public String getValue(String fieldName) { if (fieldName.equals("alertmessages")) { if (m_appMsg != null && m_appMsg.getMsg() != null) { return m_appMsg.getMsg().replace('\"', '\''); } else { return BLANK; } } else if (fieldName.equals("userid")) { return m_securityUser.m_userId; } return super.getValue(fieldName); }
private Vector<AppMsg> getAllAlertMessages(Connection hrfeConn) { try { StringBuffer sql = new StringBuffer(); sql.append("SELECT * FROM " + AppMsg.TABLENAME); sql.append(" WHERE ") .append(AppMsg.SYSTEM_NAME) .append("='") .append(m_systemName) .append("'"); sql.append(" ORDER BY ") .append(AppMsg.EFF_DT) .append(" DESC, ") .append(AppMsg.EXP_DT) .append(" DESC "); return AppMsg.select(hrfeConn, sql.toString()); } catch (Exception exp) { exp.printStackTrace(); logError("Exception: " + exp); return new Vector(); } }
public ActionRouter perform( HttpServlet servlet, HttpServletRequest request, HttpServletResponse response) throws java.io.IOException, javax.servlet.ServletException { // CSRF refer checking to address AppScan issue. if (CHECK_FOR_VULNERABILITIES) { if (hasInvalidReferer(request)) { // Return 403 Forbidden response.sendError(403, "Invalid program state."); return new ActionRouter(); } } if (!validateLoginAndPermissions(request, response)) { return new ActionRouter(); } else if (!hasPermission()) { response.getWriter().print("You do not have permission to this page."); return new ActionRouter(); } // validate request ticket if (!validateTicket(request)) { try { Translator_ErrorHandler errorHandler = Translator_ErrorHandler.getInstance(request); errorHandler.logError(INVALID_TICKET); } catch (EnterpriseConfigurationObjectException e) { e.printStackTrace(); } catch (InstantiationException e) { e.printStackTrace(); } return newActionRouter(request, "errorPage", null); } logger.debug("[" + APP_NAME + "] " + " ===== Translator_AlertMessages:perform - entering"); dumpRequest(request); saveState(request); Connection conn = null; try { if (parseString(request, "Edit").length() > 0) { m_appMsg = new AppMsg(); m_appMsg.setMsg(getState(MSG)); m_appMsg.setEffDt(m_formatter.parse(getState(EFF_DT))); m_appMsg.setExpDt(m_formatter.parse(getState(EXP_DT))); m_appMsg.setCreateDt(m_formatter.parse(getState(CREATE_DT))); m_appMsg.setCreateId(getState(CREATE_ID)); m_appMsg.setSystemName(m_systemName); } else if (parseString(request, "Cancel").length() > 0) { m_appMsg = new AppMsg(); m_appMsg.setSystemName(m_systemName); clearInputFields(); } else if (parseString(request, "View").length() > 0) { m_appMsg = new AppMsg(); m_appMsg.setMsg(getState(MSG)); m_appMsg.setSystemName(m_systemName); clearInputFields(); } else if (validateState()) { conn = getDatabaseConnection(); if (parseString(request, "Delete").length() > 0) { if (!getState("CREATE_ID").equals(m_securityUser.m_userId)) { logError("Selected alert message cannot deleted, as it was created by other user"); } else { StringBuffer sql = new StringBuffer(); sql.append("DELETE FROM ").append(AppMsg.TABLENAME).append(" WHERE "); sql.append(AppMsg.MSG).append("=? AND "); sql.append("TO_CHAR(" + AppMsg.EFF_DT + ", 'mm/dd/yyyy')") .append("='") .append(getState(EFF_DT)) .append("' AND "); sql.append("TO_CHAR(" + AppMsg.EXP_DT + ", 'mm/dd/yyyy')") .append("='") .append(getState(EXP_DT)) .append("' AND "); sql.append("TO_CHAR(" + AppMsg.CREATE_DT + ", 'mm/dd/yyyy')") .append("='") .append(getState(CREATE_DT)) .append("' AND "); sql.append(AppMsg.CREATE_ID).append("=? AND "); sql.append(AppMsg.SYSTEM_NAME).append("=? "); PreparedStatement pstmt = conn.prepareStatement(sql.toString()); int ind = 1; pstmt.setString(ind++, getState("MSG")); pstmt.setString(ind++, getState("CREATE_ID")); pstmt.setString(ind++, m_systemName); pstmt.executeUpdate(); } m_appMsg = new AppMsg(); m_appMsg.setSystemName(m_systemName); AlertMessages.getAlertMessages(conn, 0); clearInputFields(); } else if (parseString(request, "Save").length() > 0) { m_appMsg = new AppMsg(); m_appMsg.setSystemName(m_systemName); AppMsg appMsgNew = new AppMsg(); Day effDtDay = new Day(m_formatter.parse(getState(EFF_DT))); Day expDtDay = new Day(m_formatter.parse(getState(EXP_DT))); if (effDtDay.isAfter(expDtDay)) { logError("EXPIRY DATE should be greater than EFFECTIVE DATE"); } else if (getState(MSG).trim().equals(BLANK)) { logError("MESSAGE cannot be empty"); } else if (getState(MSG).trim().indexOf("'") != -1 || getState(MSG).trim().indexOf("â") != -1 || getState(MSG).trim().indexOf("€") != -1 || getState(MSG).trim().indexOf("™") != -1) { logError("MESSAGE has invalid character"); } else if (AppMsg.doesExist( conn, getState(MSG), m_formatter.parse(getState(EFF_DT)), m_formatter.parse(getState(EXP_DT)), new Date(), m_securityUser.m_userId, m_systemName)) { logError("The given data already exists in database."); } else { appMsgNew.setMsg(getState(MSG)); appMsgNew.setEffDt(m_formatter.parse(getState(EFF_DT))); appMsgNew.setExpDt(m_formatter.parse(getState(EXP_DT))); appMsgNew.setCreateDt(new Date()); appMsgNew.setCreateId(m_securityUser.m_userId); appMsgNew.setSystemName(m_systemName); handleDBWrapperError(appMsgNew, appMsgNew.create(conn)); if (getErrors().size() == 0) { AlertMessages.getAlertMessages(conn, 0); clearInputFields(); } } } else if (parseString(request, "Update").length() > 0) { Day effDtDay = new Day(m_formatter.parse(getState(EFF_DT))); Day expDtDay = new Day(m_formatter.parse(getState(EXP_DT))); if (effDtDay.isAfter(expDtDay)) { logError("EXPIRY DATE should be greater than EFFECTIVE DATE"); } else if (m_appMsg.getMsg() != null && m_appMsg.getEffDt() != null && m_appMsg.getExpDt() != null && m_appMsg.getCreateDt() != null && m_appMsg.getCreateId() != null) { if (getState(MSG).trim().equals(BLANK)) { logError("MESSAGE cannot be empty"); } else if (getState(MSG).trim().indexOf("'") != -1 || getState(MSG).trim().indexOf("â") != -1 || getState(MSG).trim().indexOf("€") != -1 || getState(MSG).trim().indexOf("™") != -1) { logError("MESSAGE has invalid character"); } else if (getState(MSG).equals(m_appMsg.getMsg()) && m_formatter.parse(getState(EFF_DT)).equals(m_appMsg.getEffDt()) && m_formatter.parse(getState(EXP_DT)).equals(m_appMsg.getExpDt()) && m_formatter.parse(getState(CREATE_DT)).equals(m_appMsg.getCreateDt()) && m_securityUser.m_userId.equals(m_appMsg.getCreateId())) { m_appMsg = new AppMsg(); clearInputFields(); } else if (AppMsg.doesExist( conn, getState(MSG), m_formatter.parse(getState(EFF_DT)), m_formatter.parse(getState(EXP_DT)), new Date(), m_securityUser.m_userId, m_systemName)) { logError("The given data already exists in database."); } else { StringBuffer sql = new StringBuffer(); sql.append("UPDATE ").append(AppMsg.TABLENAME); sql.append(" SET ").append(AppMsg.MSG).append("=?, "); sql.append(AppMsg.EFF_DT).append("=?, "); sql.append(AppMsg.EXP_DT).append("=?, "); sql.append(AppMsg.CREATE_DT).append("=?, "); sql.append(AppMsg.CREATE_ID).append("=? "); sql.append(" WHERE "); sql.append(AppMsg.MSG).append("=? AND "); sql.append("TO_CHAR(" + AppMsg.EFF_DT + ", 'mm/dd/yyyy')") .append("='") .append(m_formatter.format(m_appMsg.getEffDt())) .append("' AND "); sql.append("TO_CHAR(" + AppMsg.EXP_DT + ", 'mm/dd/yyyy')") .append("='") .append(m_formatter.format(m_appMsg.getExpDt())) .append("' AND "); sql.append("TO_CHAR(" + AppMsg.CREATE_DT + ", 'mm/dd/yyyy')") .append("='") .append(m_formatter.format(m_appMsg.getCreateDt())) .append("' AND "); sql.append(AppMsg.CREATE_ID).append("=? AND "); sql.append(AppMsg.SYSTEM_NAME).append("=? "); PreparedStatement pstmt = conn.prepareStatement(sql.toString()); int ind = 1; pstmt.setString(ind++, getState(MSG)); pstmt.setDate( ind++, new java.sql.Date(m_formatter.parse(getState(EFF_DT)).getTime())); pstmt.setDate( ind++, new java.sql.Date(m_formatter.parse(getState(EXP_DT)).getTime())); pstmt.setDate(ind++, new java.sql.Date(new Date().getTime())); pstmt.setString(ind++, m_securityUser.m_userId); pstmt.setString(ind++, m_appMsg.getMsg()); pstmt.setString(ind++, m_appMsg.getCreateId()); pstmt.setString(ind++, m_systemName); pstmt.executeUpdate(); if (getErrors().size() == 0) { m_appMsg = new AppMsg(); m_appMsg.setSystemName(m_systemName); AlertMessages.getAlertMessages(conn, 0); clearInputFields(); } } } } } } catch (RuntimeException exp) { exp.printStackTrace(); logError("Exception: " + exp); } catch (SQLException exp) { exp.printStackTrace(); logger.warn("The database operation was not successful."); logError("Exception: " + exp); } catch (Exception exp) { exp.printStackTrace(); logError("Exception: " + exp); } finally { releaseDatabaseConnection(conn); } return new ActionRouter(ALERTS_PAGE); }