public void ConvertImageTagData(ref string ReturnValue, bool isThumb = true) { string Contents = this._contents; string SearchString = new GW.Approval.Web.Class.RegularText(Contents, GW.Approval.Web.Class.RegularType.TagExcept).ToString(); string AttachFileUploadPath = System.Web.HttpContext.Current.Server.MapPath(ConfigurationManager.AppSettings["UploadData"] + "Approval/"); DateTime today = DateTime.Now; string year = today.Year.ToString(); string month = (today.Month < 10) ? "0" + today.Month.ToString() : today.Month.ToString(); string day = (today.Day < 10) ? "0" + today.Day.ToString() : today.Day.ToString(); string second = (today.Second < 10) ? "0" + today.Second.ToString() : today.Second.ToString(); string dateSeq = year + month + day + second + today.Millisecond.ToString(); string DatePhysicalPath = year + "\\" + month + "\\" + day; string DateURLPath = year + "/" + month + "/" + day; string fileName = _userCode + "_" + dateSeq; //만약에 이미지 데이터를 넣을 경우 이미지 파일로 변환한다. -> xss 공격 코드로 인해서 이미지 깨지는 현상 방지 if (System.Text.RegularExpressions.Regex.IsMatch(Contents, "<img [^<>]*>")) { System.Text.RegularExpressions.MatchCollection ImgMatch = System.Text.RegularExpressions.Regex.Matches(Contents, "<img [^<>]*>", System.Text.RegularExpressions.RegexOptions.Multiline); string ImgData = string.Empty; try { for (int i = 0; i < ImgMatch.Count; i++) { ImgData = ImgMatch[i].Value; var base64Data = System.Text.RegularExpressions.Regex.Match(ImgData, @"data:image/(?<type>.+?),(?<data>.+)").Groups["data"].Value.Replace(">", "").Replace("<", ""); if (base64Data == null || base64Data == string.Empty) { continue; } var widthData = System.Text.RegularExpressions.Regex.Match(base64Data, "width=\"([0-9]{1,4})\"").Value; var heightData = System.Text.RegularExpressions.Regex.Match(base64Data, "height=\"([0-9]{1,4})\"").Value; var altData = System.Text.RegularExpressions.Regex.Match(base64Data, "alt=\"([0-9]{1,4})\"").Value; if (string.IsNullOrEmpty(widthData) == false) { base64Data = base64Data.Replace(widthData, ""); } else { base64Data = base64Data.Replace("width=\"\"", ""); } if (string.IsNullOrEmpty(heightData) == false) { base64Data = base64Data.Replace(heightData, ""); } else { base64Data = base64Data.Replace("height=\"\"", ""); } if (string.IsNullOrEmpty(altData) == false) { base64Data = base64Data.Replace(altData, ""); } else { base64Data = base64Data.Replace("alt=\"\"", ""); } base64Data = base64Data.Replace("\"", ""); var binData = Convert.FromBase64String(base64Data); using (var stream = new System.IO.MemoryStream(binData)) { //실제 파일로 쓴다. --> 썸네일 형식. System.Drawing.Image OrgImage = System.Drawing.Image.FromStream(stream, false, false); string AttachFilePath = AttachFileUploadPath + "\\" + this._formType + "\\" + DatePhysicalPath; if (System.IO.Directory.Exists(string.Format("{0}\\thumb\\", AttachFilePath)) == false) { //디렉토리가 없으면 생성 System.IO.Directory.CreateDirectory(string.Format("{0}\\thumb\\", AttachFilePath)); } //향상된 이미지의 썸네일 생성 GW.Approval.Web.Class.File AttachFile = new GW.Approval.Web.Class.File(); AttachFile.SetThumbnailImage(OrgImage, 920, string.Format("{0}\\thumb\\{1}.{2}", AttachFilePath, fileName + "_" + i.ToString(), "jpg")); OrgImage.Save(string.Format("{0}\\{1}.{2}", AttachFilePath, fileName + "_" + i.ToString(), "jpg"), System.Drawing.Imaging.ImageFormat.Jpeg); OrgImage.Dispose(); //해당 부분에 BLOB을 URL로 변경한다. if (isThumb) { Contents = Contents.Replace(ImgMatch[i].Value, "<a href=\"/Data/Approval/" + this._formType + "/" + DateURLPath + "/" + fileName + "_" + i.ToString() + ".jpg\" target=\"_blank\"><img src=\"/data/Approval/" + this._formType + "/" + DateURLPath + "/thumb/" + fileName + "_" + i.ToString() + ".jpg\" alt=\"editorimage\" " + widthData + " " + heightData + " /></a>"); } else { Contents = Contents.Replace(ImgMatch[i].Value, "<img src=\"/data/Approval/" + this._formType + "/" + DateURLPath + "/" + fileName + "_" + i.ToString() + ".jpg\"/></a>"); } } } ReturnValue = Contents; } catch { throw; } } else { ReturnValue = Contents; } }
/// <summary> /// XSS 공격 우회코드 추가 /// </summary> /// <param name="Value"></param> /// <returns></returns> private string GetExceptXss(string Value) { GW.Approval.Web.Class.RegularText Reqular = new GW.Approval.Web.Class.RegularText(Value, GW.Approval.Web.Class.RegularType.Xss); return(Reqular.ToString()); }