git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@456 4033779f-a91e-0410-96ef-6bf7bf53c507

2012-04-24 16:18:15 +00:00 · 2012-04-24 16:18:15 +00:00 · 05b9e0d045
commit 05b9e0d045
parent 9a5c004ca1
1 changed files with 6 additions and 7 deletions
--- a/src/main/java/org/owasp/webgoat/lessons/LogSpoofing.java
+++ b/src/main/java/org/owasp/webgoat/lessons/LogSpoofing.java
@ -59,6 +59,7 @@ public class LogSpoofing extends LessonAdapter

 	private static final String PASSWORD = "password";
 	
+
 	public final static A MAC_LOGO = new A().setHref("http://www.softwaresecured.com").addElement(new IMG("images/logos/softwaresecured.gif").setAlt("Software Secured").setBorder(0).setHspace(0).setVspace(0));
 	
 	protected Element createContent(WebSession s)
@ -94,6 +95,7 @@ public class LogSpoofing extends LessonAdapter
 			ec.addElement(t);

 			inputUsername = new String(s.getParser().getRawParameter(USERNAME, ""));
+			
 			if (inputUsername.length() != 0)
 			{
 				inputUsername = URLDecoder.decode(inputUsername, "UTF-8");
@ -109,10 +111,7 @@ public class LogSpoofing extends LessonAdapter

 			ec.addElement(t2);			
 					
-			if (inputUsername.length() != 0
-					&& inputUsername.toUpperCase().indexOf(
-															System.getProperty("line.separator")
-																	+ WebGoatI18N.get("LoginSucceededForUserName")+":") >= 0)
+			if (inputUsername.length() > 0 && inputUsername.indexOf('\n') >= 0 && inputUsername.indexOf('\n') >= 0)
 			{				
 				makeSuccess(s);
 			}