public void ConvertImageTagData(ref string ReturnValue, bool isThumb = true)
{
string Contents = this._contents;
string SearchString = new GW.Approval.Web.Class.RegularText(Contents, GW.Approval.Web.Class.RegularType.TagExcept).ToString();
string AttachFileUploadPath = System.Web.HttpContext.Current.Server.MapPath(ConfigurationManager.AppSettings["UploadData"] + "Approval/");
DateTime today = DateTime.Now;
string year = today.Year.ToString();
string month = (today.Month < 10) ? "0" + today.Month.ToString() : today.Month.ToString();
string day = (today.Day < 10) ? "0" + today.Day.ToString() : today.Day.ToString();
string second = (today.Second < 10) ? "0" + today.Second.ToString() : today.Second.ToString();
string dateSeq = year + month + day + second + today.Millisecond.ToString();
string DatePhysicalPath = year + "\\" + month + "\\" + day;
string DateURLPath = year + "/" + month + "/" + day;
string fileName = _userCode + "_" + dateSeq;
//만약에 이미지 데이터를 넣을 경우 이미지 파일로 변환한다. -> xss 공격 코드로 인해서 이미지 깨지는 현상 방지
if (System.Text.RegularExpressions.Regex.IsMatch(Contents, "<img [^<>]*>"))
{
System.Text.RegularExpressions.MatchCollection ImgMatch = System.Text.RegularExpressions.Regex.Matches(Contents, "<img [^<>]*>", System.Text.RegularExpressions.RegexOptions.Multiline);
string ImgData = string.Empty;
try
{
for (int i = 0; i < ImgMatch.Count; i++)
{
ImgData = ImgMatch[i].Value;
var base64Data = System.Text.RegularExpressions.Regex.Match(ImgData, @"data:image/(?<type>.+?),(?<data>.+)").Groups["data"].Value.Replace(">", "").Replace("<", "");
if (base64Data == null || base64Data == string.Empty)
{
continue;
}
var widthData = System.Text.RegularExpressions.Regex.Match(base64Data, "width=\"([0-9]{1,4})\"").Value;
var heightData = System.Text.RegularExpressions.Regex.Match(base64Data, "height=\"([0-9]{1,4})\"").Value;
var altData = System.Text.RegularExpressions.Regex.Match(base64Data, "alt=\"([0-9]{1,4})\"").Value;
if (string.IsNullOrEmpty(widthData) == false)
{
base64Data = base64Data.Replace(widthData, "");
}
else
{
base64Data = base64Data.Replace("width=\"\"", "");
}
if (string.IsNullOrEmpty(heightData) == false)
{
base64Data = base64Data.Replace(heightData, "");
}
else
{
base64Data = base64Data.Replace("height=\"\"", "");
}
if (string.IsNullOrEmpty(altData) == false)
{
base64Data = base64Data.Replace(altData, "");
}
else
{
base64Data = base64Data.Replace("alt=\"\"", "");
}
base64Data = base64Data.Replace("\"", "");
var binData = Convert.FromBase64String(base64Data);
using (var stream = new System.IO.MemoryStream(binData))
{
//실제 파일로 쓴다. --> 썸네일 형식.
System.Drawing.Image OrgImage = System.Drawing.Image.FromStream(stream, false, false);
string AttachFilePath = AttachFileUploadPath + "\\" + this._formType + "\\" + DatePhysicalPath;
if (System.IO.Directory.Exists(string.Format("{0}\\thumb\\", AttachFilePath)) == false)
{
//디렉토리가 없으면 생성
System.IO.Directory.CreateDirectory(string.Format("{0}\\thumb\\", AttachFilePath));
}
//향상된 이미지의 썸네일 생성
GW.Approval.Web.Class.File AttachFile = new GW.Approval.Web.Class.File();
AttachFile.SetThumbnailImage(OrgImage, 920, string.Format("{0}\\thumb\\{1}.{2}", AttachFilePath, fileName + "_" + i.ToString(), "jpg"));
OrgImage.Save(string.Format("{0}\\{1}.{2}", AttachFilePath, fileName + "_" + i.ToString(), "jpg"), System.Drawing.Imaging.ImageFormat.Jpeg);
OrgImage.Dispose();
//해당 부분에 BLOB을 URL로 변경한다.
if (isThumb)
{
Contents = Contents.Replace(ImgMatch[i].Value, "<a href=\"/Data/Approval/" + this._formType + "/" + DateURLPath + "/" + fileName + "_" + i.ToString() + ".jpg\" target=\"_blank\"><img src=\"/data/Approval/" + this._formType + "/" + DateURLPath + "/thumb/" + fileName + "_" + i.ToString() + ".jpg\" alt=\"editorimage\" " + widthData + " " + heightData + " /></a>");
}
else
{
Contents = Contents.Replace(ImgMatch[i].Value, "<img src=\"/data/Approval/" + this._formType + "/" + DateURLPath + "/" + fileName + "_" + i.ToString() + ".jpg\"/></a>");
}
}
}
ReturnValue = Contents;
}
catch
{
throw;
}
}
else
{
ReturnValue = Contents;
}
}
/// <summary>
/// XSS 공격 우회코드 추가
/// </summary>
/// <param name="Value"></param>
/// <returns></returns>
private string GetExceptXss(string Value)
{
GW.Approval.Web.Class.RegularText Reqular = new GW.Approval.Web.Class.RegularText(Value, GW.Approval.Web.Class.RegularType.Xss);
return(Reqular.ToString());
}
