SuperX
/
kern
7
0
Fork 0
Code Issues 8 Pull Requests Projects Releases Wiki Activity
SuperX-Kernmodul
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
24 Commits
8 Branches
0 Tags
241 MiB
 
 
 
 
 
 
Tree: eec4642ee7
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'eec4642ee7'
${ noResults }
kern/src/de/superx/servlet/SuperXUpload.java

380 lines
13 KiB
Raw Blame History

package de.superx.servlet;
import java.io.File;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.SQLException;
import java.text.ParseException;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.parsers.FactoryConfigurationError;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
import org.apache.commons.fileupload.DiskFileUpload;
import org.apache.commons.fileupload.FileItem;
import org.apache.commons.fileupload.FileUpload;
import org.apache.commons.fileupload.FileUploadException;
import org.dom4j.DocumentException;
import org.xml.sax.SAXException;
import de.memtext.db.NichtAngemeldetException;
import de.memtext.tree.KeyParentEqualException;
import de.memtext.tree.NoMainEntryException;
import de.memtext.util.ServletHelper;
import de.memtext.util.StringUtils;
import de.superx.common.DBServletException;
import de.superx.common.InvalidDataTypeException;
import de.superx.common.InvalidKeyException;
import de.superx.common.SichtException;
import de.superx.common.SxUser;
import de.superx.common.UngueltigeEingabeException;
import de.superx.util.SqlStringUtils;
import freemarker.template.TemplateException;
public class SuperXUpload extends AbstractSuperXServlet {
private static final long serialVersionUID = 2L;
private static final String ADMIN_ONLY = de.superx.servlet.SuperXManager.htmlPageHead("Upload")+"<center><h3>Hier ist ein Login nur für Administratoren m&ouml;glich.</h3>(Cookies m&uuml;ssen aktiviert sein)"
+ "<FORM ACTION=\"SuperXUpload\" METHOD=\"post\"><p><p>Kennung: <br /><INPUT TYPE=\"Text\" NAME=\"kennung\" VALUE=\"superx\"></p><p><p>Passwort: <br /><INPUT TYPE=\"Password\" NAME=\"passwort\" value=\"\">"
+ "</p><p>MandantenID<br><input type=\"text\" name=\"MandantenID\" value=\"default\"></p><br><INPUT TYPE=\"Submit\" NAME=\"Abschicken\" VALUE=\"Anmelden\"></FORM></center></body></html>";
private static String pageBeginning = de.superx.servlet.SuperXManager.htmlPageHead("Upload")+"<center><h1>SuperX Upload</h1>";
private static String pageEnd = "</body></html>";
private static String pathstart = "";
private Map mandantenFilter = new HashMap();
private static String tempdir;
private class Uploader extends SuperXServletHelper {
private String subpath = "";
private StringBuffer result = new StringBuffer();
private Connection conn;
private PreparedStatement pst;
private List filterList = new LinkedList();
Uploader(HttpServletRequest request, HttpServletResponse response)
throws IOException {
super(request, response);
String filters = (String) mandantenFilter.get(getMandantenID());
if (filters != null) {
StringTokenizer st = new StringTokenizer(filters, ",");
while (st.hasMoreTokens()) {
String afilter = st.nextToken();
filterList.add(afilter);
}
}
result.append(pageBeginning);
try {
conn = SxPools.getConnection(getMandantenID());
String client_ip = "'" + request.getRemoteAddr() + "'";
String client_dns = "'" + request.getRemoteHost() + "'";
String now = "";
if (SxPools.get(getMandantenID()).getSqlDialect()
.equals("Postgres")) {
now = ", now()";
} else {
now = ", current";
}
pst = conn
.prepareStatement("insert into protokoll (proto_fkt_id, userinfo_id, "
+ "ip_adresse, client_name, zeitpunkt,kommentar) values ("
+ "?, ?,"
+ client_ip
+ ","
+ client_dns
+ now
+ ",?)");
} catch (Exception e) {
throw new IOException(e.getMessage());
}
}
protected void perform() throws SQLException, DBServletException,
TransformerException, KeyParentEqualException,
NichtAngemeldetException, IOException, ParseException,
ParserConfigurationException, FactoryConfigurationError,
SAXException, DocumentException, IllegalArgumentException,
SecurityException, InstantiationException,
IllegalAccessException, InvocationTargetException,
NoSuchMethodException, CloneNotSupportedException,
TemplateException, InvalidKeyException, SichtException,
IOException, ServletException, UngueltigeEingabeException,
NoMainEntryException, InvalidDataTypeException {
DiskFileUpload fu = new DiskFileUpload();
try {
List files = fu.parseRequest(request);
String mandantenID = getMandantenID();
subpath = File.separator
+ mandantenID + File.separator+ "custom";
Iterator iter = files.iterator();
while (iter.hasNext()) {
FileItem item = (FileItem) iter.next();
if (item.isFormField()) {
// if (item.getName().equals("pfad")) //NPE
// TODO including suppath version subpath =
// File.separator + item.getString();
} else {
if (item.getSize() == 0)
continue;
if (isFileAllowed(item.getName())) {
uploadFile(item);
} else {
log(item, new UngueltigeEingabeException(
"Hochladen von " + item.getName()
+ " nicht erlaubt!"));
}
}
}
} catch (FileUploadException e) {
result.append("<p><font color=\"red\"> Hochladen nicht erfolgreich: "
+ e + "</font></p>");
}
// nur für uneingeschraenkte Version link
// String defaultpath = subpath;
// if (subpath.startsWith("/") || subpath.startsWith("\\"))
// defaultpath = subpath.substring(1);
result.append("<p align=\"center\"><a href=\"../servlet/SuperXUpload"
// TODO nur bei Vollversion+"?pfad=" + defaultpath
+ "\">zur Upload-Seite</a></p>" + "</body> \n" + "</html>");
pst.close();
conn.close();
sendBackHtml(result.toString());
}
/**
*
* @param item
* @throws SQLException
* - wenn Protokollierung nicht geht
*/
private void uploadFile(FileItem item) throws SQLException {
File dir = new File(pathstart + subpath);
try {
if (!dir.exists())
throw new IOException("Zielverzeichnis " + dir
+ " existiert nicht");
File targetFile = new File(pathstart + subpath + File.separator
+ item.getName());
// System.out.println("target for upload:"+targetFile
// );
if (targetFile.exists())
targetFile.delete();
item.write(targetFile);
log(item, null);
} catch (Exception e) {
log(item, e);
}
}
private void log(FileItem item, Exception e) throws SQLException {
SxUser user = (SxUser) request.getSession().getAttribute("user");
pst.setInt(2, ((Integer) user.getId()).intValue());
String msg = "";
result.append("<p>");
String s = item.getName() + " nach superx" + subpath;
if (e == null) {
msg = "Hochladen von " + s + " erfolgreich";
result.append("<font color=\"darkgreen\">" + msg + "</font>");
pst.setInt(1, 11);
} else {
if (e instanceof UngueltigeEingabeException) {
msg = "Hochladen von " + s + " nicht erlaubt!";
result.append("<font color=\"red\">" + msg + "</font>");
pst.setInt(1, 12);
} else {
msg = "Hochladen von " + s + " nicht erfolgreich:" + e;
pst.setInt(1, 13);
result.append("<font color=\"red\">" + msg + "</font>");
}
}
pst.setString(3, msg);
pst.execute();
result.append("</p>");
}
private boolean isFileAllowed(String name) {
boolean result = false;
for (Iterator it = filterList.iterator(); it.hasNext();) {
String afilter = (String) it.next();
if (afilter.indexOf("*") == -1) {
if (name.equals(afilter))
result = true;
} else {
afilter = StringUtils.replace(afilter, ".", "\\.")
.toLowerCase();
afilter = StringUtils.replace(afilter, "*", ".*");
Pattern p = Pattern.compile(afilter);
Matcher m = p.matcher(name.toLowerCase());
if (m.matches())
result = true;
}
}
return result;
}
}
public void init(ServletConfig config) throws ServletException {
super.init(config);
pathstart = getServletConfig().getServletContext().getRealPath("/");
for (Enumeration en = config.getInitParameterNames(); en
.hasMoreElements();) {
String mandantenID = (String) en.nextElement();
String mandantenFilterString = config.getInitParameter(mandantenID);
mandantenFilter.put(mandantenID, mandantenFilterString);
// make sure custom dir exists
new File(pathstart + File.separator
+ mandantenID+"custom" ).mkdirs();
}
tempdir = System.getProperty("java.io.tmpdir");
if (!(tempdir.endsWith("/") || tempdir.endsWith("\\")))
tempdir = tempdir + System.getProperty("file.separator");
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
checkAnmeldungImRequest(request);
if (isAllowed(request, response)) {
if (FileUpload.isMultipartContent(request)) {
Uploader u = new Uploader(request, response);
u.run(true);
} else
sendFormPage(request, response);
}
}
/**
* Fileupload1.22 version boolean isMultipart =
* ServletFileUpload.isMultipartContent(request); if (isMultipart) { String
* subpath = ""; try { FileItemFactory factory = new DiskFileItemFactory();
* ServletFileUpload upload = new ServletFileUpload(factory); List items =
* upload.parseRequest(request); Iterator iter = items.iterator();
*
* while (iter.hasNext()) { FileItem item = (FileItem) iter.next(); if
* (item.isFormField()) { String name = item.getFieldName(); String value =
* item.getString(); subpath = File.separator + value;
*
* } else {
*
* File targetFile = new File(pathstart +subpath+ File.separator +
* item.getName()); if (targetFile.exists()) targetFile.delete();
* item.write(targetFile);
*/
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
AbstractSuperXServlet.setEncoding(request);
response.setContentType("text/html; charset="
+ SqlStringUtils.getEncoding());
if (isAllowed(request, response))
sendFormPage(request, response);
}
/**
* check if Servlet is allowed in genereal and current user is admin, send
* out info if not
*
* @param request
* @param response
* @return
* @throws IOException
*/
private boolean isAllowed(HttpServletRequest request,
HttpServletResponse response) throws IOException {
boolean result = true;
SxUser user = (SxUser) request.getSession().getAttribute("user");
if (user == null || !user.isAdmin()) {
result = false;
ServletUtils.sendBackHtml(response, ADMIN_ONLY);
} else {
String mandantenID = ServletUtils.getMandantenID(request);
if (mandantenID == null || mandantenFilter.get(mandantenID) == null) {
ServletUtils
.sendBackHtml(
response,
pageBeginning
+ "<h2><font color=\"red\"> Die Funktion ist f&uuml;r Ihre MandantenID: "
+ mandantenID
+ " nicht aktiviert.</font></h2></body></html>");
result = false;
}
}
return result;
}
private void sendFormPage(HttpServletRequest request,
HttpServletResponse response) throws IOException {
String pfad = ServletHelper.getParameter(request, "pfad");
String mandantenID = ServletUtils.getMandantenID(request);
if (pfad == null)
pfad = "";
// Vorbelegung von value ist aus Sicherheitsgründen nicht möglich
String t =
// "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org\">\n"
// +
pageBeginning
+ "<p align=\"center\"> <b>Ihre MandantenID:</b><font color=\"darkgreen\">"
+ mandantenID
+ "</font></p>"
+ "<p align=\"center\">Dateien werden auf dem Webserver gespielt ins Verzeichnis <b>superx/"+ mandantenID+"/custom/"
+ "</b><br>Zur Verlinkung von Grafiken kann z.B. ../"+ mandantenID+"/custom/"
+ mandantenID
+ "/logo.gif genutzt werden</p>"
+ "<p align=\"center\"><b>Erlaubte Dateien:</b><font color=\"darkgreen\"> "
+ mandantenFilter.get(mandantenID)
+ "</font><br><br> <b>Jeder Upload wird einschließlich Dateiname,Username,Zeitpunkt und IP-Nummer protokolliert!</b><br><br>Sie k&ouml;nnen ein bis vier Dateien gleichzeitig hochladen.<br>Ggfs. bereits vorhandene Dateien werden &uuml;berschrieben.</p>"
+ "<form action=\"../servlet/SuperXUpload\" enctype=\"multipart/form-data\" method=\"POST\"> \n"
+ "<p align=\"center\">"
// +
// "<p>Pfad unter webapps/superx/ <input type=\"text\" name=\"pfad\" value=\""
// +pfad+"\"> \n"
+ "<br><input type=\"file\" size=\"60\" name=\"datei1\" ><br>\n"
+ "<input type=\"file\" size=\"60\" name=\"datei2\" ><br>\n"
+ "<input type=\"file\" size=\"60\" name=\"datei3\" ><br>\n"
+ "<input type=\"file\" size=\"60\" name=\"datei4\" ><br><br>\n"
+ "<input type=\"submit\" value=\"Upload\"> \n</p>"
+ "</form> \n" + "</body> \n" + "</html>";
ServletUtils.sendBackHtml(response, t);
}
public String getServletInfo() {
return "SuperXUpload";
}
}