001    /*
002     * Copyright (c) 2009 The openGion Project.
003     *
004     * Licensed under the Apache License, Version 2.0 (the "License");
005     * you may not use this file except in compliance with the License.
006     * You may obtain a copy of the License at
007     *
008     *     http://www.apache.org/licenses/LICENSE-2.0
009     *
010     * Unless required by applicable law or agreed to in writing, software
011     * distributed under the License is distributed on an "AS IS" BASIS,
012     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
013     * either express or implied. See the License for the specific language
014     * governing permissions and limitations under the License.
015     */
016    package org.opengion.hayabusa.taglib;
017    
018    import org.opengion.hayabusa.common.HybsSystem;
019    
020    import static org.opengion.fukurou.util.StringUtil.nval ;
021    
022    /**
023     * æŒ?®šã•れ㟠value 値ã®{@XXXX} 変数ãŒè¨­å®šã•れãŸå ´åˆã?ã¿è¡¨ç¤ºã™ã‚‹ã‚¿ã‚°ã§ã™ã?
024     *
025     * value 値ã«ã€{@XXXX} 変数を使用ã—ã¦ã€ãƒªã‚¯ã‚¨ã‚¹ãƒˆå?ãŒè¨­å®šã•れãŸå ´åˆã?ã¿
026     * ãã?値を表示ã—ã¾ã™ã?ã“れã¯ã€{@XXXX} 変数ã¨å›ºå®šå?ã‚’çµ?¿åˆã‚ã›ãŸå ´åˆã§ã‚?
027     * åŒæ§˜ã«ã€å?ãŒè¨­å®šã•れã¦ã?ªã??åˆã?ã€ä½¿ç”¨ã•れã¾ã›ã‚“ã€?
028     * defaultVal ãŒè¨­å®šã•れã¦ãŠã‚Šã€ãƒªã‚¯ã‚¨ã‚¹ãƒˆå?ãŒè¨­å®šã•れã¦ã?ªã??åˆã?defaultVal 値ã?
029     * 使用ã•れã¾ã™ã?
030     * ã“ã?ã‚¿ã‚°ãŒä½¿ç”¨ã•れるケースã®ä»£è¡¨ã¯ã€SQLã§ã® order by å¥ã§ã™ã?ä¸?ˆ¬ã®ãƒªã‚¯ã‚¨ã‚¹ãƒˆæ™‚ã«ã¯ã€?
031     * order by å¥ã‚’リクエストã§è¨­å®šã—ã¦ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒæ¤œç´¢ã™ã‚‹æ™‚ã«ã€å?り替ãˆãŒã§ãるよã†ã«
032     * ã—ã¾ã™ã?別画é¢ã‹ã‚‰ã€ãƒªãƒ³ã‚¯ç­‰ã§ç”»é¢ã‚’呼ã³å‡ºã™å?åˆã?ã€??常 order by å¥ã®æ¡ä»¶ã¾ã§ã€?
033     * æŒ?®šã—ã¾ã›ã‚“。ãã®ã‚ˆã†ãªå ´åˆã«å‚™ãˆã¦ã€og:appear ã‚¿ã‚°ã§defaultVal 値を設定ã—ã¦ãŠãã€?
034     * 未æŒ?®šæ™‚ã®æ¤œç´¢é ?‚’äºˆã‚æŒ?®šã—ã¦ãŠãã¾ã™ã?
035     *
036     * @og.formSample
037     * â—å½¢å¼ï¼?lt;og:appear startKey="[order by|…]" value="…" defaultVal="[…]" />
038     * â—body?šãªã?
039     *
040     * â—Tag定義
041     *   <og:appear
042     *       startKey           ã€TAG】開始文字å?を設定ã—ã¾ã?åˆæœŸå€¤:"")
043     *       value            â—‹ã?TAG】å?ã‚’ã‚»ãƒ?ƒˆã—ã¾ã?æŒ?®šã•れãŸå€¤ã?設定ã•れã¦ã?‚‹å ´åˆã?ã¿ä½¿ç”¨ã•れã¾ã?(å¿??)
044     *       defaultVal         ã€TAG】å?期å?を設定ã—ã¾ã?value値ãŒNULLã®å ´åˆã«ã€ã“ã®åˆæœŸå€¤ãŒè¡¨ç¤º)
045     *       quotCheck          ã€TAG】リクエスト情報㮠クォーãƒ?‚£ã‚·ãƒ§ãƒ³(') 存在ãƒã‚§ãƒ?‚¯ã‚’実施ã™ã‚‹ã‹ã©ã?‹[true/false]を設定ã—ã¾ã?(åˆæœŸå€¤:USE_SQL_INJECTION_CHECK[=true])
046     *       xssCheck           ã€TAG】リクエスト情報㮠HTMLTagé–‹å§?終äº?–‡å­?><) 存在ãƒã‚§ãƒ?‚¯ã‚’実施ã™ã‚‹ã‹ã©ã?‹[true/false]を設定ã—ã¾ã?(åˆæœŸå€¤:USE_XSS_CHECK[=true])
047     *       debug              ã€TAG】デãƒãƒƒã‚°æƒ??ã‚’å?力ã™ã‚‹ã‹ã©ã?‹[true/false]を指定ã—ã¾ã?åˆæœŸå€¤:false)
048     *   />
049     *
050     * â—使用ä¾?
051     * <!-- DB検索 SQLæ–?¨˜è¿° debug="true" ã§SQLæ–?‚’確èªã§ãã¾ã™ã?-->
052     * <og:query command="{@command}" debug="{@debug}" maxRowCount="{@maxRowCount}">
053     *         select CLM,NAME_JA,LABEL_NAME,URL,KBSAKU,
054     *                 SYSTEM_ID,LANG,FGJ,(CASE WHEN URL IS NULL THEN 0 ELSE 1 END) AS ONMARK
055     *         from GF41
056     *     <!-- 検索æ¡ä»¶ã§WhereTagを使用ã™ã‚Œã°{@xxxx}ãŒNULLã®å ´åˆã?ãã?æ¡ä»¶ã¯ç„¡è¦–ã•れã¾ã™ã? -->
057     *     <og:where>
058     *         <og:and value = "FGJ        in  ('0','1')"      />
059     *         <og:and value = "SYSTEM_ID  =  '{@SYSTEM_ID}'"     />
060     *         <og:and value = "LANG       =  '{@LANG}'"          />
061     *         <og:and value = "CLM        like '{@CLM}%'"        />
062     *         <og:and value = "NAME_JA    like '{@NAME_JA}%'"    />
063     *         <og:and value = "LABEL_NAME like '{@LABEL_NAME}%'" />
064     *         <og:and value = "KBSAKU     =    '{@KBSAKU}'"      />
065     *     </og:where>
066     *     <!-- ORDER BYå¥ã§AppearTagを使用ã™ã‚Œã°{@ORDER_BY}ãŒNULLã®å ´åˆã?ORDER BYå¥ã¯ç„¡è¦–ã•れã¾ã™ã? -->
067     *     <!-- ã¾ãŸã?{@ORDER_BY}ãŒNULLã®å ´åˆã«ã€defaultVal属æ?を指定ã™ã‚Œã?ã€ãã®å€¤ã§ORDER BY表示ã•れã¾ã™ã? -->
068     *     <og:appear startKey = "order by" value = "{@ORDER_BY}"
069     *                 defaultVal = "SYSTEM_ID,CLM,LANG" />
070     * </og:query>
071     *
072     * @og.group ç”»é¢éƒ¨å“?
073     *
074     * @version  4.0
075     * @author      Kazuhiko Hasegawa
076     * @since    JDK5.0,
077     */
078    public class AppearTag extends CommonTagSupport {
079            //* ã“ã?プログラãƒ??VERSIONæ–?­—å?を設定ã—ã¾ã™ã?       {@value} */
080            private static final String VERSION = "5.7.8.1 (2014/07/18)" ;
081    
082            private static final long serialVersionUID = 578120140718L ;
083    
084            private String  startKey        = "";
085            private String  value           = null;
086            private String  defaultVal      = null;
087            private boolean quotCheck       = HybsSystem.sysBool( "USE_SQL_INJECTION_CHECK" );      // 5.7.8.1 (2014/07/18)
088            private boolean xssCheck        = HybsSystem.sysBool( "USE_XSS_CHECK" );                        // 5.7.8.1 (2014/07/18)
089    
090            /**
091             * Taglibã®çµ‚äº?‚¿ã‚°ãŒè¦‹ã¤ã‹ã£ãŸã¨ãã«å‡¦ç?™ã‚?doEndTag() ã‚?オーãƒã?ライドã—ã¾ã™ã?
092             *
093             * @og.rev 3.1.1.2 (2003/04/04) Tomcat4.1 対応ã?release2() ã‚?doEndTag()ã§å‘¼ã¶ã€?
094             * @og.rev 5.7.8.1 (2014/07/18) quotCheck,xssCheck 追�
095             *
096             * @return      後続å?ç??æŒ?¤º(EVAL_PAGE)
097             */
098            @Override
099            public int doEndTag() {
100                    debugPrint();           // 4.0.0 (2005/02/28)
101    
102                    // 5.7.8.1 (2014/07/18) quotCheck,xssCheck 追�
103                    useQuotCheck( quotCheck );
104                    useXssCheck( xssCheck );
105    
106                    String output = getRequestParameter( value );
107                    if( isNull() ) {
108                            output = defaultVal;
109                    }
110    
111                    if( output != null ) {
112                            jspPrint( startKey + " " + output );
113                    }
114    
115                    return EVAL_PAGE ;
116            }
117    
118            /**
119             * タグリブオブジェクトをリリースã—ã¾ã™ã?
120             *
121             * キャãƒ?‚·ãƒ¥ã•れã¦å†åˆ©ç”¨ã•れるã?ã§ã€ãƒ•ィールドã?åˆæœŸè¨­å®šã‚’行ã„ã¾ã™ã?
122             *
123             * @og.rev 2.0.0.4 (2002/09/27) カスタãƒ?‚¿ã‚°ã® release() メソãƒ?ƒ‰ã‚’ã?追åŠ?
124             * @og.rev 3.1.1.2 (2003/04/04) Tomcat4.1 対応ã?release2() ã‚?doEndTag()ã§å‘¼ã¶ã€?
125             * @og.rev 5.7.8.1 (2014/07/18) quotCheck , xssCheck 追�
126             *
127             */
128            @Override
129            protected void release2() {
130                    super.release2();
131                    startKey    = "";
132                    value       = null;
133                    defaultVal  = null;
134                    quotCheck       = HybsSystem.sysBool( "USE_SQL_INJECTION_CHECK" );      // 5.7.8.1 (2014/07/18)
135                    xssCheck        = HybsSystem.sysBool( "USE_XSS_CHECK" );                        // 5.7.8.1 (2014/07/18)
136            }
137    
138            /**
139             * ã€TAG】開始文字å?を設定ã—ã¾ã?åˆæœŸå€¤:"")ã€?
140             *
141             * @og.tag
142             * ã“ã?キーã¯ã€ãƒãƒªãƒ¥ãƒ¼ã¨æŽ¥ç¶šã•れる場åˆã«ç©ºç™½æ–?­—ã‚’ä¸?¤æŒ¿å…¥ã—ã¾ã™ã?
143             *
144             * @param       val 開始文字å?(例:startKey="order by")
145             */
146            public void setStartKey( final String val ) {
147                    startKey = nval( getRequestParameter( val ),startKey );
148            }
149    
150            /**
151             * ã€TAG】å?ã‚’ã‚»ãƒ?ƒˆã—ã¾ã?æŒ?®šã•れãŸå€¤ã?設定ã•れã¦ã?‚‹å ´åˆã?ã¿ä½¿ç”¨ã•れã¾ã?ã€?
152             *
153             * @og.tag
154             * æŒ?®šã•れãŸå€¤ã?設定ã•れã¦ã?‚‹å ´åˆã?ã¿ã€?–‹å§‹æ–‡å­—å?(startKey)ã¨çµ?¿åˆã‚ã›ã‚Œã¦ã€ä½¿ç”¨ã•れã¾ã™ã?
155             * ã“れã¯ã€ä¸?ˆ¬ã«value値ãŒå¤‰å‹•ã™ã‚‹å ´åˆã«ã€defaultVal ç­‰ã«é‡è¤?™ã‚‹å?ã‚?
156             * 設定ã—ãŸããªã??åˆã«ä½¿ç”¨ã—ã¾ã™ã?{@XXXX}æ–?­—ãŒä½¿ç”¨ã§ãã¾ã™ã?
157             *
158             * @param       val 値
159             */
160            public void setValue( final String val ) {
161                    value = val;
162            }
163    
164            /**
165             * ã€TAG】å?期å?を設定ã—ã¾ã?value値ãŒNULLã®å ´åˆã«ã€ã“ã®åˆæœŸå€¤ãŒè¡¨ç¤º)ã€?
166             *
167             * @og.tag
168             * value値ãŒNULL(æŒ?®šã•れãªã?ã®å ´åˆã«ã€ã“ã®åˆæœŸå€¤ãŒå?ã¨ã—ã¦ä½¿ç”¨ã•れã¾ã™ã?
169             *
170             * @param       val åˆæœŸå€¤
171             */
172            public void setDefaultVal( final String val ) {
173                    defaultVal = nval( getRequestParameter( val ),defaultVal );
174            }
175    
176            /**
177             * ã€TAG】リクエスト情報㮠クォーãƒ?‚£ã‚·ãƒ§ãƒ³(') 存在ãƒã‚§ãƒ?‚¯ã‚’実施ã™ã‚‹ã‹ã©ã?‹[true/false]を設定ã—ã¾ã?
178             *              (åˆæœŸå€¤:USE_SQL_INJECTION_CHECK[={@og.value org.opengion.hayabusa.common.SystemData#USE_SQL_INJECTION_CHECK}])ã€?
179             *
180             * @og.tag
181             * ?³?±?¬ã‚¤ãƒ³ã‚¸ã‚§ã‚¯ã‚·ãƒ§ãƒ³å¯¾ç­–ã?ä¸?¤ã¨ã—ã¦ã€æš«å®šçš„ã§ã¯ã‚りã¾ã™ãŒã€SQLã®ãƒ‘ラメータã«
182             * æ¸¡ã™æ–‡å­—å?ã«ã‚¯ã‚©ãƒ¼ãƒ?‚£ã‚·ãƒ§ãƒ³(') を許ã•ãªã?¨­å®šã«ã™ã‚Œã°ã€ã‚る程度ã¯é˜²æ­¢ã§ãã¾ã™ã?
183             * 数字タイプã?引数ã«ã¯ã€?or 5=5 ãªã©ã®ã‚¯ã‚©ãƒ¼ãƒ?‚£ã‚·ãƒ§ãƒ³ã‚’使用ã—ãªã?‚³ãƒ¼ãƒ‰ã‚’埋ã‚ã¦ã‚‚ã?
184             * æ•°å­—ãƒã‚§ãƒ?‚¯ã§æ¤œå?å¯èƒ½ã§ã™ã?æ–?­—タイプã?å ´åˆã?ã€å¿?š (')ã‚’ã?ãšã—ã¦ã€?
185             * ' or 'A' like 'A ã®ã‚ˆã†ãªå½¢å¼ã«ãªã‚‹ç‚ºã€?')ãƒã‚§ãƒ?‚¯ã?‘ã§ã‚‚有効ã§ã™ã?
186             * (') ãŒå«ã¾ã‚Œã¦ã?Ÿã‚¨ãƒ©ãƒ¼ã«ã™ã‚‹(true)?ã‹ãƒŽã?ãƒã‚§ãƒ?‚¯ã?false)を指定ã—ã¾ã™ã?
187             * (åˆæœŸå€¤:シスãƒ?ƒ å®šæ•°ã®USE_SQL_INJECTION_CHECK[={@og.value org.opengion.hayabusa.common.SystemData#USE_SQL_INJECTION_CHECK}])ã€?
188             *
189             * @og.rev 4.0.0.0 (2005/08/31) æ–°è¦è¿½åŠ?
190             *
191             * @param   flag クォーãƒ?‚£ã‚·ãƒ§ãƒ³ãƒã‚§ãƒ?‚¯ [true:ã™ã‚‹/ãれ以å¤?ã—ãªã„]
192             * @see         org.opengion.hayabusa.common.SystemData#USE_SQL_INJECTION_CHECK
193             */
194            public void setQuotCheck( final String flag ) {
195                    quotCheck = nval( getRequestParameter( flag ),quotCheck );
196            }
197    
198            /**
199             * ã€TAG】リクエスト情報㮠HTMLTagé–‹å§?終äº?–‡å­?><) 存在ãƒã‚§ãƒ?‚¯ã‚’実施ã™ã‚‹ã‹ã©ã?‹[true/false]を設定ã—ã¾ã?
200             *              (åˆæœŸå€¤:USE_XSS_CHECK[={@og.value org.opengion.hayabusa.common.SystemData#USE_XSS_CHECK}])ã€?
201             *
202             * @og.tag
203             * クロスサイトスクリプティング(XSS)対策ã?ä¸?’°ã¨ã—ã¦less/greater than signã«ã¤ã?¦ã®ãƒã‚§ãƒ?‚¯ã‚’行ã„ã¾ã™ã?
204             * (><) ãŒå«ã¾ã‚Œã¦ã?Ÿã‚¨ãƒ©ãƒ¼ã«ã™ã‚‹(true)?ã‹ãƒŽã?ãƒã‚§ãƒ?‚¯ã?false)を指定ã—ã¾ã™ã?
205             * (åˆæœŸå€¤:シスãƒ?ƒ å®šæ•°ã®USE_XSS_CHECK[={@og.value org.opengion.hayabusa.common.SystemData#USE_XSS_CHECK}])ã€?
206             *
207             * @og.rev 5.0.0.2 (2009/09/15) æ–°è¦è¿½åŠ?
208             *
209             * @param       flag    XSSãƒã‚§ãƒ?‚¯ [true:ã™ã‚‹/false:ã—ãªã„]
210             * @see         org.opengion.hayabusa.common.SystemData#USE_XSS_CHECK
211             */
212            public void setXssCheck( final String flag ) {
213                    xssCheck = nval( getRequestParameter( flag ),xssCheck );
214            }
215    
216            /**
217             * ã“ã?オブジェクトã?æ–?­—å?表ç¾ã‚’è¿”ã—ã¾ã™ã?
218             * 基本çš?«ãƒ?ƒãƒ?‚°ç›®çš?«ä½¿ç”¨ã—ã¾ã™ã?
219             *
220             * @return ã“ã?ã‚¯ãƒ©ã‚¹ã®æ–?­—å?表ç¾
221             */
222            @Override
223            public String toString() {
224                    return org.opengion.fukurou.util.ToString.title( this.getClass().getName() )
225                                    .println( "VERSION"             ,VERSION        )
226                                    .println( "startKey"    ,startKey       )
227                                    .println( "value"               ,value          )
228                                    .println( "defaultVal"  ,defaultVal     )
229                                    .println( "Other..."    ,getAttributes().getAttribute() )
230                                    .fixForm().toString() ;
231            }
232    }