Minor fixes

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@337 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-04-14 12:03:55 +00:00
parent c4b5bb0758
commit 15d80a3006
9 changed files with 57 additions and 35 deletions
--- a/main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin1.java
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/MultiLevelLogin1.java
@ -803,7 +803,7 @@ public class MultiLevelLogin1 extends SequentialLessonAdapter
 		List<String> hints = new ArrayList<String>();

 		hints.add("Stage 1: Just do a regular login");
-		hints.add("Stage 2: How does the server know which TAN has to be used");
+		hints.add("Stage 2: How does the server know which TAN has to be used?");
 		hints.add("Stage 2: Maybe taking a look at the source code helps");
 		hints.add("Stage 2: Watch out for hidden fields");
 		hints.add("Stage 2: Manipulate the hidden field 'hidden_tan'");
@ -822,7 +822,7 @@ public class MultiLevelLogin1 extends SequentialLessonAdapter
 		{
 			instructions = "STAGE 1:\t This stage is just to show how a classic multi login works. "
 					+ "Your goal is to do a regular login as <b>Jane</b> with password <b>tarzan</b>. "
-					+ "You have following TAN: <br>" + "Tan #1 = 15648<br>" + "Tan #2 = 92156<br>"
+					+ "You have following TANs: <br>" + "Tan #1 = 15648<br>" + "Tan #2 = 92156<br>"
 					+ "Tan #3 = 4879<br>" + "Tan #4 = 9458<br>" + "Tan #5 = 4879<br>";

 		}
--- a/main/project/JavaSource/org/owasp/webgoat/lessons/PasswordStrength.java
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/PasswordStrength.java
@ -7,6 +7,7 @@ import org.apache.ecs.Element;
 import org.apache.ecs.ElementContainer;
 import org.apache.ecs.StringElement;
 import org.apache.ecs.html.BR;
+import org.apache.ecs.html.Div;
 import org.apache.ecs.html.Input;
 import org.apache.ecs.html.TD;
 import org.apache.ecs.html.TR;
@ -127,8 +128,11 @@ public class PasswordStrength extends LessonAdapter
 			ec.addElement(table);
 			ec.addElement(new BR());
 			ec.addElement(new BR());
+			Div div = new Div();
+			div.addAttribute("align", "center");
 			Element b = ECSFactory.makeButton("Go!");
-			ec.addElement(b);
+			div.addElement(b);
+			ec.addElement(div);
 		} catch (Exception e)
 		{
 			s.setMessage("Error generating " + this.getClass().getName());
@ -155,7 +159,7 @@ public class PasswordStrength extends LessonAdapter
 	public List<String> getHints(WebSession s)
 	{
 		List<String> hints = new ArrayList<String>();
-		hints.add("Copy the passwords in the code checker.");
+		hints.add("Copy the passwords into the code checker.");
 		return hints;
 	}

--- a/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java
@ -151,7 +151,7 @@ public class RoleBasedAccessControl extends GoatHillsFinancial
 				instructions = "Stage 1: Bypass Presentational Layer Access Control.<br>"
 						+ "As regular employee 'Tom', exploit weak access control to use the Delete function from the Staff List page.  "
 						+ "Verify that Tom's profile can be deleted."
-						+ "The password for a user is always his prename..";
+						+ "The password for a user is always his prename.";
 			}
 			else if (STAGE2.equals(stage))
 			{
@ -191,25 +191,12 @@ public class RoleBasedAccessControl extends GoatHillsFinancial

 		try
 		{
-			System.out.println("Solution: " + getLessonSolutionFileName(s));
 			src = readFromFile(new BufferedReader(new FileReader(s.getWebResource(getLessonSolutionFileName(s)))), false);
 		} catch (IOException e)
 		{
 			s.setMessage("Could not find the solution file");
 			src = ("Could not find the solution file");
 		}
-
-//		Html html = new Html();
-//
-//		Head head = new Head();
-//		head.addElement(new Title(getLessonSolutionFileName(s)));
-//
-//		Body body = new Body();
-//		body.addElement(new StringElement(src));
-//
-//		html.addElement(head);
-//		html.addElement(body);
-
 		return src;
 	}

--- a/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/SQLInjection/SQLInjection.java
@ -1,6 +1,9 @@

 package org.owasp.webgoat.lessons.SQLInjection;

+import java.io.BufferedReader;
+import java.io.FileReader;
+import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
 import org.apache.ecs.ElementContainer;
@ -245,4 +248,27 @@ public class SQLInjection extends GoatHillsFinancial
 	{
 		return "LAB: SQL Injection";
 	}
+	
+	@Override
+	public String getSolution(WebSession s) {
+		String src = null;
+
+		try
+		{
+			src = readFromFile(new BufferedReader(new FileReader(s.getWebResource(getLessonSolutionFileName(s)))), false);
+		} catch (IOException e)
+		{
+			s.setMessage("Could not find the solution file");
+			src = ("Could not find the solution file");
+		}
+		return src;
+	}
+	
+	public String getLessonSolutionFileName(WebSession s) {
+		System.out.println("SOLUTION!!!");
+		String solutionFileName = null;
+		String stage = getStage(s);
+		solutionFileName = "/lesson_solutions/Lab SQL Injection/Lab " + stage + ".html";
+		return solutionFileName;
+	}
 }