From 05b9e0d0458c8683bbb98b028337341670e66a66 Mon Sep 17 00:00:00 2001 From: "sherif.fathy" Date: Tue, 24 Apr 2012 16:18:15 +0000 Subject: [PATCH] git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@456 4033779f-a91e-0410-96ef-6bf7bf53c507 --- .../java/org/owasp/webgoat/lessons/LogSpoofing.java | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/src/main/java/org/owasp/webgoat/lessons/LogSpoofing.java b/src/main/java/org/owasp/webgoat/lessons/LogSpoofing.java index edbe6a701..552bd9165 100644 --- a/src/main/java/org/owasp/webgoat/lessons/LogSpoofing.java +++ b/src/main/java/org/owasp/webgoat/lessons/LogSpoofing.java @@ -58,6 +58,7 @@ public class LogSpoofing extends LessonAdapter private static final String USERNAME = "username"; private static final String PASSWORD = "password"; + public final static A MAC_LOGO = new A().setHref("http://www.softwaresecured.com").addElement(new IMG("images/logos/softwaresecured.gif").setAlt("Software Secured").setBorder(0).setHspace(0).setVspace(0)); @@ -94,6 +95,7 @@ public class LogSpoofing extends LessonAdapter ec.addElement(t); inputUsername = new String(s.getParser().getRawParameter(USERNAME, "")); + if (inputUsername.length() != 0) { inputUsername = URLDecoder.decode(inputUsername, "UTF-8"); @@ -107,13 +109,10 @@ public class LogSpoofing extends LessonAdapter t2.addElement(row4); - ec.addElement(t2); - - if (inputUsername.length() != 0 - && inputUsername.toUpperCase().indexOf( - System.getProperty("line.separator") - + WebGoatI18N.get("LoginSucceededForUserName")+":") >= 0) - { + ec.addElement(t2); + + if (inputUsername.length() > 0 && inputUsername.indexOf('\n') >= 0 && inputUsername.indexOf('\n') >= 0) + { makeSuccess(s); } } catch (UnsupportedEncodingException e)