package de.superx.servlet;

import de.memtext.db.NichtAngemeldetException;
import de.memtext.tree.KeyParentEqualException;
import de.memtext.tree.NoMainEntryException;
import de.memtext.util.DateUtils;
import de.memtext.util.ServletHelper;
import de.memtext.util.StringUtils;
import de.superx.bin.XUpdater;
import de.superx.common.DBServletException;
import de.superx.common.SichtException;
import de.superx.common.SxResultRow;
import de.superx.common.SxUser;
import de.superx.util.SqlStringUtils;
import freemarker.template.TemplateException;
import java.io.IOException;
import java.io.PrintWriter;
import java.lang.reflect.InvocationTargetException;
import java.sql.SQLException;
import java.text.ParseException;
import java.util.Date;
import java.util.Iterator;
import java.util.StringTokenizer;
import java.util.logging.Logger;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.parsers.FactoryConfigurationError;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
import org.dom4j.DocumentException;
import org.xml.sax.SAXException;

/* loaded from: input_file:de/superx/servlet/XUpdaterServlet.class */
public class XUpdaterServlet {
    private static final long serialVersionUID = 1;
    private static final String ADMIN_ONLY = SuperXManager.htmlPageHead("XUpdater") + "<center><h3>XUpdater<br>Hier ist ein Login nur für Administratoren m&ouml;glich.</h3>(Cookies m&uuml;ssen aktiviert sein)<FORM ACTION=\"XUpdater\" METHOD=\"post\"><p><p>Kennung: <br /><INPUT TYPE=\"Text\" NAME=\"kennung\" VALUE=\"superx\"></p><p><p>Passwort: <br /><INPUT TYPE=\"Password\" NAME=\"passwort\" value=\"\"></p><p>MandantenID<br><input type=\"text\" name=\"MandantenID\" value=\"default\"></p><br><INPUT TYPE=\"Submit\" NAME=\"Abschicken\" VALUE=\"Anmelden\"></FORM></center></body></html>";
    private static String pageBeginning = SuperXManager.htmlPageHead("XUpdater") + "<h1 align=center>XUpdater</h1><center>SuperX 5.0 (build:12.09.2023 22:39)</center>";
    private static String pageEnd = "</body></html>";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:de/superx/servlet/XUpdaterServlet$XUpd.class */
    public class XUpd extends SuperXServletHelper {
        public XUpd(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
            super(httpServletRequest, httpServletResponse);
        }

        private String encodeCDATA(String str) {
            if (str == null) {
                str = "";
            }
            return StringUtils.replace(StringUtils.replace(str, "<![CDATA[", "CDATASTART"), "]]>", "CDATAEND");
        }

        @Override // de.superx.servlet.SuperXServletHelper, de.memtext.util.ServletHelper
        protected void perform() throws IOException, IllegalArgumentException, SecurityException, KeyParentEqualException, NichtAngemeldetException, ParseException, ParserConfigurationException, FactoryConfigurationError, SAXException, DocumentException, InstantiationException, IllegalAccessException, InvocationTargetException, NoSuchMethodException, SQLException, DBServletException, TransformerException, TemplateException, CloneNotSupportedException, SichtException, NoMainEntryException {
            String str;
            String str2 = "";
            str = "";
            String parameter = this.request.getParameter("sp");
            if (parameter == null || parameter.trim().equals("")) {
                String parameter2 = this.request.getParameter("content");
                if (parameter2 != null && !parameter2.trim().equals("")) {
                    str2 = new XUpdater().execute(SxPools.get(getMandantenID()).getConnection(), SxPools.get(getMandantenID()).getDatabaseAbbr(), parameter2, Logger.getLogger("superx_" + getMandantenID()));
                }
            } else {
                str = parameter.equalsIgnoreCase("maske") ? getMaskToXml(this.request.getParameter("id")) : "";
                if (parameter.equalsIgnoreCase("maskenselectstmt")) {
                    str = getMaskSQL(this.request.getParameter("id"));
                }
                if (parameter.equalsIgnoreCase("man")) {
                    str = getManSQL(this.request.getParameter("id"));
                }
            }
            PrintWriter writer = this.response.getWriter();
            this.response.setContentType("text/html; charset=" + SqlStringUtils.getEncoding());
            writer.write(XUpdaterServlet.this.getStandardPage(str2, str));
            writer.write(XUpdaterServlet.pageEnd);
            writer.flush();
        }

        private String getManSQL(String str) throws SQLException, DBServletException {
            StringBuffer stringBuffer = new StringBuffer("<?xml version=\"1.0\" encoding=\"" + SqlStringUtils.getEncoding() + "\"?>\n<xupdate>\n");
            stringBuffer.append("<!-- Alte Daten löschen -->\n<sql><![CDATA[delete from man_reports where id ='" + str + "';]]></sql>\n<sql><![CDATA[delete from man_catalogue where id in (select catalogue_id from man_catalogue_rpt where report_id='" + str + "');]]></sql>\n<sql><![CDATA[delete from man_grouping where id in (select grouping1 from man_catalogue_rpt where report_id='" + str + "');]]></sql>\n<sql><![CDATA[delete from man_catalogue_rpt where report_id ='" + str + "';]]></sql>\n");
            String str2 = "";
            Iterator it = ServletUtils.executeALL_el(null, null, "report Name " + str + " lesen", "select name from man_reports where id='" + str + "'", getMandantenID(), true).getResultSet().iterator();
            while (it.hasNext()) {
                str2 = (String) ((SxResultRow) it.next()).get(0);
            }
            stringBuffer.append("<sql><![CDATA[INSERT INTO man_reports(id,name) VALUES('" + str + "','" + str2 + "');]]></sql>\n");
            Iterator it2 = ServletUtils.executeALL_el(null, null, "groupings für " + str + " lesen", "select id,name,caption from man_grouping where id in (select grouping1 from man_catalogue_rpt where report_id='" + str + "')", getMandantenID(), true).getResultSet().iterator();
            while (it2.hasNext()) {
                SxResultRow sxResultRow = (SxResultRow) it2.next();
                stringBuffer.append("<sql><![CDATA[INSERT INTO man_grouping(id,name,caption) VALUES('" + ((String) sxResultRow.get(0)) + "','" + ((String) sxResultRow.get(1)) + "','" + StringUtils.replace((String) sxResultRow.get(2), "'", "''") + "');]]></sql>\n");
            }
            Iterator it3 = ServletUtils.executeALL_el(null, null, "catalogue_rpt für " + str + " lesen", "select catalogue_id,sortnr::varchar(10),sortnr2::varchar(10),grouping1,grouping2,valid_from,valid_till,active::varchar(2) from man_catalogue_rpt where report_id='" + str + "'", getMandantenID(), true).getResultSet().iterator();
            while (it3.hasNext()) {
                SxResultRow sxResultRow2 = (SxResultRow) it3.next();
                String str3 = (String) sxResultRow2.get(0);
                String str4 = (String) sxResultRow2.get(1);
                if (str4 == null) {
                    str4 = "null";
                }
                String str5 = (String) sxResultRow2.get(2);
                if (str5 == null) {
                    str4 = "null";
                }
                String str6 = (String) sxResultRow2.get(3);
                String str7 = str6 == null ? "null" : "'" + str6 + "'";
                String str8 = (String) sxResultRow2.get(4);
                String str9 = str8 == null ? "null" : "'" + str8 + "'";
                Date date = (Date) sxResultRow2.get(5);
                String str10 = date != null ? "date_val('" + DateUtils.formatGerman(date) + "')" : "date_val('1.1.1900')";
                Date date2 = (Date) sxResultRow2.get(6);
                String str11 = date2 != null ? "date_val('" + DateUtils.formatGerman(date2) + "')" : "date_val('1.1.3000')";
                String str12 = (String) sxResultRow2.get(7);
                if (str12 == null) {
                    str12 = "null";
                }
                stringBuffer.append("<sql><![CDATA[INSERT INTO man_catalogue_rpt(report_id,catalogue_id,sortnr,sortnr2,grouping1,grouping2,valid_from,valid_till,active) VALUES('" + str + "','" + str3 + "'," + str4 + "," + str5 + "," + str7 + "," + str9 + "," + str10 + "," + str11 + " ," + str12 + ");]]></sql>\n");
            }
            Iterator it4 = ServletUtils.executeALL_el(null, null, "catalogue für " + str + " lesen", "select string_not_null(trim(id)),string_not_null(trim(shortname)),string_not_null(trim(name)),string_not_null(trim(timeunit)),decimalplaces::varchar(4),string_not_null(trim(restrictedgroupids)),ismanual::varchar(4),string_not_null(trim(requiredfields)),calcratio::varchar(4),attrib1::varchar(10), string_not_null(trim(fld_semester)),string_not_null(trim(fld_jahr)),string_not_null(trim(fld_studiengang)),string_not_null(trim(fld_institut)),string_not_null(trim(fld_geschlecht)),string_not_null(trim(fromclause)),string_not_null(trim(aggrfunction)),cacheing::varchar(10),string_not_null(trim(linktable)),string_not_null(trim(linkmask)),string_not_null(description),string_not_null(sqlchunk),string_not_null(linksub),string_not_null(linktimeline),string_not_null(cleanup),string_not_null(preparation),string_not_null(techdetails),string_not_null(moreinfo),string_not_null(whereclause),gueltig_von,gueltig_bis from man_catalogue where id in (select catalogue_id from man_catalogue_rpt where report_id='" + str + "')", getMandantenID(), true).getResultSet().iterator();
            while (it4.hasNext()) {
                SxResultRow sxResultRow3 = (SxResultRow) it4.next();
                String str13 = (String) sxResultRow3.get(0);
                String replace = StringUtils.replace((String) sxResultRow3.get(1), "'", "''");
                String replace2 = StringUtils.replace((String) sxResultRow3.get(2), "'", "''");
                String str14 = (String) sxResultRow3.get(3);
                String str15 = (String) sxResultRow3.get(4);
                if (str15 == null) {
                    str15 = "null";
                }
                String replace3 = StringUtils.replace((String) sxResultRow3.get(5), "'", "''");
                String str16 = (String) sxResultRow3.get(6);
                if (str16 == null) {
                    str16 = "null";
                }
                String replace4 = StringUtils.replace((String) sxResultRow3.get(7), "'", "''");
                String str17 = (String) sxResultRow3.get(8);
                if (str17 == null) {
                    str17 = "null";
                }
                String str18 = (String) sxResultRow3.get(9);
                if (str18 == null) {
                    str18 = "null";
                }
                String replace5 = StringUtils.replace((String) sxResultRow3.get(10), "'", "''");
                String replace6 = StringUtils.replace((String) sxResultRow3.get(11), "'", "''");
                String replace7 = StringUtils.replace((String) sxResultRow3.get(12), "'", "''");
                String replace8 = StringUtils.replace((String) sxResultRow3.get(13), "'", "''");
                String replace9 = StringUtils.replace((String) sxResultRow3.get(14), "'", "''");
                String replace10 = StringUtils.replace((String) sxResultRow3.get(15), "'", "''");
                String replace11 = StringUtils.replace((String) sxResultRow3.get(16), "'", "''");
                String str19 = (String) sxResultRow3.get(17);
                if (str19 == null) {
                    str19 = "null";
                }
                String replace12 = StringUtils.replace((String) sxResultRow3.get(18), "'", "''");
                String replace13 = StringUtils.replace((String) sxResultRow3.get(19), "'", "''");
                String str20 = (String) sxResultRow3.get(20);
                String str21 = (String) sxResultRow3.get(21);
                String str22 = (String) sxResultRow3.get(22);
                String str23 = (String) sxResultRow3.get(23);
                String str24 = (String) sxResultRow3.get(24);
                String str25 = (String) sxResultRow3.get(25);
                String str26 = (String) sxResultRow3.get(26);
                String str27 = (String) sxResultRow3.get(27);
                String str28 = (String) sxResultRow3.get(28);
                Date date3 = (Date) sxResultRow3.get(29);
                String str29 = date3 != null ? "date_val('" + DateUtils.formatGerman(date3) + "')" : "date_val('1.1.1900')";
                String str30 = "date_val('1.1.3000')";
                Date date4 = (Date) sxResultRow3.get(30);
                if (date4 != null) {
                    str30 = "date_val('" + DateUtils.formatGerman(date4) + "')";
                }
                stringBuffer.append("<sql><![CDATA[insert into man_catalogue ( \n       id,        shortname,        name,   timeunit,  decimalplaces,       restrictedgroupids,       ismanual,       requiredfields,        calcratio,        gueltig_von,       gueltig_bis,       attrib1,       fld_semester,       fld_jahr,        fld_studiengang,        fld_institut,        fld_geschlecht,        fromclause,        aggrfunction,        cacheing,        linktable,        linkmask) \nvalues ('" + str13 + "','" + replace + "','" + replace2 + "','" + str14 + "'," + str15 + ",'" + replace3 + "'," + str16 + ",'" + replace4 + "'," + str17 + "," + str29 + "," + str30 + "," + str18 + ",'" + replace5 + "','" + replace6 + "','" + replace7 + "','" + replace8 + "','" + replace9 + "','" + replace10 + "','" + replace11 + "'," + str19 + ",'" + replace12 + "','" + replace13 + "');]]></sql>\n");
                stringBuffer.append("<text table=\"man_catalogue\" field=\"description\" where=\"id='" + str13 + "'\"><![CDATA[" + str20 + "]]></text>\n");
                stringBuffer.append("<text table=\"man_catalogue\" field=\"sqlchunk\" where=\"id='" + str13 + "'\"><![CDATA[" + str21 + "]]></text>\n");
                stringBuffer.append("<text table=\"man_catalogue\" field=\"linksub\" where=\"id='" + str13 + "'\"><![CDATA[" + str22 + "]]></text>\n");
                stringBuffer.append("<text table=\"man_catalogue\" field=\"linktimeline\" where=\"id='" + str13 + "'\"><![CDATA[" + str23 + "]]></text>\n");
                stringBuffer.append("<text table=\"man_catalogue\" field=\"cleanup\" where=\"id='" + str13 + "'\"><![CDATA[" + str24 + "]]></text>\n");
                stringBuffer.append("<text table=\"man_catalogue\" field=\"preparation\" where=\"id='" + str13 + "'\"><![CDATA[" + str25 + "]]></text>\n");
                stringBuffer.append("<text table=\"man_catalogue\" field=\"techdetails\" where=\"id='" + str13 + "'\"><![CDATA[" + str26 + "]]></text>\n");
                stringBuffer.append("<text table=\"man_catalogue\" field=\"moreinfo\" where=\"id='" + str13 + "'\"><![CDATA[" + str27 + "]]></text>\n");
                stringBuffer.append("<text table=\"man_catalogue\" field=\"whereclause\" where=\"id='" + str13 + "'\"><![CDATA[" + str28 + "]]></text>\n");
                stringBuffer.append("\n");
            }
            stringBuffer.append("</xupdate>");
            return stringBuffer.toString();
        }

        private String getMaskToXml(String str) throws SQLException, DBServletException {
            Integer num;
            if (((SxUser) this.request.getSession().getAttribute("user")) == null) {
                throw new IllegalStateException("Kein user in der Session gefunden - bitte Browser neu starten!");
            }
            StringBuffer stringBuffer = new StringBuffer("<?xml version=\"1.0\" encoding=\"" + SqlStringUtils.getEncoding() + "\"?>\n<xupdate>\n");
            StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
            while (stringTokenizer.hasMoreTokens()) {
                String nextToken = stringTokenizer.nextToken();
                Iterator it = ServletUtils.executeALL_el(null, null, "themenbaum " + nextToken + " lesen", "select min(parent) from themenbaum where maskeninfo_id=" + nextToken, getMandantenID(), true).getResultSet().iterator();
                Integer num2 = null;
                while (true) {
                    num = num2;
                    if (!it.hasNext()) {
                        break;
                    }
                    num2 = (Integer) ((SxResultRow) it.next()).get(0);
                }
                String str2 = "";
                if (num != null) {
                    Iterator it2 = ServletUtils.executeALL_el(null, null, "themenbaum2 " + nextToken + " lesen", "select name from themenbaum where tid=" + num, getMandantenID(), true).getResultSet().iterator();
                    while (it2.hasNext()) {
                        str2 = (String) ((SxResultRow) it2.next()).get(0);
                    }
                }
                Iterator it3 = ServletUtils.executeALL_el(null, null, "verschd " + nextToken + " lesen", "create temp table tmp_erg (sql " + (SxPools.get(getMandantenID()).getDatabaseAbbr().equals("IDS") ? "lvarchar" : "text") + ");\ninsert into tmp_erg values ('<!-- fuer Maske " + nextToken + "-->'); \ninsert into tmp_erg values ('<themenbaum maskentid=\"" + nextToken + "\" parentname=\"" + str2 + "\"/> <!--Hier Themenbaumparent eintragen Name z.B: Haushalt-->'); \ninsert into tmp_erg values ('<sql>delete from maskeninfo where tid = " + nextToken + "SEMIKO</sql> '); \ninsert into tmp_erg values ('<sql>delete from themenbaum where maskeninfo_id = " + nextToken + "SEMIKO</sql> '); \ninsert into tmp_erg values ('<sql>delete from felderinfo where tid in (select felderinfo_id from masken_felder_bez where maskeninfo_id = " + nextToken + ")SEMIKO</sql> '); \ninsert into tmp_erg values ('<sql>delete from masken_felder_bez where maskeninfo_id = " + nextToken + "SEMIKO</sql> ') ;\ninsert into tmp_erg values ('<sql>delete from sachgeb_maske_bez where maskeninfo_id = " + nextToken + "SEMIKO</sql> '); \ninsert into tmp_erg values ('<sql>delete from maske_system_bez where maskeninfo_id = " + nextToken + "SEMIKO</sql> ') ;\n \ninsert into tmp_erg \nselect '<sql><![CDATA[insert into maskeninfo (tid,name,chart_xtitel,chart_ytitel) values ('||tid||','''','''||nvl(trim(chart_xtitel),''::char(1))||''','''||nvl(trim(chart_ytitel),''::char(1))||''')SEMIKO]]></sql> ' from maskeninfo where tid=" + nextToken + " ;\ninsert into tmp_erg \nselect '<sql><![CDATA[update maskeninfo  set name='''||trim(name)||''' where tid='||tid||'SEMIKO]]></sql> '  \nfrom maskeninfo where tid=" + nextToken + " ;\ninsert into tmp_erg \nselect '<sql><![CDATA[update maskeninfo  set cleanup_stmt='''||nvl(trim(cleanup_stmt),''::char(1))||''',  frontend='||nvl(frontend::char(1),'2'::char(1))||',  breite='||nvl(breite::char(5),'300'::char(5))||',  hoehe='||nvl(hoehe::char(5),'500'::char(5))||',  hilfe='||nvl(hilfe::char(5),'0'::char(5))||' where tid='||tid||'SEMIKO]]></sql> '  \nfrom maskeninfo where tid=" + nextToken + " ;\ninsert into tmp_erg  \nselect '<sql>insert into maske_system_bez (maskeninfo_id,systeminfo_id) values ('||maskeninfo_id||','||systeminfo_id||')SEMIKO</sql> ' from maske_system_bez where maskeninfo_id = " + nextToken + " ;\ninsert into tmp_erg  \nselect '<sql>insert into sachgeb_maske_bez (maskeninfo_id,sachgebiete_id) values ('||maskeninfo_id||','||sachgebiete_id||')SEMIKO</sql> ' from sachgeb_maske_bez where maskeninfo_id = " + nextToken + "; \ninsert into tmp_erg  \nselect '<sql>insert into masken_felder_bez (maskeninfo_id,felderinfo_id) values ('||maskeninfo_id||','||felderinfo_id||')SEMIKO</sql> ' from masken_felder_bez where maskeninfo_id = " + nextToken + " ;\n \ninsert into tmp_erg \nselect '<sql><![CDATA[insert into felderinfo (tid,name,nummer,x,y,buttonbreite,feldbreite,zeilenanzahl,typ,laenge) values ('||tid||','''','||nummer||','||x||','||y||','||nvl(buttonbreite::char(5),'100'::char(5))||','||nvl(feldbreite::char(10),'100'::char(5))||','||nvl(zeilenanzahl::char(3),'1'::char(5))||','''||trim(typ)||''','||nvl(laenge::char(10),'150'::char(5))||')SEMIKO]]></sql> ' from felderinfo F, masken_felder_bez B where  \n F.tid=B.felderinfo_id and B.maskeninfo_id=" + nextToken + " ;\n  \ninsert into tmp_erg \nselect '<sql><![CDATA[update felderinfo  set name='''||nvl(trim(name),''::char(1))||''' where tid='||tid||'SEMIKO]]></sql> '  \nfrom felderinfo F, masken_felder_bez B where  F.tid=B.felderinfo_id and B.maskeninfo_id=" + nextToken + "; \n  \ninsert into tmp_erg \nselect '<sql><![CDATA[update felderinfo  set obligatorisch='||nvl(obligatorisch::char(1),'0'::char(1))||',  art='||art||',  attribut='''||nvl(trim(attribut),''::char(1))||''',  defaultwert='''||nvl(trim(replace(defaultwert, '''', '''''')),''::char(1))||''' where tid='||tid||'SEMIKO]]></sql> '  \nfrom felderinfo F, masken_felder_bez B where  F.tid=B.felderinfo_id and B.maskeninfo_id=" + nextToken + "; \n \n \nselect * from tmp_erg;drop table tmp_erg;", getMandantenID(), true).getResultSet().iterator();
                while (it3.hasNext()) {
                    stringBuffer.append(StringUtils.replace(StringUtils.replace(StringUtils.replace(StringUtils.replace(StringUtils.replace(StringUtils.replace(StringUtils.replace((String) ((SxResultRow) it3.next()).get(0), "SEMIKO", ";"), "<!--", "\n<!--"), "<xpdate", "\n<xupdate"), "<themen", "\n<themen"), "<sql", "\n<sql"), "<text", "\n<text"), "</xupdate", "\n</xupdate"));
                }
                Iterator it4 = ServletUtils.executeALL_el(null, null, "maskeninfo  " + nextToken + " lesen", "select select_stmt,xil_proplist,erlaeuterung,hinweis from maskeninfo where tid=" + nextToken, getMandantenID(), true).getResultSet().iterator();
                while (it4.hasNext()) {
                    SxResultRow sxResultRow = (SxResultRow) it4.next();
                    stringBuffer.append("\n<text table=\"maskeninfo\" field=\"select_stmt\" where=\"tid=" + nextToken + "\"><![CDATA[" + encodeCDATA((String) sxResultRow.get(0)) + "]]></text> \n");
                    stringBuffer.append("<text table=\"maskeninfo\" field=\"xil_proplist\" where=\"tid=" + nextToken + "\"><![CDATA[" + encodeCDATA((String) sxResultRow.get(1)) + "]]></text> \n");
                    String encodeCDATA = encodeCDATA((String) sxResultRow.get(2));
                    if (encodeCDATA == null || encodeCDATA.trim().equals("")) {
                        encodeCDATA = "null";
                    }
                    stringBuffer.append("<text table=\"maskeninfo\" field=\"erlaeuterung\" where=\"tid=" + nextToken + "\"><![CDATA[" + encodeCDATA + "]]></text> \n");
                    String encodeCDATA2 = encodeCDATA((String) sxResultRow.get(3));
                    if (encodeCDATA2 == null || encodeCDATA2.trim().equals("")) {
                        encodeCDATA2 = "null";
                    }
                    stringBuffer.append("<text table=\"maskeninfo\" field=\"hinweis\" where=\"tid=" + nextToken + "\"><![CDATA[" + encodeCDATA2 + "]]></text> \n");
                }
                Iterator it5 = ServletUtils.executeALL_el(null, null, "feldinfo relation,hinweis " + nextToken + " lesen", "select F.tid,relation from felderinfo F,masken_felder_bez B where F.tid=B.felderinfo_id and B.maskeninfo_id=" + nextToken, getMandantenID(), true).getResultSet().iterator();
                while (it5.hasNext()) {
                    SxResultRow sxResultRow2 = (SxResultRow) it5.next();
                    stringBuffer.append("<text table=\"felderinfo\" field=\"relation\" where=\"tid=" + sxResultRow2.get(0) + "\"><![CDATA[" + encodeCDATA((String) sxResultRow2.get(1)) + "]]></text> \n");
                }
            }
            stringBuffer.append("</xupdate>\n");
            StringUtils.replace(stringBuffer, "&gt;", "&amp;gt;");
            StringUtils.replace(stringBuffer, "&lt;", "&amp;lt;");
            return stringBuffer.toString();
        }

        private String getMaskSQL(String str) throws SQLException, DBServletException {
            if (((SxUser) this.request.getSession().getAttribute("user")) == null) {
                throw new IllegalStateException("Kein user in der Session gefunden - bitte Browser neu starten!");
            }
            StringBuffer stringBuffer = new StringBuffer("<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>");
            StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
            while (stringTokenizer.hasMoreTokens()) {
                String nextToken = stringTokenizer.nextToken();
                Iterator it = ServletUtils.executeALL_el(null, null, "maskeninfo  " + nextToken + " lesen", "select select_stmt from maskeninfo where tid=" + nextToken, getMandantenID(), true).getResultSet().iterator();
                while (it.hasNext()) {
                    stringBuffer.append("\n<text table=\"maskeninfo\" field=\"select_stmt\" where=\"tid=" + nextToken + "\"><![CDATA[" + ((String) ((SxResultRow) it.next()).get(0)) + "]]></text> \n");
                }
            }
            stringBuffer.append("</xupdate>\n");
            return stringBuffer.toString();
        }
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (ServletHelper.getParameter(httpServletRequest, "kennung") != null && ServletHelper.getParameter(httpServletRequest, "passwort") != null) {
            try {
                new UserInitializer(httpServletRequest, false).perform();
            } catch (Exception e) {
                throw new ServletException("Authentifizierung für " + ServletHelper.getParameter(httpServletRequest, "kennung") + " fehlgeschlagen");
            }
        }
        SxUser sxUser = (SxUser) httpServletRequest.getSession().getAttribute("user");
        if (sxUser != null && sxUser.isAdmin()) {
            new XUpd(httpServletRequest, httpServletResponse).run(false);
            return;
        }
        PrintWriter writer = httpServletResponse.getWriter();
        writer.write(ADMIN_ONLY);
        writer.flush();
    }

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        PrintWriter writer = httpServletResponse.getWriter();
        httpServletResponse.setContentType("text/html; charset=" + SqlStringUtils.getEncoding());
        SxUser sxUser = (SxUser) httpServletRequest.getSession().getAttribute("user");
        if (sxUser == null || !sxUser.isAdmin()) {
            writer.write(ADMIN_ONLY);
        } else {
            writer.write(getStandardPage("", "<xupdate>\n</xupdate>"));
        }
        writer.flush();
        writer.close();
    }

    public String getStandardPage(String str, String str2) {
        StringBuffer stringBuffer = new StringBuffer(pageBeginning + "\n<br><center><p><font color=\"red\">" + str + "</font></p><form action=\"SuperXManager\" method=post><input type=\"hidden\" name=\"xupdater\" value=\"true\"><p>enter here</p>  <textarea name=\"content\" cols=80 rows=15>" + str2 + "</textarea><br><p>oder Spezialparam:<input name=\"sp\" type=\"text\"><br>id:<input name=\"id\" type=\"text\"><br><input type=\"submit\" value=\"Absenden\"> </form>");
        stringBuffer.append(pageEnd);
        return stringBuffer.toString();
    }
}
