<%@page contentType="text/html;charset=UTF-8"%> <%@page import="jcms.util.SafeUtil"%> <%@page import="jcms.extramodule.comment.VotingFun"%> <%@page import="jcms.blf.module.voting.Jcms_Voting_KindBLF" %> <%@page import="jcms.blf.module.voting.Jcms_Voting_AnswerBLF"%> <%@page import="java.io.File,java.util.*"%> <%@page import="jcms.sys.SysInfo"%> <%@page import="com.hanweb.common.util.Convert"%> <%@page import="jcms.entity.module.Jcms_Voting_KindEntity"%> <%@page import="com.hanweb.common.log.LogWriter"%> <%@page import="jcms.util.AccessUtil"%> <%@ include file="./config.jsp"%> <% if(!AccessUtil.checkAccess(request)){ //阻止跨站点请求伪造 out.print(Convert.getAlterScript("location.href='../../';")); return; } /* CSRF防御 */ String crumb = UUID.randomUUID().toString(); session.setAttribute("crumb", crumb); int tempWebId = Convert.getParameterInt(request,"webid",0); if(tempWebId > 0){ strWebID = ""+tempWebId; } //调用方式:是嵌入在单元中显示 yes;通过URL直接调用 no String strInlay = Convert.getParameter(request,"inlay","no",true,true); if(SafeUtil.isSqlAndXss(strInlay)) { out.println("参数包含非法字符,禁止访问"); return; } String strPath = VotingFun.getPath(application.getRealPath(""), strAppID,strWebID); int kindid = Convert.getParameterInt(request,"classid", 0); // 得到调查类别的ID String strQueIds = Convert.getParameter(request, "queid","",true,true); // 问题ID if(SafeUtil.isSqlAndXss(strQueIds)) { out.println("参数包含非法字符,禁止访问"); return; } // 是否带答案显示 1=显示;0=不显示 int isAnswer = Convert.getParameterInt(request, "answer", 0); //调查类型 strScope=0 为当前调查 strScope = 1 为往期调查 int iScope = Convert.getParameterInt(request,"scope",-1); String strM = Convert.getParameter(request,"m","",true,true); // 网上调查显示时是否需要模板 if(SafeUtil.isSqlAndXss(strM)) { out.println("参数包含非法字符,禁止访问"); return; } boolean blModal = true; if(strM.length() > 0){ blModal = strM.trim().equalsIgnoreCase("no")?false:true; } String strUnitPath = ""; if(kindid > 0){ strUnitPath = strPath + "config" + File.separator + "init"+kindid+".xml"; }else{ strUnitPath = strPath + "config" + File.separator + "init.xml"; } String strConfigPath = strPath + "config" + File.separator + "config.xml"; String strqyHeight = xmlFile.getContent("qyheight", strUnitPath); String strqyWidth = xmlFile.getContent("qywidth", strUnitPath); String strwebtype = xmlFile.getContent("webtype", strConfigPath); strwebtype = Convert.getValue(strwebtype); String strWebServerName = xmlFile.getContent("web_in_servername", strConfigPath); strWebServerName = Convert.getValue(strWebServerName); String[][] strData = null; Jcms_Voting_KindBLF vBLF = new Jcms_Voting_KindBLF(strAppID, strWebID); Jcms_Voting_KindEntity vkEn = vBLF.getEntity(kindid); if(vkEn == null) return; int b_showresult = vkEn.getB_showresult(); if(isAnswer == 1){ strData = vBLF.getUnitEntity(kindid, strQueIds, iScope, strAppID); }else{ strData = vBLF.getUnitEntity(kindid,Convert.getStringValueInt(strQueIds),iScope); } if(strData == null || strData.length == 0){ SysInfo sys = new SysInfo(); out.println(sys.getAlert(request,"数据库中没有该调查或参数有误!")); return; } String queName = ""; int iType = -1; String vcName = ""; int iQueid = -0; int bFeedback = -1; String strDescribe = ""; int iSparefield1 = -1; String endTime = ""; int b_empty = 0; //系统路径 String strSysPath = "/"; if(strwebtype.equals("1")){ strSysPath = request.getContextPath() + "/jcms_files/jcms"+strAppID+"/web"+strWebID+"/site/"; } if(strwebtype.equals("2")){ strSysPath = "/"; } int nScope = 0; String strForTr = ""; String strHead = ""; String strEnd = ""; String strContent = ""; String strAnswer = ""; String strHidden = ""; String strTextHight = ""; String strTextWidth = ""; String strScript = ""; String funScript = ""; String strRandomCode = ""; int nCols = 1; StringBuffer str = new StringBuffer(); StringBuffer sbContent = new StringBuffer(); Vector v_label = new Vector(6); v_label.add(""); v_label.add(""); v_label.add(""); v_label.add(""); v_label.add(""); v_label.add(""); /*添加随机验证码*/ Random random = new Random(); strRandomCode = " " + ""+ ""; String strIncludeJs = " "; String strJSCode = xmlFile.getContent("scriptcode", strUnitPath); strTextHight = xmlFile.getContent("texthight", strUnitPath); strTextWidth = xmlFile.getContent("textwidth", strUnitPath); int nStart = strJSCode.indexOf(""); int nEnd = strJSCode.indexOf(""); if(nStart!=-1 && nEnd!=-1 && nStart 0){ sbContent.delete(0, sbContent.length()); } queName = Convert.getValue(strData[n][0]); iType = Convert.getStringValueInt(strData[n][1]); vcName = Convert.getValue(strData[n][2]); iQueid = Convert.getStringValueInt(strData[n][3]); bFeedback = Convert.getStringValueInt(strData[n][4]); strDescribe = Convert.getValue(strData[n][5]); iSparefield1 = Convert.getStringValueInt(strData[n][6]); endTime = Convert.getValue(strData[n][7]); b_empty = Convert.getStringValueInt(strData[n][8]); // 问题是否为必填 strHidden = ""; strHidden += ""; //判断当前还是往期 if(endTime.length()==0){ nScope = 0; }else{ nScope = VotingFun.getScope(endTime); } String strDisplay = nScope==1?"none":""; String strDisplayView = b_showresult==1?"":"none"; Vector v_label_value = new Vector(6); strScript = strJSCode; int nRadom = (int)Math.ceil(Math.random()*100); if(nStart != -1 && nEnd != -1 && nEnd > nStart){ strContent = strForTr; nCols = iSparefield1; nCols = (nCols==0)?1:nCols; strAnswer = blf.getAnswer(iQueid, queName, iType, bFeedback, nCols, strTextHight, strTextWidth, strAppID, b_empty, nRadom); // 取得问题的答案 funScript = blf.getStrScript(); // 必填项的js代码 v_label_value.add(vcName); v_label_value.add(strDescribe); if(b_empty == 1){ queName = queName + "  *(必填)"; } v_label_value.add(queName); v_label_value.add(strAnswer); v_label_value.add(""); v_label_value.add(strRandomCode); String temp=""; if(Convert.getStringValueInt(strqyHeight)>0){ temp = "height='"+strqyHeight+"'"; } if(Convert.getStringValueInt(strqyWidth)>0){ temp += " width='"+strqyWidth+"'"; } for(int j=0;j",""); sbContent.append(strContent); v_label_value.clear(); strScript = strHead + sbContent.toString() + strEnd; if((isAnswer == 1 && n == 0) || isAnswer == 0){ // 显示多个问题时,类别名称只需要显示一次即可 v_label_value.add(vcName); }else{ v_label_value.add(""); } v_label_value.add(strDescribe); v_label_value.add(""); v_label_value.add(""); v_label_value.add(""); v_label_value.add(strRandomCode); }else{ if((isAnswer == 1 && n == 0) || isAnswer == 0){ // 显示多个问题时,类别名称只需要显示一次即可 v_label_value.add(vcName); }else{ v_label_value.add(""); } v_label_value.add(strDescribe); v_label_value.add(queName); v_label_value.add("answer"); v_label_value.add(""); v_label_value.add(strRandomCode); } for(int j=0;j",strDisplay); strScript = Convert.replaceString(strScript,"",strDisplayView); strScript = strScript.replaceAll("", ""+kindid); strScript = strScript.replaceAll("", ""+iQueid); strScript = strScript.replaceAll("\r\n",""); funScript = " "; str.append(funScript+"
"+strScript+strHidden.trim()+"
"); if(sbContent.length() > 0) sbContent.delete(0, sbContent.length()); if(v_label_value != null && v_label_value.size() > 0){ v_label_value.clear(); v_label_value = null; } }// End for String strModal = ""; String strShow = ""; if(blModal){ // 带模板显示 strModal = VotingFun.getModal(strWebID, strAppID, application.getRealPath(""), strwebtype,strWebServerName); strModal = Convert.getValue(strModal); if(strModal.length() > 0){ String strFrom1 = ""; int nPos1 = strModal.indexOf(strFrom1); int nPos2 = strModal.indexOf(strFrom2, nPos1); if(nPos1!=-1 && nPos2!=-1 && nPos2>nPos1) { try { strShow = strModal.substring(0,nPos1) + strIncludeJs +str.toString() + strModal.substring(nPos2+strFrom2.length()); } catch (Exception e) { LogWriter.error("que_commondetail.jsp strShow Exception:"+e.getMessage()); e.printStackTrace(); } } out.println(strShow); out.println(""); }else{ out.println("模板未设置!"); } } else { // 问题直接嵌入到单元中 strShow = Convert.replaceString(str.toString(),"\"","\\\\\""); if(strInlay.equals("yes")){ // 嵌入到单元 out.println("document.write(\""+ strIncludeJs+strShow+"\");"); out.println("document.write(\"\");"); }else{ // 未设置模板,也未嵌入到单元 out.println(""); out.println(strIncludeJs+strShow); out.println(""); } } if(str != null && str.length() > 0){ str.delete(0, str.length()); } %>