001 /*
002 * Copyright (c) 2009 The openGion Project.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
013 * either express or implied. See the License for the specific language
014 * governing permissions and limitations under the License.
015 */
016 package org.opengion.hayabusa.taglib;
017
018 import org.opengion.hayabusa.common.HybsSystem;
019
020 import static org.opengion.fukurou.util.StringUtil.nval ;
021
022 /**
023 * æŒ?®šã•れ㟠value 値ã®{@XXXX} 変数ãŒè¨å®šã•れãŸå ´åˆã?ã¿è¡¨ç¤ºã™ã‚‹ã‚¿ã‚°ã§ã™ã?
024 *
025 * value 値ã«ã€{@XXXX} 変数を使用ã—ã¦ã€ãƒªã‚¯ã‚¨ã‚¹ãƒˆå?ãŒè¨å®šã•れãŸå ´åˆã?ã¿
026 * ãã?値を表示ã—ã¾ã™ã?ã“れã¯ã€{@XXXX} 変数ã¨å›ºå®šå?ã‚’çµ?¿åˆã‚ã›ãŸå ´åˆã§ã‚?
027 * åŒæ§˜ã«ã€å?ãŒè¨å®šã•れã¦ã?ªã??åˆã?ã€ä½¿ç”¨ã•れã¾ã›ã‚“ã€?
028 * defaultVal ãŒè¨å®šã•れã¦ãŠã‚Šã€ãƒªã‚¯ã‚¨ã‚¹ãƒˆå?ãŒè¨å®šã•れã¦ã?ªã??åˆã?defaultVal 値ã?
029 * 使用ã•れã¾ã™ã?
030 * ã“ã?ã‚¿ã‚°ãŒä½¿ç”¨ã•れるケースã®ä»£è¡¨ã¯ã€SQLã§ã® order by å¥ã§ã™ã?ä¸?ˆ¬ã®ãƒªã‚¯ã‚¨ã‚¹ãƒˆæ™‚ã«ã¯ã€?
031 * order by å¥ã‚’リクエストã§è¨å®šã—ã¦ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒæ¤œç´¢ã™ã‚‹æ™‚ã«ã€å?り替ãˆãŒã§ãるよã†ã«
032 * ã—ã¾ã™ã?別画é¢ã‹ã‚‰ã€ãƒªãƒ³ã‚¯ç‰ã§ç”»é¢ã‚’呼ã³å‡ºã™å?åˆã?ã€??常 order by å¥ã®æ¡ä»¶ã¾ã§ã€?
033 * æŒ?®šã—ã¾ã›ã‚“。ãã®ã‚ˆã†ãªå ´åˆã«å‚™ãˆã¦ã€og:appear ã‚¿ã‚°ã§defaultVal 値をè¨å®šã—ã¦ãŠãã€?
034 * 未æŒ?®šæ™‚ã®æ¤œç´¢é ?‚’äºˆã‚æŒ?®šã—ã¦ãŠãã¾ã™ã?
035 *
036 * @og.formSample
037 * â—å½¢å¼ï¼?lt;og:appear startKey="[order by|…]" value="…" defaultVal="[…]" />
038 * â—body?šãªã?
039 *
040 * â—Tag定義
041 * <og:appear
042 * startKey ã€TAG】開始文å—å?ã‚’è¨å®šã—ã¾ã?åˆæœŸå€¤:"")
043 * value â—‹ã?TAG】å?ã‚’ã‚»ãƒ?ƒˆã—ã¾ã?æŒ?®šã•れãŸå€¤ã?è¨å®šã•れã¦ã?‚‹å ´åˆã?ã¿ä½¿ç”¨ã•れã¾ã?(å¿??)
044 * defaultVal ã€TAG】å?期å?ã‚’è¨å®šã—ã¾ã?value値ãŒNULLã®å ´åˆã«ã€ã“ã®åˆæœŸå€¤ãŒè¡¨ç¤º)
045 * quotCheck ã€TAGã€‘ãƒªã‚¯ã‚¨ã‚¹ãƒˆæƒ…å ±ã® ã‚¯ã‚©ãƒ¼ãƒ?‚£ã‚·ãƒ§ãƒ³(') å˜åœ¨ãƒã‚§ãƒ?‚¯ã‚’実施ã™ã‚‹ã‹ã©ã?‹[true/false]ã‚’è¨å®šã—ã¾ã?(åˆæœŸå€¤:USE_SQL_INJECTION_CHECK[=true])
046 * xssCheck ã€TAGã€‘ãƒªã‚¯ã‚¨ã‚¹ãƒˆæƒ…å ±ã® HTMLTagé–‹å§?終äº?–‡å?><) å˜åœ¨ãƒã‚§ãƒ?‚¯ã‚’実施ã™ã‚‹ã‹ã©ã?‹[true/false]ã‚’è¨å®šã—ã¾ã?(åˆæœŸå€¤:USE_XSS_CHECK[=true])
047 * debug ã€TAG】デãƒãƒƒã‚°æƒ??ã‚’å?力ã™ã‚‹ã‹ã©ã?‹[true/false]を指定ã—ã¾ã?åˆæœŸå€¤:false)
048 * />
049 *
050 * â—使用ä¾?
051 * <!-- DB検索 SQLæ–?¨˜è¿° debug="true" ã§SQLæ–?‚’確èªã§ãã¾ã™ã?-->
052 * <og:query command="{@command}" debug="{@debug}" maxRowCount="{@maxRowCount}">
053 * select CLM,NAME_JA,LABEL_NAME,URL,KBSAKU,
054 * SYSTEM_ID,LANG,FGJ,(CASE WHEN URL IS NULL THEN 0 ELSE 1 END) AS ONMARK
055 * from GF41
056 * <!-- 検索æ¡ä»¶ã§WhereTagを使用ã™ã‚Œã°{@xxxx}ãŒNULLã®å ´åˆã?ãã?æ¡ä»¶ã¯ç„¡è¦–ã•れã¾ã™ã? -->
057 * <og:where>
058 * <og:and value = "FGJ in ('0','1')" />
059 * <og:and value = "SYSTEM_ID = '{@SYSTEM_ID}'" />
060 * <og:and value = "LANG = '{@LANG}'" />
061 * <og:and value = "CLM like '{@CLM}%'" />
062 * <og:and value = "NAME_JA like '{@NAME_JA}%'" />
063 * <og:and value = "LABEL_NAME like '{@LABEL_NAME}%'" />
064 * <og:and value = "KBSAKU = '{@KBSAKU}'" />
065 * </og:where>
066 * <!-- ORDER BYå¥ã§AppearTagを使用ã™ã‚Œã°{@ORDER_BY}ãŒNULLã®å ´åˆã?ORDER BYå¥ã¯ç„¡è¦–ã•れã¾ã™ã? -->
067 * <!-- ã¾ãŸã?{@ORDER_BY}ãŒNULLã®å ´åˆã«ã€defaultVal属æ?を指定ã™ã‚Œã?ã€ãã®å€¤ã§ORDER BY表示ã•れã¾ã™ã? -->
068 * <og:appear startKey = "order by" value = "{@ORDER_BY}"
069 * defaultVal = "SYSTEM_ID,CLM,LANG" />
070 * </og:query>
071 *
072 * @og.group ç”»é¢éƒ¨å“?
073 *
074 * @version 4.0
075 * @author Kazuhiko Hasegawa
076 * @since JDK5.0,
077 */
078 public class AppearTag extends CommonTagSupport {
079 //* ã“ã?プãƒã‚°ãƒ©ãƒ??VERSIONæ–?—å?ã‚’è¨å®šã—ã¾ã™ã? {@value} */
080 private static final String VERSION = "5.7.8.1 (2014/07/18)" ;
081
082 private static final long serialVersionUID = 578120140718L ;
083
084 private String startKey = "";
085 private String value = null;
086 private String defaultVal = null;
087 private boolean quotCheck = HybsSystem.sysBool( "USE_SQL_INJECTION_CHECK" ); // 5.7.8.1 (2014/07/18)
088 private boolean xssCheck = HybsSystem.sysBool( "USE_XSS_CHECK" ); // 5.7.8.1 (2014/07/18)
089
090 /**
091 * Taglibã®çµ‚äº?‚¿ã‚°ãŒè¦‹ã¤ã‹ã£ãŸã¨ãã«å‡¦ç?™ã‚?doEndTag() ã‚?オーãƒã?ライドã—ã¾ã™ã?
092 *
093 * @og.rev 3.1.1.2 (2003/04/04) Tomcat4.1 対応ã?release2() ã‚?doEndTag()ã§å‘¼ã¶ã€?
094 * @og.rev 5.7.8.1 (2014/07/18) quotCheck,xssCheck 追�
095 *
096 * @return 後続å?ç??æŒ?¤º(EVAL_PAGE)
097 */
098 @Override
099 public int doEndTag() {
100 debugPrint(); // 4.0.0 (2005/02/28)
101
102 // 5.7.8.1 (2014/07/18) quotCheck,xssCheck 追�
103 useQuotCheck( quotCheck );
104 useXssCheck( xssCheck );
105
106 String output = getRequestParameter( value );
107 if( isNull() ) {
108 output = defaultVal;
109 }
110
111 if( output != null ) {
112 jspPrint( startKey + " " + output );
113 }
114
115 return EVAL_PAGE ;
116 }
117
118 /**
119 * タグリブオブジェクトをリリースã—ã¾ã™ã?
120 *
121 * ã‚ャãƒ?‚·ãƒ¥ã•れã¦å†åˆ©ç”¨ã•れるã?ã§ã€ãƒ•ィールドã?åˆæœŸè¨å®šã‚’行ã„ã¾ã™ã?
122 *
123 * @og.rev 2.0.0.4 (2002/09/27) カスタãƒ?‚¿ã‚°ã® release() メソãƒ?ƒ‰ã‚’ã?追åŠ?
124 * @og.rev 3.1.1.2 (2003/04/04) Tomcat4.1 対応ã?release2() ã‚?doEndTag()ã§å‘¼ã¶ã€?
125 * @og.rev 5.7.8.1 (2014/07/18) quotCheck , xssCheck 追�
126 *
127 */
128 @Override
129 protected void release2() {
130 super.release2();
131 startKey = "";
132 value = null;
133 defaultVal = null;
134 quotCheck = HybsSystem.sysBool( "USE_SQL_INJECTION_CHECK" ); // 5.7.8.1 (2014/07/18)
135 xssCheck = HybsSystem.sysBool( "USE_XSS_CHECK" ); // 5.7.8.1 (2014/07/18)
136 }
137
138 /**
139 * ã€TAG】開始文å—å?ã‚’è¨å®šã—ã¾ã?åˆæœŸå€¤:"")ã€?
140 *
141 * @og.tag
142 * ã“ã?ã‚ーã¯ã€ãƒãƒªãƒ¥ãƒ¼ã¨æŽ¥ç¶šã•ã‚Œã‚‹å ´åˆã«ç©ºç™½æ–?—ã‚’ä¸?¤æŒ¿å…¥ã—ã¾ã™ã?
143 *
144 * @param val é–‹å§‹æ–‡å—å?(例:startKey="order by")
145 */
146 public void setStartKey( final String val ) {
147 startKey = nval( getRequestParameter( val ),startKey );
148 }
149
150 /**
151 * ã€TAG】å?ã‚’ã‚»ãƒ?ƒˆã—ã¾ã?æŒ?®šã•れãŸå€¤ã?è¨å®šã•れã¦ã?‚‹å ´åˆã?ã¿ä½¿ç”¨ã•れã¾ã?ã€?
152 *
153 * @og.tag
154 * æŒ?®šã•れãŸå€¤ã?è¨å®šã•れã¦ã?‚‹å ´åˆã?ã¿ã€?–‹å§‹æ–‡å—å?(startKey)ã¨çµ?¿åˆã‚ã›ã‚Œã¦ã€ä½¿ç”¨ã•れã¾ã™ã?
155 * ã“れã¯ã€ä¸?ˆ¬ã«value値ãŒå¤‰å‹•ã™ã‚‹å ´åˆã«ã€defaultVal ç‰ã«é‡è¤?™ã‚‹å?ã‚?
156 * è¨å®šã—ãŸããªã??åˆã«ä½¿ç”¨ã—ã¾ã™ã?{@XXXX}æ–?—ãŒä½¿ç”¨ã§ãã¾ã™ã?
157 *
158 * @param val 値
159 */
160 public void setValue( final String val ) {
161 value = val;
162 }
163
164 /**
165 * ã€TAG】å?期å?ã‚’è¨å®šã—ã¾ã?value値ãŒNULLã®å ´åˆã«ã€ã“ã®åˆæœŸå€¤ãŒè¡¨ç¤º)ã€?
166 *
167 * @og.tag
168 * value値ãŒNULL(æŒ?®šã•れãªã?ã®å ´åˆã«ã€ã“ã®åˆæœŸå€¤ãŒå?ã¨ã—ã¦ä½¿ç”¨ã•れã¾ã™ã?
169 *
170 * @param val åˆæœŸå€¤
171 */
172 public void setDefaultVal( final String val ) {
173 defaultVal = nval( getRequestParameter( val ),defaultVal );
174 }
175
176 /**
177 * ã€TAGã€‘ãƒªã‚¯ã‚¨ã‚¹ãƒˆæƒ…å ±ã® ã‚¯ã‚©ãƒ¼ãƒ?‚£ã‚·ãƒ§ãƒ³(') å˜åœ¨ãƒã‚§ãƒ?‚¯ã‚’実施ã™ã‚‹ã‹ã©ã?‹[true/false]ã‚’è¨å®šã—ã¾ã?
178 * (åˆæœŸå€¤:USE_SQL_INJECTION_CHECK[={@og.value org.opengion.hayabusa.common.SystemData#USE_SQL_INJECTION_CHECK}])ã€?
179 *
180 * @og.tag
181 * ?³?±?¬ã‚¤ãƒ³ã‚¸ã‚§ã‚¯ã‚·ãƒ§ãƒ³å¯¾ç–ã?ä¸?¤ã¨ã—ã¦ã€æš«å®šçš„ã§ã¯ã‚りã¾ã™ãŒã€SQLã®ãƒ‘ラメータã«
182 * æ¸¡ã™æ–‡å—å?ã«ã‚¯ã‚©ãƒ¼ãƒ?‚£ã‚·ãƒ§ãƒ³(') を許ã•ãªã?¨å®šã«ã™ã‚Œã°ã€ã‚る程度ã¯é˜²æ¢ã§ãã¾ã™ã?
183 * æ•°å—タイプã?引数ã«ã¯ã€?or 5=5 ãªã©ã®ã‚¯ã‚©ãƒ¼ãƒ?‚£ã‚·ãƒ§ãƒ³ã‚’使用ã—ãªã?‚³ãƒ¼ãƒ‰ã‚’埋ã‚ã¦ã‚‚ã?
184 * æ•°å—ãƒã‚§ãƒ?‚¯ã§æ¤œå?å¯èƒ½ã§ã™ã?æ–?—タイプã?å ´åˆã?ã€å¿?š (')ã‚’ã?ãšã—ã¦ã€?
185 * ' or 'A' like 'A ã®ã‚ˆã†ãªå½¢å¼ã«ãªã‚‹ç‚ºã€?')ãƒã‚§ãƒ?‚¯ã?‘ã§ã‚‚有効ã§ã™ã?
186 * (') ãŒå«ã¾ã‚Œã¦ã?Ÿã‚¨ãƒ©ãƒ¼ã«ã™ã‚‹(true)?ã‹ãƒŽã?ãƒã‚§ãƒ?‚¯ã?false)を指定ã—ã¾ã™ã?
187 * (åˆæœŸå€¤:シスãƒ?ƒ 定数ã®USE_SQL_INJECTION_CHECK[={@og.value org.opengion.hayabusa.common.SystemData#USE_SQL_INJECTION_CHECK}])ã€?
188 *
189 * @og.rev 4.0.0.0 (2005/08/31) æ–°è¦è¿½åŠ?
190 *
191 * @param flag クォーãƒ?‚£ã‚·ãƒ§ãƒ³ãƒã‚§ãƒ?‚¯ [true:ã™ã‚‹/ãれ以å¤?ã—ãªã„]
192 * @see org.opengion.hayabusa.common.SystemData#USE_SQL_INJECTION_CHECK
193 */
194 public void setQuotCheck( final String flag ) {
195 quotCheck = nval( getRequestParameter( flag ),quotCheck );
196 }
197
198 /**
199 * ã€TAGã€‘ãƒªã‚¯ã‚¨ã‚¹ãƒˆæƒ…å ±ã® HTMLTagé–‹å§?終äº?–‡å?><) å˜åœ¨ãƒã‚§ãƒ?‚¯ã‚’実施ã™ã‚‹ã‹ã©ã?‹[true/false]ã‚’è¨å®šã—ã¾ã?
200 * (åˆæœŸå€¤:USE_XSS_CHECK[={@og.value org.opengion.hayabusa.common.SystemData#USE_XSS_CHECK}])ã€?
201 *
202 * @og.tag
203 * クãƒã‚¹ã‚µã‚¤ãƒˆã‚¹ã‚¯ãƒªãƒ—ティング(XSS)対ç–ã?ä¸?’°ã¨ã—ã¦less/greater than signã«ã¤ã?¦ã®ãƒã‚§ãƒ?‚¯ã‚’行ã„ã¾ã™ã?
204 * (><) ãŒå«ã¾ã‚Œã¦ã?Ÿã‚¨ãƒ©ãƒ¼ã«ã™ã‚‹(true)?ã‹ãƒŽã?ãƒã‚§ãƒ?‚¯ã?false)を指定ã—ã¾ã™ã?
205 * (åˆæœŸå€¤:シスãƒ?ƒ 定数ã®USE_XSS_CHECK[={@og.value org.opengion.hayabusa.common.SystemData#USE_XSS_CHECK}])ã€?
206 *
207 * @og.rev 5.0.0.2 (2009/09/15) æ–°è¦è¿½åŠ?
208 *
209 * @param flag XSSãƒã‚§ãƒ?‚¯ [true:ã™ã‚‹/false:ã—ãªã„]
210 * @see org.opengion.hayabusa.common.SystemData#USE_XSS_CHECK
211 */
212 public void setXssCheck( final String flag ) {
213 xssCheck = nval( getRequestParameter( flag ),xssCheck );
214 }
215
216 /**
217 * ã“ã?オブジェクトã?æ–?—å?表ç¾ã‚’è¿”ã—ã¾ã™ã?
218 * 基本çš?«ãƒ?ƒãƒ?‚°ç›®çš?«ä½¿ç”¨ã—ã¾ã™ã?
219 *
220 * @return ã“ã?ã‚¯ãƒ©ã‚¹ã®æ–?—å?表ç¾
221 */
222 @Override
223 public String toString() {
224 return org.opengion.fukurou.util.ToString.title( this.getClass().getName() )
225 .println( "VERSION" ,VERSION )
226 .println( "startKey" ,startKey )
227 .println( "value" ,value )
228 .println( "defaultVal" ,defaultVal )
229 .println( "Other..." ,getAttributes().getAttribute() )
230 .fixForm().toString() ;
231 }
232 }