[true/false]ã‚’è¨å®šã—ã¾ã? 178 * (åˆæœŸå€¤:USE_SQL_INJECTION_CHECK[={@og.value org.opengion.hayabusa.common.SystemData#USE_SQL_INJECTION_CHECK}])ã€? 179 * 180 * @og.tag 181 * ?³?±?¬ã‚¤ãƒ³ã‚¸ã‚§ã‚¯ã‚·ãƒ§ãƒ³å¯¾ç–ã?ä¸?¤ã¨ã—ã¦ã€æš«å®šçš„ã§ã¯ã‚りã¾ã™ãŒã€SQLã®ãƒ‘ラメータ㫠182 * æ¸¡ã™æ–‡å—å?ã«ã‚¯ã‚©ãƒ¼ãƒ?‚£ã‚·ãƒ§ãƒ³(') を許ã•ãªã?¨å®šã«ã™ã‚Œã°ã€ã‚る程度ã¯é˜²æ¢ã§ãã¾ã™ã? 183 * æ•°å—タイプã?引数ã«ã¯ã€?or 5=5 ãªã©ã®ã‚¯ã‚©ãƒ¼ãƒ?‚£ã‚·ãƒ§ãƒ³ã‚’使用ã—ãªã?‚³ãƒ¼ãƒ‰ã‚’埋ã‚ã¦ã‚‚ã? 184 * æ•°å—ãƒã‚§ãƒ?‚¯ã§æ¤œå?å¯èƒ½ã§ã™ã?æ–?—タイプã?å ´åˆã?ã€å¿?š (')ã‚’ã?ãšã—ã¦ã€? 185 * ' or 'A' like 'A ã®ã‚ˆã†ãªå½¢å¼ã«ãªã‚‹ç‚ºã€?')ãƒã‚§ãƒ?‚¯ã?‘ã§ã‚‚有効ã§ã™ã? 186 * (') ãŒå«ã¾ã‚Œã¦ã?Ÿã‚¨ãƒ©ãƒ¼ã«ã™ã‚‹(true)?ã‹ãƒŽã?ãƒã‚§ãƒ?‚¯ã?false)を指定ã—ã¾ã™ã? 187 * (åˆæœŸå€¤:シスãƒ?ƒ 定数ã®USE_SQL_INJECTION_CHECK[={@og.value org.opengion.hayabusa.common.SystemData#USE_SQL_INJECTION_CHECK}])ã€? 188 * 189 * @og.rev 4.0.0.0 (2005/08/31) æ–°è¦è¿½åŠ? 190 * 191 * @param flag クォーãƒ?‚£ã‚·ãƒ§ãƒ³ãƒã‚§ãƒ?‚¯ [true:ã™ã‚‹/ãれ以å¤?ã—ãªã„] 192 * @see org.opengion.hayabusa.common.SystemData#USE_SQL_INJECTION_CHECK 193 */ 194 public void setQuotCheck( final String flag ) { 195 quotCheck = nval( getRequestParameter( flag ),quotCheck ); 196 } 197 198 /** 199 * ã€TAGã€‘ãƒªã‚¯ã‚¨ã‚¹ãƒˆæƒ…å ±ã® HTMLTagé–‹å§?終äº?–‡å?><) å˜åœ¨ãƒã‚§ãƒ?‚¯ã‚’実施ã™ã‚‹ã‹ã©ã?‹[true/false]ã‚’è¨å®šã—ã¾ã? 200 * (åˆæœŸå€¤:USE_XSS_CHECK[={@og.value org.opengion.hayabusa.common.SystemData#USE_XSS_CHECK}])ã€? 201 * 202 * @og.tag 203 * クãƒã‚¹ã‚µã‚¤ãƒˆã‚¹ã‚¯ãƒªãƒ—ティング(XSS)対ç–ã?ä¸?’°ã¨ã—ã¦less/greater than signã«ã¤ã?¦ã®ãƒã‚§ãƒ?‚¯ã‚’行ã„ã¾ã™ã? 204 * (><) ãŒå«ã¾ã‚Œã¦ã?Ÿã‚¨ãƒ©ãƒ¼ã«ã™ã‚‹(true)?ã‹ãƒŽã?ãƒã‚§ãƒ?‚¯ã?false)を指定ã—ã¾ã™ã? 205 * (åˆæœŸå€¤:シスãƒ?ƒ 定数ã®USE_XSS_CHECK[={@og.value org.opengion.hayabusa.common.SystemData#USE_XSS_CHECK}])ã€? 206 * 207 * @og.rev 5.0.0.2 (2009/09/15) æ–°è¦è¿½åŠ? 208 * 209 * @param flag XSSãƒã‚§ãƒ?‚¯ [true:ã™ã‚‹/false:ã—ãªã„] 210 * @see org.opengion.hayabusa.common.SystemData#USE_XSS_CHECK 211 */ 212 public void setXssCheck( final String flag ) { 213 xssCheck = nval( getRequestParameter( flag ),xssCheck ); 214 } 215 216 /** 217 * ã“ã?オブジェクトã?æ–?—å?表ç¾ã‚’è¿”ã—ã¾ã™ã? 218 * 基本çš?«ãƒ?ƒãƒ?‚°ç›®çš?«ä½¿ç”¨ã—ã¾ã™ã? 219 * 220 * @return ã“ã?ã‚¯ãƒ©ã‚¹ã®æ–?—å?è¡¨ç¾ 221 */ 222 @Override 223 public String toString() { 224 return org.opengion.fukurou.util.ToString.title( this.getClass().getName() ) 225 .println( "VERSION" ,VERSION ) 226 .println( "startKey" ,startKey ) 227 .println( "value" ,value ) 228 .println( "defaultVal" ,defaultVal ) 229 .println( "Other..." ,getAttributes().getAttribute() ) 230 .fixForm().toString() ; 231 } 232 }