dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Internationalization refactoring pass 2 : removing dependencies to

Browse Source 
previous implentation
This commit is contained in:
David Touzet
2014-09-26 08:12:44 -04:00
parent 92b317b2c9
commit 05c0c0342e
34 changed files with 3829 additions and 3372 deletions
Download Patch File Download Diff File Expand all files Collapse all files

116
src/main/webapp/WEB-INF/mvc-dispatcher-servlet.xml
View File

@ -1,59 +1,59 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.2.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd">
<context:component-scan base-package="org.owasp.webgoat.controller, org.owasp.webgoat.lessons, org.owasp.webgoat.service" />
<!--
put custom validators here. E.g.:
<bean class="org.owasp.webgoat.validators.MyCustomValidator" />
-->
<!-- Activates various annotations to be detected in bean classes -->
<context:annotation-config />
<!-- Configures the annotation-driven Spring MVC Controller programming model. -->
<mvc:annotation-driven />
<!-- Import Tiles-related configuration -->
<!--import resource="tiles-context.xml" /-->
<!-- Declare a view resolver -->
<!-- Take note of the order. Since we're using TilesViewResolver as well
We need to define which ViewResolver is called first.
We chose this InternalResourceViewResolver to be at the bottom order -->
<bean
id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver"
p:prefix="/WEB-INF/pages/"
p:suffix=".jsp"
p:order="1"/>
<mvc:interceptors>
<bean id="webContentInterceptor" class="org.springframework.web.servlet.mvc.WebContentInterceptor">
<property name="cacheSeconds" value="0" />
<property name="useExpiresHeader" value="true" />
<property name="useCacheControlHeader" value="true" />
<property name="useCacheControlNoStore" value="true" />
</bean>
</mvc:interceptors>
<!-- Register the Customer.properties
<bean id="messageSource"
class="org.springframework.context.support.ResourceBundleMessageSource">
<property name="basename" value="org/owasp/webgoat/properties/Customer" />
</bean>
-->
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.2.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd">
<context:component-scan base-package="org.owasp.webgoat" />
<!--
put custom validators here. E.g.:
<bean class="org.owasp.webgoat.validators.MyCustomValidator" />
-->
<!-- Activates various annotations to be detected in bean classes -->
<context:annotation-config />
<!-- Configures the annotation-driven Spring MVC Controller programming model. -->
<mvc:annotation-driven />
<!-- Import Tiles-related configuration -->
<!--import resource="tiles-context.xml" /-->
<!-- Declare a view resolver -->
<!-- Take note of the order. Since we're using TilesViewResolver as well
We need to define which ViewResolver is called first.
We chose this InternalResourceViewResolver to be at the bottom order -->
<bean
id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver"
p:prefix="/WEB-INF/pages/"
p:suffix=".jsp"
p:order="1"/>
<mvc:interceptors>
<bean id="webContentInterceptor" class="org.springframework.web.servlet.mvc.WebContentInterceptor">
<property name="cacheSeconds" value="0" />
<property name="useExpiresHeader" value="true" />
<property name="useCacheControlHeader" value="true" />
<property name="useCacheControlNoStore" value="true" />
</bean>
</mvc:interceptors>
<!-- Register the Customer.properties
<bean id="messageSource"
class="org.springframework.context.support.ResourceBundleMessageSource">
<property name="basename" value="org/owasp/webgoat/properties/Customer" />
</bean>
-->
</beans>

582
src/main/webapp/WEB-INF/web.xml
View File

@ -1,288 +1,294 @@
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!-- General description of your web application -->
<display-name>WebGoat</display-name>
<description>
This web application is designed to demonstrate web
application security flaws for the purpose of educating
developers and security professionals about web
application security problems. Please contact Bruce Mayhew
(webgoat@owasp.org) if you have any questions.
</description>
<!-- Context initialization parameters that define shared
String constants used within your application, which
can be customized by the system administrator who is
installing your application. The values actually
assigned to these parameters can be retrieved in a
servlet or JSP page by calling:
String value =
getServletContext().getInitParameter("name");
where "name" matches the <param-name> element of
one of these initialization parameters.
You can define any number of context initialization
parameters, including zero.
-->
<context-param>
<param-name>email</param-name>
<param-value>webgoat@owasp.org</param-value>
<description>
The EMAIL address of the administrator to whom questions
and comments about this application should be addressed.
</description>
</context-param>
<context-param>
<param-name>emaillist</param-name>
<param-value>owasp-webgoat@lists.owasp.org</param-value>
<description>
The EMAIL address of the webgoat email list
</description>
</context-param>
<!-- spring MVC -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/mvc-dispatcher-servlet.xml,
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<!-- Servlet definitions for the servlets that make up
your web application, including initialization
parameters. With Tomcat, you can also send requests
to servlets not listed here with a request like this:
http://localhost:8080/{context-path}/servlet/{classname}
but this usage is not guaranteed to be portable. It also
makes relative references to images and other resources
required by your servlet more complicated, so defining
all of your servlets (and defining a mapping to them with
a servlet-mapping element) is recommended.
Servlet initialization parameters can be retrieved in a
servlet or JSP page by calling:
String value =
getServletConfig().getInitParameter("name");
where "name" matches the <param-name> element of
one of these initialization parameters.
You can define any number of servlets, including zero.
-->
<servlet>
<servlet-name>AxisServlet</servlet-name>
<display-name>Apache-Axis Servlet</display-name>
<servlet-class>
org.apache.axis.transport.http.AxisServlet
</servlet-class>
</servlet>
<servlet>
<servlet-name>AdminServlet</servlet-name>
<display-name>Axis Admin Servlet</display-name>
<servlet-class>
org.apache.axis.transport.http.AdminServlet
</servlet-class>
<load-on-startup>100</load-on-startup>
</servlet>
<servlet>
<servlet-name>SOAPMonitorService</servlet-name>
<display-name>SOAPMonitorService</display-name>
<servlet-class>
org.apache.axis.monitor.SOAPMonitorService
</servlet-class>
<init-param>
<param-name>SOAPMonitorPort</param-name>
<param-value>5001</param-value>
</init-param>
<load-on-startup>100</load-on-startup>
</servlet>
<servlet>
<servlet-name>WebGoat</servlet-name>
<description>
This servlet plays the "controller" role in the MVC architecture
used in this application.
The initialization parameter namess for this servlet are the
"servlet path" that will be received by this servlet (after the
filename extension is removed). The corresponding value is the
name of the action class that will be used to process this request.
</description>
<servlet-class>org.owasp.webgoat.HammerHead</servlet-class>
<init-param>
<param-name>email</param-name>
<param-value>WebGoat@owasp.org</param-value>
<description>The EMAIL address of the administrator to whom questions
and comments about this application should be addressed.
</description>
</init-param>
<init-param>
<param-name>debug</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>CookieDebug</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>DefuseOSCommands</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>Enterprise</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>CodingExercises</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<!-- Specify an address where you would like comments to be sent. -->
<!-- This can be any URL or HTML tags, and will appear on the report card and lesson incomplete pages -->
<!-- Use iso8859-1 encoding to represent special characters that might confuse XML parser. For
example, replace "<" with "&lt;" and ">" with "&gt;". -->
<param-name>FeedbackAddress</param-name>
<param-value>
&lt;A HREF=mailto:webgoat@owasp.org&gt;webgoat@owasp.org&lt;/A&gt;
</param-value>
</init-param>
<init-param>
<param-name>DatabaseDriver</param-name>
<param-value>
org.hsqldb.jdbcDriver
</param-value>
</init-param>
<init-param>
<param-name>DatabaseConnectionString</param-name>
<!--
The string "${USER}" in the connection string will be replaced by the active username
when making a connection.
-->
<param-value>jdbc:hsqldb:mem:${USER}</param-value>
</init-param>
<init-param>
<param-name>DefaultLanguage</param-name>
<param-value>en</param-value>
</init-param>
<!-- Load this servlet at server startup time -->
<load-on-startup>5</load-on-startup>
</servlet>
<servlet>
<servlet-name>LessonSource</servlet-name>
<description>
This servlet returns the Java source of the current lesson.
</description>
<servlet-class>org.owasp.webgoat.LessonSource</servlet-class>
</servlet>
<servlet>
<servlet-name>Catcher</servlet-name>
<description>
This servlet catches any posts and marks the appropriate lesson property.
</description>
<servlet-class>org.owasp.webgoat.Catcher</servlet-class>
</servlet>
<servlet>
<servlet-name>conf</servlet-name>
<jsp-file>/lessons/ConfManagement/config.jsp</jsp-file>
</servlet>
<!-- spring MVC -->
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>*.mvc</url-pattern>
</servlet-mapping>
<listener>
<description>Spring context init</description>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<description>WebGoat application init</description>
<listener-class>org.owasp.webgoat.application.WebGoatServletListener</listener-class>
</listener>
<!-- end spring MVC -->
<!-- spring security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- end spring security -->
<!-- Define mappings that are used by the servlet container to
translate a particular request URI (context-relative) to a
particular servlet. The examples below correspond to the
servlet descriptions above. Thus, a request URI like:
http://localhost:8080/{contextpath}/graph
will be mapped to the "graph" servlet, while a request like:
http://localhost:8080/{contextpath}/saveCustomer.mvc
will be mapped to the "controller" servlet.
You may define any number of servlet mappings, including zero.
It is also legal to define more than one mapping for the same
servlet, if you wish to.
-->
<servlet-mapping>
<servlet-name>AxisServlet</servlet-name>
<url-pattern>/servlet/AxisServlet</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>AxisServlet</servlet-name>
<url-pattern>*.jws</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>AxisServlet</servlet-name>
<url-pattern>/services/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>SOAPMonitorService</servlet-name>
<url-pattern>/SOAPMonitor</url-pattern>
</servlet-mapping>
<!-- uncomment this if you want the admin servlet -->
<servlet-mapping>
<servlet-name>AdminServlet</servlet-name>
<url-pattern>/servlet/AdminServlet</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>WebGoat</servlet-name>
<url-pattern>/attack</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>LessonSource</servlet-name>
<url-pattern>/source</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Catcher</servlet-name>
<url-pattern>/catcher</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>conf</servlet-name>
<url-pattern>/conf</url-pattern>
</servlet-mapping>
<!-- Define the default session timeout for your application,
in minutes. From a servlet or JSP page, you can modify
the timeout for a particular session dynamically by using
HttpSession.getMaxInactiveInterval(). -->
<session-config>
<!-- 2 days -->
<session-timeout>2880</session-timeout>
</session-config>
<mime-mapping>
<extension>wmv</extension>
<mime-type>video/x-ms-wmv</mime-type>
</mime-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!-- General description of your web application -->
<display-name>WebGoat</display-name>
<description>
This web application is designed to demonstrate web
application security flaws for the purpose of educating
developers and security professionals about web
application security problems. Please contact Bruce Mayhew
(webgoat@owasp.org) if you have any questions.
</description>
<!-- Context initialization parameters that define shared
String constants used within your application, which
can be customized by the system administrator who is
installing your application. The values actually
assigned to these parameters can be retrieved in a
servlet or JSP page by calling:
String value =
getServletContext().getInitParameter("name");
where "name" matches the <param-name> element of
one of these initialization parameters.
You can define any number of context initialization
parameters, including zero.
-->
<context-param>
<param-name>email</param-name>
<param-value>webgoat@owasp.org</param-value>
<description>
The EMAIL address of the administrator to whom questions
and comments about this application should be addressed.
</description>
</context-param>
<context-param>
<param-name>emaillist</param-name>
<param-value>owasp-webgoat@lists.owasp.org</param-value>
<description>
The EMAIL address of the webgoat email list
</description>
</context-param>
<!-- spring MVC -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/mvc-dispatcher-servlet.xml,
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<!-- Servlet definitions for the servlets that make up
your web application, including initialization
parameters. With Tomcat, you can also send requests
to servlets not listed here with a request like this:
http://localhost:8080/{context-path}/servlet/{classname}
but this usage is not guaranteed to be portable. It also
makes relative references to images and other resources
required by your servlet more complicated, so defining
all of your servlets (and defining a mapping to them with
a servlet-mapping element) is recommended.
Servlet initialization parameters can be retrieved in a
servlet or JSP page by calling:
String value =
getServletConfig().getInitParameter("name");
where "name" matches the <param-name> element of
one of these initialization parameters.
You can define any number of servlets, including zero.
-->
<servlet>
<servlet-name>AxisServlet</servlet-name>
<display-name>Apache-Axis Servlet</display-name>
<servlet-class>
org.apache.axis.transport.http.AxisServlet
</servlet-class>
</servlet>
<servlet>
<servlet-name>AdminServlet</servlet-name>
<display-name>Axis Admin Servlet</display-name>
<servlet-class>
org.apache.axis.transport.http.AdminServlet
</servlet-class>
<load-on-startup>100</load-on-startup>
</servlet>
<servlet>
<servlet-name>SOAPMonitorService</servlet-name>
<display-name>SOAPMonitorService</display-name>
<servlet-class>
org.apache.axis.monitor.SOAPMonitorService
</servlet-class>
<init-param>
<param-name>SOAPMonitorPort</param-name>
<param-value>5001</param-value>
</init-param>
<load-on-startup>100</load-on-startup>
</servlet>
<servlet>
<servlet-name>WebGoat</servlet-name>
<description>
This servlet plays the "controller" role in the MVC architecture
used in this application.
The initialization parameter namess for this servlet are the
"servlet path" that will be received by this servlet (after the
filename extension is removed). The corresponding value is the
name of the action class that will be used to process this request.
</description>
<servlet-class>org.owasp.webgoat.HammerHead</servlet-class>
<init-param>
<param-name>email</param-name>
<param-value>WebGoat@owasp.org</param-value>
<description>The EMAIL address of the administrator to whom questions
and comments about this application should be addressed.
</description>
</init-param>
<init-param>
<param-name>debug</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>CookieDebug</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>DefuseOSCommands</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>Enterprise</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>CodingExercises</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<!-- Specify an address where you would like comments to be sent. -->
<!-- This can be any URL or HTML tags, and will appear on the report card and lesson incomplete pages -->
<!-- Use iso8859-1 encoding to represent special characters that might confuse XML parser. For
example, replace "<" with "&lt;" and ">" with "&gt;". -->
<param-name>FeedbackAddress</param-name>
<param-value>
&lt;A HREF=mailto:webgoat@owasp.org&gt;webgoat@owasp.org&lt;/A&gt;
</param-value>
</init-param>
<init-param>
<param-name>DatabaseDriver</param-name>
<param-value>
org.hsqldb.jdbcDriver
</param-value>
</init-param>
<init-param>
<param-name>DatabaseConnectionString</param-name>
<!--
The string "${USER}" in the connection string will be replaced by the active username
when making a connection.
-->
<param-value>jdbc:hsqldb:mem:${USER}</param-value>
</init-param>
<!--
<init-param>
<param-name>DefaultLanguage</param-name>
<param-value>en</param-value>
</init-param>
-->
<!-- Load this servlet at server startup time -->
<load-on-startup>5</load-on-startup>
</servlet>
<servlet>
<servlet-name>LessonSource</servlet-name>
<description>
This servlet returns the Java source of the current lesson.
</description>
<servlet-class>org.owasp.webgoat.LessonSource</servlet-class>
</servlet>
<servlet>
<servlet-name>Catcher</servlet-name>
<description>
This servlet catches any posts and marks the appropriate lesson property.
</description>
<servlet-class>org.owasp.webgoat.Catcher</servlet-class>
</servlet>
<servlet>
<servlet-name>conf</servlet-name>
<jsp-file>/lessons/ConfManagement/config.jsp</jsp-file>
</servlet>
<!-- spring MVC -->
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>*.mvc</url-pattern>
</servlet-mapping>
<listener>
<description>Spring context init</description>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<description>Spring context init</description>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<listener>
<description>WebGoat application init</description>
<listener-class>org.owasp.webgoat.application.WebGoatServletListener</listener-class>
</listener>
<!-- end spring MVC -->
<!-- spring security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- end spring security -->
<!-- Define mappings that are used by the servlet container to
translate a particular request URI (context-relative) to a
particular servlet. The examples below correspond to the
servlet descriptions above. Thus, a request URI like:
http://localhost:8080/{contextpath}/graph
will be mapped to the "graph" servlet, while a request like:
http://localhost:8080/{contextpath}/saveCustomer.mvc
will be mapped to the "controller" servlet.
You may define any number of servlet mappings, including zero.
It is also legal to define more than one mapping for the same
servlet, if you wish to.
-->
<servlet-mapping>
<servlet-name>AxisServlet</servlet-name>
<url-pattern>/servlet/AxisServlet</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>AxisServlet</servlet-name>
<url-pattern>*.jws</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>AxisServlet</servlet-name>
<url-pattern>/services/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>SOAPMonitorService</servlet-name>
<url-pattern>/SOAPMonitor</url-pattern>
</servlet-mapping>
<!-- uncomment this if you want the admin servlet -->
<servlet-mapping>
<servlet-name>AdminServlet</servlet-name>
<url-pattern>/servlet/AdminServlet</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>WebGoat</servlet-name>
<url-pattern>/attack</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>LessonSource</servlet-name>
<url-pattern>/source</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Catcher</servlet-name>
<url-pattern>/catcher</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>conf</servlet-name>
<url-pattern>/conf</url-pattern>
</servlet-mapping>
<!-- Define the default session timeout for your application,
in minutes. From a servlet or JSP page, you can modify
the timeout for a particular session dynamically by using
HttpSession.getMaxInactiveInterval(). -->
<session-config>
<!-- 2 days -->
<session-timeout>2880</session-timeout>
</session-config>
<mime-mapping>
<extension>wmv</extension>
<mime-type>video/x-ms-wmv</mime-type>
</mime-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>

589
src/main/webapp/main.jsp
View File

@ -1,294 +1,295 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.Category, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.util.*, java.util.*"
errorPage="" %>
<%
WebSession webSession = ((WebSession) session.getAttribute(WebSession.SESSION));
Course course = webSession.getCourse();
AbstractLesson currentLesson = webSession.getCurrentLesson();
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<%@page import="org.owasp.webgoat.lessons.RandomLessonAdapter"%>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title><%=currentLesson.getTitle()%></title>
<link rel="stylesheet" href="css/webgoat.css" type="text/css" />
<link rel="stylesheet" href="css/lesson.css" type="text/css" />
<link rel="stylesheet" href="css/menu.css" type="text/css" />
<link rel="stylesheet" href="css/layers.css" type="text/css" />
<script language="JavaScript1.2" src="javascript/javascript.js" type="text/javascript"></script>
<script language="JavaScript1.2" src="javascript/menu_system.js" type="text/javascript"></script>
<script language="JavaScript1.2" src="javascript/lessonNav.js" type="text/javascript"></script>
<script language="JavaScript1.2" src="javascript/makeWindow.js" type="text/javascript"></script>
<script language="JavaScript1.2" src="javascript/toggle.js" type="text/javascript"></script>
</head>
<%
final String menuPrefix = WebSession.MENU;
final String submenuPrefix = "submenu";
final String mbutPrefix = "mbut";
String printHint = "";
String printParameters = "";
String printCookies = "";
String lessonComplete = "<img src=\"images/buttons/lessonComplete.jpg\">";
List categories = course.getCategories();
StringBuffer buildList = new StringBuffer();
Iterator iter1 = categories.iterator();
while (iter1.hasNext()) {
Category category = (Category) iter1.next();
buildList.append("'");
buildList.append(menuPrefix);
buildList.append(category.getRanking());
buildList.append("','");
buildList.append(submenuPrefix);
buildList.append(category.getRanking());
buildList.append("','");
buildList.append(mbutPrefix);
buildList.append(category.getRanking());
buildList.append("'");
if (iter1.hasNext()) {
buildList.append(",");
}
}%>
<body class="page" onload="setMenuMagic1(10, 40, 10, 'menubottom',<%=buildList%>);
trigMM1url('<%= menuPrefix%>', 1);
MM_preloadImages('images/buttons/hintLeftOver.jpg', 'images/buttons/hintOver.jpg', 'images/buttons/hintRightOver.jpg', 'images/buttons/paramsOver.jpg', 'images/buttons/htmlOver.jpg', 'images/buttons/cookiesOver.jpg', 'images/buttons/javaOver.jpg', 'images/buttons/plansOver.jpg', 'images/buttons/logout.jpg', 'images/buttons/helpOver.jpg');
initIframe();">
<div id="wrap">
<%
int topCord = 140;
int zIndex = 105;
Iterator iter2 = categories.iterator();
while (iter2.hasNext()) {
Category category = (Category) iter2.next();
%>
<div id="<%=menuPrefix + category.getRanking()%>" style="position:absolute; left:30px; top:<%=topCord%>px; width:160px; z-index:<%=zIndex%>"><a href="javascript:;" onclick="trigMenuMagic1('<%=menuPrefix + category.getRanking()%>', 1);
return false" onfocus="if (this.blur)
this.blur()"><img src="images/menu_images/1x1.gif" width="1" height=1"20" name="mbut<%=category.getRanking()%>" border="0" alt=""/><%=category.getName()%></a></div>
<%
topCord = topCord + 30;
zIndex = zIndex + 1;
}
int topSubMenu = 72;
Iterator iter3 = categories.iterator();
while (iter3.hasNext()) {
Category category = (Category) iter3.next();
List lessons = webSession.getLessons(category);
Iterator iter4 = lessons.iterator();
%>
<div id="submenu<%=category.getRanking()%>" class="pviimenudiv" style="position:absolute; left:200px; top:<%=topSubMenu%>px; width:150px; visibility: hidden; z-index:<%=zIndex%>">
<table width="150" border="0" cellspacing="6" cellpadding="0"><%
topSubMenu = topSubMenu + 30;
zIndex = zIndex + 1;
while (iter4.hasNext()) {
AbstractLesson lesson = (AbstractLesson) iter4.next();
%><tr>
<td><%=(lesson.isCompleted(webSession) ? lessonComplete : "")%><a href="<%=lesson.getLink()%>"><%=lesson.getTitle()%></a></td>
</tr>
<% if (lesson instanceof RandomLessonAdapter) {
RandomLessonAdapter rla = (RandomLessonAdapter) lesson;
String[] stages = rla.getStages();
if (stages != null)
for (int i = 0; i < stages.length; i++) {
%>
<tr><td class="pviimenudivstage"><%=(rla.isStageComplete(webSession, stages[i]) ? lessonComplete : "")%><a href="<%=lesson.getLink() + "&stage=" + (i + 1)%>">Stage <%=i + 1%>: <%=stages[i]%></a>
</td></tr>
<%
}
}
%>
<%
}
%>
</table>
</div><%
}%>
<div id="top"></div>
<div id="topLeft">
<div align="left">
<% if (currentLesson.getAvailableLanguages().size() != 0) {
%>
<form method="get" action="attack" style="display: inline;">
Choose another language: <select name="language" size="1"
onChange="changeLanguage();">
<%
for (String lang : currentLesson.getAvailableLanguages()) {
%>
<option value="<%=lang%>"
<% if (webSession.getCurrrentLanguage().equals(lang)) {
out.println("selected");
}%>><%=lang%>
</option>
<%
}
%>
</select></form>
<%
} else {
%>
Internationalization is not available for this lesson
<%
}
%>
</div></div>
<div align="right" id="topRight">
<a href="j_spring_security_logout" onmouseout="MM_swapImgRestore()"
onmouseover="MM_swapImage('logout', '', 'images/buttons/logoutOver.jpg', 1)"><img
src="images/buttons/logout.jpg" alt="LogOut" name="logout" width="45"
height="22" border="0" id="logout" /></a> <a href="#getFAQ()"
onmouseout="MM_swapImgRestore()"
onmouseover="MM_swapImage('help', '', 'images/buttons/helpOver.jpg', 1)"><img
src="images/buttons/help.jpg" alt="Help" name="help" width="22"
height="22" border="0" id="help" /></a>
</div>
<div id="lessonTitle" align="right"><%=currentLesson.getTitle()%></div>
<div id="hMenuBar">
<%
if (webSession.isAuthorizedInLesson(webSession.getRole(), WebSession.SHOWHINTS)) {
%>
<a href="<%= webSession.getCurrentLesson().getLink()%>&show=PreviousHint" target="_top" onclick="MM_nbGroup('down', 'group1', 'hintLeft', '', 1)"
onmouseover="MM_nbGroup('over', 'hintLeft', 'images/buttons/hintLeftOver.jpg', '', 1)"
onmouseout="MM_nbGroup('out')">
<img src="images/buttons/hintLeft.jpg" alt="Previous Hint" name="hintLeft" width="20" height="20" border="0" id="hintLeft"/>
</a>
<a href="<%= webSession.getCurrentLesson().getLink()%>&show=NextHint" target="_top" onclick="MM_nbGroup('down', 'group1', 'hint', '', 1)"
onmouseover="MM_nbGroup('over', 'hint', 'images/buttons/hintOver.jpg', '', 1)"
onmouseout="MM_nbGroup('out')">
<img src="images/buttons/hint.jpg" alt="Hints" name="hint" width="35" height="20" border="0" id="hint"/>
</a>
<a href="<%= webSession.getCurrentLesson().getLink()%>&show=NextHint" target="_top" onclick="MM_nbGroup('down', 'group1', 'hintRight', '', 1)"
onmouseover="MM_nbGroup('over', 'hintRight', 'images/buttons/hintRightOver.jpg', '', 1)"
onmouseout="MM_nbGroup('out')">
<img src="images/buttons/hintRight.jpg" alt="Next Hint" name="hintRight" width="20" height="20" border="0" id="hintRight"/>
</a>
<%}%>
<a href="<%= webSession.getCurrentLesson().getLink()%>&show=Params" target="_top" onclick="MM_nbGroup('down', 'group1', 'params', '', 1)"
onmouseover="MM_nbGroup('over', 'params', 'images/buttons/paramsOver.jpg', '', 1)"
onmouseout="MM_nbGroup('out')">
<img src="images/buttons/params.jpg" alt="Show Params" name="<%= webSession.getCurrentLesson().getLink()%>&show=Params" width="87" height="20" border="0" id="params"/>
</a>
<a href="<%= webSession.getCurrentLesson().getLink()%>&show=Cookies" target="_top" onclick="MM_nbGroup('down', 'group1', 'cookies', '', 1)"
onmouseover="MM_nbGroup('over', 'cookies', 'images/buttons/cookiesOver.jpg', '', 1)"
onmouseout="MM_nbGroup('out')">
<img src="images/buttons/cookies.jpg" alt="Show Cookies" name="cookies" width="99" height="20" border="0" id="cookies"/>
</a>
<a href="javascript:toggle('lessonPlans')" target="_top" onclick="MM_nbGroup('down', 'group1', 'plans', '', 1)"
onmouseover="MM_nbGroup('over', 'plans', 'images/buttons/plansOver.jpg', '', 1)"
onmouseout="MM_nbGroup('out')">
<img src="images/buttons/plans.jpg" alt="Lesson Plans" width="89" height="20" border="0" id="plans"/>
</a>
<%
if (webSession.isAuthorizedInLesson(webSession.getRole(), WebSession.SHOWSOURCE)) {
%>
<a href="source" onclick="makeWindow(this.href + '?source=true', 'Java Source');
return false;" target="javaWin"
onmouseover="MM_nbGroup('over', 'java', 'images/buttons/javaOver.jpg', '', 1)"
onmouseout="MM_nbGroup('out')">
<img src="images/buttons/java.jpg" alt="Show Java" name="java" width="75" height="20" border="0" id="java"/>
</a>
<a href="source" onclick="makeWindow(this.href + '?solution=true', 'Java Solution');
return false;" target="javaWin"
onmouseover="MM_nbGroup('over', 'solutions', 'images/buttons/solutionsOver.jpg', '', 1)"
onmouseout="MM_nbGroup('out')">
<img src="images/buttons/solutions.jpg" alt="Show Solution" name="solutions" width="73" height="20" border="0" id="solutions"/>
</a>
<%}%>
</div>
<div id="twoCol">
<div id="menuSpacer"></div>
<div id="lessonAreaTop">
<%
if (currentLesson != null) {
%>
<div id="training_wrap">
<div id="training" class="info"><a href="http://yehg.net/lab/pr0js/training/webgoat.php" target="_blank"><%=WebGoatI18N.get("SolutionVideos")%></a></div>
<div id="reset" class="info"><a href="<%=webSession.getRestartLink()%>"><%=WebGoatI18N.get("RestartLesson")%></a></div>
</div>
<%
}
%>
</div>
<div id="lessonArea">
<%
if (webSession.getHint() != null) {
printHint = "<div id=\"hint\" class=\"info\">" + webSession.getHint() + "</div><br>";
out.println(printHint);
}
if (webSession.getParams() != null) {
Iterator i = webSession.getParams().iterator();
while (i.hasNext()) {
Parameter p = (Parameter) i.next();
printParameters = "<div id=\"parameter\" class=\"info\">" + p.getName() + "=" + p.getValue() + "</div><br>";
out.println(printParameters);
}
}
if (webSession.getCookies() != null) {
Iterator i = webSession.getCookies().iterator();
while (i.hasNext()) {
Cookie c = (Cookie) i.next();
printCookies = "<div id=\"cookie\" class=\"info\">" + c.getName() + " <img src=\"images/icons/rightArrow.jpg\" alt=\"\"> " + c.getValue() + "</div><br>";
out.println(printCookies);
}
}%>
<div id="lessonPlans" style="visibility:hidden; height:1px; position:absolute; left:260px; top:130px; width:425px; z-index:105;"><%=currentLesson.getLessonPlan(webSession)%>
<br/>
<br/>
<a href="javascript:toggle('lessonPlans')" target="_top" onclick="MM_nbGroup('down', 'group1', 'plans', '', 1)">Close this Window</a>
</div>
<div id="lessonContent">
<%
AbstractLesson lesson = webSession.getCurrentLesson();
if (lesson instanceof RandomLessonAdapter) {
RandomLessonAdapter rla = (RandomLessonAdapter) lesson;
%>
<div class="info">Stage <%= rla.getLessonTracker(webSession).getStageNumber(rla.getStage(webSession)) + 1%></div>
<%
}
%>
<%=webSession.getInstructions()%></div>
<div id="message" class="info"><%=webSession.getMessage()%></div>
<%
if (currentLesson.getTemplatePage(webSession) != null) {
//System.out.println("Main.jsp - current lesson: " + currentLesson.getName() );
//System.out.println(" - template Page: " + currentLesson.getTemplatePage(webSession));
%>
<jsp:include page="<%=currentLesson.getTemplatePage(webSession)%>" />
<%
} else {
%>
<div id="lessonContent"><%=currentLesson.getContent()%></div>
<%
}
%>
<div id="credits">
<% out.println(currentLesson.getCredits());%>
</div>
</div>
</div>
<div id="bottom">
<div align="center"><a href="http://www.owasp.org">OWASP Foundation</a> |
<a href="http://www.owasp.org/index.php/OWASP_WebGoat_Project">Project WebGoat</a> |
<a href="reportBug.jsp">Report Bug</a>
</div>
</div>
</div>
</body>
</html>
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.Category, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.util.*, java.util.*"
errorPage="" %>
<%
WebSession webSession = ((WebSession) session.getAttribute(WebSession.SESSION));
Course course = webSession.getCourse();
AbstractLesson currentLesson = webSession.getCurrentLesson();
LabelManager labelManager = BeanProvider.getBean("labelManager", LabelManager.class);
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<%@page import="org.owasp.webgoat.lessons.RandomLessonAdapter"%>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title><%=currentLesson.getTitle()%></title>
<link rel="stylesheet" href="css/webgoat.css" type="text/css" />
<link rel="stylesheet" href="css/lesson.css" type="text/css" />
<link rel="stylesheet" href="css/menu.css" type="text/css" />
<link rel="stylesheet" href="css/layers.css" type="text/css" />
<script language="JavaScript1.2" src="javascript/javascript.js" type="text/javascript"></script>
<script language="JavaScript1.2" src="javascript/menu_system.js" type="text/javascript"></script>
<script language="JavaScript1.2" src="javascript/lessonNav.js" type="text/javascript"></script>
<script language="JavaScript1.2" src="javascript/makeWindow.js" type="text/javascript"></script>
<script language="JavaScript1.2" src="javascript/toggle.js" type="text/javascript"></script>
</head>
<%
final String menuPrefix = WebSession.MENU;
final String submenuPrefix = "submenu";
final String mbutPrefix = "mbut";
String printHint = "";
String printParameters = "";
String printCookies = "";
String lessonComplete = "<img src=\"images/buttons/lessonComplete.jpg\">";
List categories = course.getCategories();
StringBuffer buildList = new StringBuffer();
Iterator iter1 = categories.iterator();
while (iter1.hasNext()) {
Category category = (Category) iter1.next();
buildList.append("'");
buildList.append(menuPrefix);
buildList.append(category.getRanking());
buildList.append("','");
buildList.append(submenuPrefix);
buildList.append(category.getRanking());
buildList.append("','");
buildList.append(mbutPrefix);
buildList.append(category.getRanking());
buildList.append("'");
if (iter1.hasNext()) {
buildList.append(",");
}
}%>
<body class="page" onload="setMenuMagic1(10, 40, 10, 'menubottom',<%=buildList%>);
trigMM1url('<%= menuPrefix%>', 1);
MM_preloadImages('images/buttons/hintLeftOver.jpg', 'images/buttons/hintOver.jpg', 'images/buttons/hintRightOver.jpg', 'images/buttons/paramsOver.jpg', 'images/buttons/htmlOver.jpg', 'images/buttons/cookiesOver.jpg', 'images/buttons/javaOver.jpg', 'images/buttons/plansOver.jpg', 'images/buttons/logout.jpg', 'images/buttons/helpOver.jpg');
initIframe();">
<div id="wrap">
<%
int topCord = 140;
int zIndex = 105;
Iterator iter2 = categories.iterator();
while (iter2.hasNext()) {
Category category = (Category) iter2.next();
%>
<div id="<%=menuPrefix + category.getRanking()%>" style="position:absolute; left:30px; top:<%=topCord%>px; width:160px; z-index:<%=zIndex%>"><a href="javascript:;" onclick="trigMenuMagic1('<%=menuPrefix + category.getRanking()%>', 1);
return false" onfocus="if (this.blur)
this.blur()"><img src="images/menu_images/1x1.gif" width="1" height=1"20" name="mbut<%=category.getRanking()%>" border="0" alt=""/><%=category.getName()%></a></div>
<%
topCord = topCord + 30;
zIndex = zIndex + 1;
}
int topSubMenu = 72;
Iterator iter3 = categories.iterator();
while (iter3.hasNext()) {
Category category = (Category) iter3.next();
List lessons = webSession.getLessons(category);
Iterator iter4 = lessons.iterator();
%>
<div id="submenu<%=category.getRanking()%>" class="pviimenudiv" style="position:absolute; left:200px; top:<%=topSubMenu%>px; width:150px; visibility: hidden; z-index:<%=zIndex%>">
<table width="150" border="0" cellspacing="6" cellpadding="0"><%
topSubMenu = topSubMenu + 30;
zIndex = zIndex + 1;
while (iter4.hasNext()) {
AbstractLesson lesson = (AbstractLesson) iter4.next();
%><tr>
<td><%=(lesson.isCompleted(webSession) ? lessonComplete : "")%><a href="<%=lesson.getLink()%>"><%=lesson.getTitle()%></a></td>
</tr>
<% if (lesson instanceof RandomLessonAdapter) {
RandomLessonAdapter rla = (RandomLessonAdapter) lesson;
String[] stages = rla.getStages();
if (stages != null)
for (int i = 0; i < stages.length; i++) {
%>
<tr><td class="pviimenudivstage"><%=(rla.isStageComplete(webSession, stages[i]) ? lessonComplete : "")%><a href="<%=lesson.getLink() + "&stage=" + (i + 1)%>">Stage <%=i + 1%>: <%=stages[i]%></a>
</td></tr>
<%
}
}
%>
<%
}
%>
</table>
</div><%
}%>
<div id="top"></div>
<div id="topLeft">
<div align="left">
<% if (currentLesson.getAvailableLanguages().size() != 0) {
%>
<form method="get" action="attack" style="display: inline;">
Choose another language: <select name="language" size="1"
onChange="changeLanguage();">
<%
for (String lang : currentLesson.getAvailableLanguages()) {
%>
<option value="<%=lang%>"
<% if (webSession.getCurrrentLanguage().equals(lang)) {
out.println("selected");
}%>><%=lang%>
</option>
<%
}
%>
</select></form>
<%
} else {
%>
Internationalization is not available for this lesson
<%
}
%>
</div></div>
<div align="right" id="topRight">
<a href="j_spring_security_logout" onmouseout="MM_swapImgRestore()"
onmouseover="MM_swapImage('logout', '', 'images/buttons/logoutOver.jpg', 1)"><img
src="images/buttons/logout.jpg" alt="LogOut" name="logout" width="45"
height="22" border="0" id="logout" /></a> <a href="#getFAQ()"
onmouseout="MM_swapImgRestore()"
onmouseover="MM_swapImage('help', '', 'images/buttons/helpOver.jpg', 1)"><img
src="images/buttons/help.jpg" alt="Help" name="help" width="22"
height="22" border="0" id="help" /></a>
</div>
<div id="lessonTitle" align="right"><%=currentLesson.getTitle()%></div>
<div id="hMenuBar">
<%
if (webSession.isAuthorizedInLesson(webSession.getRole(), WebSession.SHOWHINTS)) {
%>
<a href="<%= webSession.getCurrentLesson().getLink()%>&show=PreviousHint" target="_top" onclick="MM_nbGroup('down', 'group1', 'hintLeft', '', 1)"
onmouseover="MM_nbGroup('over', 'hintLeft', 'images/buttons/hintLeftOver.jpg', '', 1)"
onmouseout="MM_nbGroup('out')">
<img src="images/buttons/hintLeft.jpg" alt="Previous Hint" name="hintLeft" width="20" height="20" border="0" id="hintLeft"/>
</a>
<a href="<%= webSession.getCurrentLesson().getLink()%>&show=NextHint" target="_top" onclick="MM_nbGroup('down', 'group1', 'hint', '', 1)"
onmouseover="MM_nbGroup('over', 'hint', 'images/buttons/hintOver.jpg', '', 1)"
onmouseout="MM_nbGroup('out')">
<img src="images/buttons/hint.jpg" alt="Hints" name="hint" width="35" height="20" border="0" id="hint"/>
</a>
<a href="<%= webSession.getCurrentLesson().getLink()%>&show=NextHint" target="_top" onclick="MM_nbGroup('down', 'group1', 'hintRight', '', 1)"
onmouseover="MM_nbGroup('over', 'hintRight', 'images/buttons/hintRightOver.jpg', '', 1)"
onmouseout="MM_nbGroup('out')">
<img src="images/buttons/hintRight.jpg" alt="Next Hint" name="hintRight" width="20" height="20" border="0" id="hintRight"/>
</a>
<%}%>
<a href="<%= webSession.getCurrentLesson().getLink()%>&show=Params" target="_top" onclick="MM_nbGroup('down', 'group1', 'params', '', 1)"
onmouseover="MM_nbGroup('over', 'params', 'images/buttons/paramsOver.jpg', '', 1)"
onmouseout="MM_nbGroup('out')">
<img src="images/buttons/params.jpg" alt="Show Params" name="<%= webSession.getCurrentLesson().getLink()%>&show=Params" width="87" height="20" border="0" id="params"/>
</a>
<a href="<%= webSession.getCurrentLesson().getLink()%>&show=Cookies" target="_top" onclick="MM_nbGroup('down', 'group1', 'cookies', '', 1)"
onmouseover="MM_nbGroup('over', 'cookies', 'images/buttons/cookiesOver.jpg', '', 1)"
onmouseout="MM_nbGroup('out')">
<img src="images/buttons/cookies.jpg" alt="Show Cookies" name="cookies" width="99" height="20" border="0" id="cookies"/>
</a>
<a href="javascript:toggle('lessonPlans')" target="_top" onclick="MM_nbGroup('down', 'group1', 'plans', '', 1)"
onmouseover="MM_nbGroup('over', 'plans', 'images/buttons/plansOver.jpg', '', 1)"
onmouseout="MM_nbGroup('out')">
<img src="images/buttons/plans.jpg" alt="Lesson Plans" width="89" height="20" border="0" id="plans"/>
</a>
<%
if (webSession.isAuthorizedInLesson(webSession.getRole(), WebSession.SHOWSOURCE)) {
%>
<a href="source" onclick="makeWindow(this.href + '?source=true', 'Java Source');
return false;" target="javaWin"
onmouseover="MM_nbGroup('over', 'java', 'images/buttons/javaOver.jpg', '', 1)"
onmouseout="MM_nbGroup('out')">
<img src="images/buttons/java.jpg" alt="Show Java" name="java" width="75" height="20" border="0" id="java"/>
</a>
<a href="source" onclick="makeWindow(this.href + '?solution=true', 'Java Solution');
return false;" target="javaWin"
onmouseover="MM_nbGroup('over', 'solutions', 'images/buttons/solutionsOver.jpg', '', 1)"
onmouseout="MM_nbGroup('out')">
<img src="images/buttons/solutions.jpg" alt="Show Solution" name="solutions" width="73" height="20" border="0" id="solutions"/>
</a>
<%}%>
</div>
<div id="twoCol">
<div id="menuSpacer"></div>
<div id="lessonAreaTop">
<%
if (currentLesson != null) {
%>
<div id="training_wrap">
<div id="training" class="info"><a href="http://yehg.net/lab/pr0js/training/webgoat.php" target="_blank"><%=labelManager.get("SolutionVideos")%></a></div>
<div id="reset" class="info"><a href="<%=webSession.getRestartLink()%>"><%=labelManager.get("RestartLesson")%></a></div>
</div>
<%
}
%>
</div>
<div id="lessonArea">
<%
if (webSession.getHint() != null) {
printHint = "<div id=\"hint\" class=\"info\">" + webSession.getHint() + "</div><br>";
out.println(printHint);
}
if (webSession.getParams() != null) {
Iterator i = webSession.getParams().iterator();
while (i.hasNext()) {
Parameter p = (Parameter) i.next();
printParameters = "<div id=\"parameter\" class=\"info\">" + p.getName() + "=" + p.getValue() + "</div><br>";
out.println(printParameters);
}
}
if (webSession.getCookies() != null) {
Iterator i = webSession.getCookies().iterator();
while (i.hasNext()) {
Cookie c = (Cookie) i.next();
printCookies = "<div id=\"cookie\" class=\"info\">" + c.getName() + " <img src=\"images/icons/rightArrow.jpg\" alt=\"\"> " + c.getValue() + "</div><br>";
out.println(printCookies);
}
}%>
<div id="lessonPlans" style="visibility:hidden; height:1px; position:absolute; left:260px; top:130px; width:425px; z-index:105;"><%=currentLesson.getLessonPlan(webSession)%>
<br/>
<br/>
<a href="javascript:toggle('lessonPlans')" target="_top" onclick="MM_nbGroup('down', 'group1', 'plans', '', 1)">Close this Window</a>
</div>
<div id="lessonContent">
<%
AbstractLesson lesson = webSession.getCurrentLesson();
if (lesson instanceof RandomLessonAdapter) {
RandomLessonAdapter rla = (RandomLessonAdapter) lesson;
%>
<div class="info">Stage <%= rla.getLessonTracker(webSession).getStageNumber(rla.getStage(webSession)) + 1%></div>
<%
}
%>
<%=webSession.getInstructions()%></div>
<div id="message" class="info"><%=webSession.getMessage()%></div>
<%
if (currentLesson.getTemplatePage(webSession) != null) {
//System.out.println("Main.jsp - current lesson: " + currentLesson.getName() );
//System.out.println(" - template Page: " + currentLesson.getTemplatePage(webSession));
%>
<jsp:include page="<%=currentLesson.getTemplatePage(webSession)%>" />
<%
} else {
%>
<div id="lessonContent"><%=currentLesson.getContent()%></div>
<%
}
%>
<div id="credits">
<% out.println(currentLesson.getCredits());%>
</div>
</div>
</div>
<div id="bottom">
<div align="center"><a href="http://www.owasp.org">OWASP Foundation</a> |
<a href="http://www.owasp.org/index.php/OWASP_WebGoat_Project">Project WebGoat</a> |
<a href="reportBug.jsp">Report Bug</a>
</div>
</div>
</div>
</body>
</html>