휴대폰인증시 ci, di 값 xss 필터 제외처리

src/main/java/itn/com/cmm/interceptor/InterceptorHandler.java

@@ -50,6 +50,9 @@ public class InterceptorHandler extends HandlerInterceptorAdapter{
 				&& !name.toLowerCase().contains("info3list")
 				&& !name.toLowerCase().contains("info4list")
 				&& !name.toLowerCase().contains("nttcn")
+				&& !name.toLowerCase().contains("ci")
+				&& !name.toLowerCase().contains("certdi")
+				&& !name.toLowerCase().contains("di")				
 			) {	
 				//파라미터 중에 URL 주소를 넘겨주는 부분이 있어서 해당 부분에것 select~, update~, delete~ 로 시작하는 주소경로가 있어서 제외처리를 하였음
 				String[] values = request.getParameterValues(name);

src/main/java/itn/let/mjo/pay/service/impl/RefundServiceImpl.java

@@ -18,6 +18,8 @@ import itn.let.mjo.msgdata.service.impl.MjonMsgDataDAO;
 import itn.let.mjo.pay.service.MjonPayVO;
 import itn.let.mjo.pay.service.RefundService;
 import itn.let.mjo.pay.service.RefundVO;
+import itn.let.sym.grd.service.MberGrdService;
+import itn.let.sym.grd.service.MberGrdVO;
 import itn.let.uss.umt.service.MberManageVO;
 import itn.let.utl.sim.service.EgovFileScrty;
 
@@ -44,6 +46,9 @@ public class RefundServiceImpl extends EgovAbstractServiceImpl implements Refund
 	@Resource(name="mjonPayDAO")
 	private MjonPayDAO mjonPayDAO;
 	
+	@Resource(name = "mberGrdService")
+	MberGrdService mberGrdService;	
+	
 	@Override
 	public List<RefundVO> selectRefundList(RefundVO refundVO) throws Exception {
 		return refundDAO.selectRefundList(refundVO);
@@ -176,6 +181,20 @@ public class RefundServiceImpl extends EgovAbstractServiceImpl implements Refund
 		else
 			msg = "결제취소요청이 취소처리 되었습니다";
 		
+		try {
+			// 등급제 Start
+	   		// 회원별 등급 적용
+			MberGrdVO mberGrdVO = new MberGrdVO();
+			mberGrdVO.setMberId(refundVO.getMberId());
+	    	mberGrdVO.setAmt("0");
+	    	mberGrdVO.setMoid("");
+	   		mberGrdService.mberGrdSaveByUserNoHist(mberGrdVO);    		
+			// End	
+    	}
+    	catch (Exception e) {
+
+    	}
+   		
 		return new StatusResponse(HttpStatus.OK, msg, LocalDateTime.now());
 	}
 

src/main/java/itn/let/mjo/pay/web/MjonPayController.java

@@ -1906,6 +1906,17 @@ public class MjonPayController {
 		
 		model.addAttribute("mjonCandidateVO", mjonCandidateVO);
     	
+    	if(pattern.equals("/web/member/pay/PayListAllAjax.do")) { 
+			// 등급제 Start
+	   		// 회원별 등급 적용
+			MberGrdVO mberGrdVO = new MberGrdVO();
+			mberGrdVO.setMberId(userId);
+	    	mberGrdVO.setAmt("0");
+	    	mberGrdVO.setMoid("");
+	   		mberGrdService.mberGrdSaveByUserNoHist(mberGrdVO);    		
+			// End	    	
+    	}
+    	
     	if(pattern.equals("/web/member/pay/PayListAllAjax.do")
     			|| pattern.equals("/web/member/pay/PayListMobileAjax.do")
     			|| pattern.equals("/web/member/pay/PayListCardAjax.do")

src/main/java/itn/let/sym/grd/service/impl/MberGrdServiceImpl.java

@@ -315,6 +315,8 @@ public class MberGrdServiceImpl extends EgovAbstractServiceImpl implements MberG
 	public void mberGrdSaveByUserLast(MberGrdVO mberGrdVO) throws Exception {
     	try {
     		System.out.println("START 회원별 등급 적용");
+    		
+    		if (StringUtils.isNotEmpty(mberGrdVO.getMberId())) {
     			System.out.println("아이디 : " + mberGrdVO.getMberId());
     			
 	    		// 현재 날짜 구하기
@@ -382,6 +384,7 @@ public class MberGrdServiceImpl extends EgovAbstractServiceImpl implements MberG
 	    				}					
 	    			}			
 	    		}
+    		}
     		System.out.println("END 회원별 등급 적용");
     	}
     	catch (Exception e) {
@@ -400,6 +403,8 @@ public class MberGrdServiceImpl extends EgovAbstractServiceImpl implements MberG
 
     	try {
     		System.out.println("START 회원별 등급 적용(로그인, 환불시 사용 => 히스토리 저장 제외)");
+    		
+    		if (StringUtils.isNotEmpty(mberGrdVO.getMberId())) {
         		System.out.println("아이디 : " + mberGrdVO.getMberId());
         		
 	    		// 현재 날짜 구하기
@@ -461,6 +466,7 @@ public class MberGrdServiceImpl extends EgovAbstractServiceImpl implements MberG
 	    				}					
 	    			}			
 	    		}
+    		}
     		System.out.println("END 회원별 등급 적용(로그인, 환불시 사용 => 히스토리 저장 제외)");
     	}
     	catch (Exception e) {