dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

more changes for showSource and showHints

Browse Source
This commit is contained in:
Rick Lawson
2014-09-19 21:06:46 -04:00
parent 5c1b3e1916
commit 3fd7b34536
4 changed files with 26 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/main/java/org/owasp/webgoat/lessons/AbstractLesson.java
View File

@@ -60,8 +60,8 @@ import org.slf4j.LoggerFactory;
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository
* for free software projects.
* Source for this application is maintained at
* https://github.com/WebGoat/WebGoat, a repository for free software projects.
*
* For details, please see http://webgoat.github.io
*
@@ -70,7 +70,7 @@ import org.slf4j.LoggerFactory;
*/
public abstract class AbstractLesson extends Screen implements Comparable<Object> {
final Logger logger = LoggerFactory.getLogger(AbstractLesson.class);
private static final Logger logger = LoggerFactory.getLogger(AbstractLesson.class);
/**
* Description of the Field
@@ -612,6 +612,7 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
* @return
*/
public boolean isAuthorized(WebSession s, String role, String functionId) {
logger.info("Checking if " + role + " authorized for: " + functionId);
boolean authorized = false;
try {
String query = "SELECT * FROM auth WHERE role = '" + role + "' and functionid = '" + functionId + "'";
@@ -620,13 +621,14 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
ResultSet answer_results = answer_statement.executeQuery(query);
authorized = answer_results.first();
logger.info("authorized: "+ authorized);
} catch (SQLException sqle) {
s.setMessage("Error authorizing");
sqle.printStackTrace();
logger.error("Error authorizing", sqle);
}
} catch (Exception e) {
s.setMessage("Error authorizing");
e.printStackTrace();
logger.error("Error authorizing", e);
}
return authorized;
}