From 50c4d9c170bb4e0d2eacaf77a554c9028df6b06b Mon Sep 17 00:00:00 2001
From: Nanne Baars <nbaars@xebia.com>
Date: Fri, 18 Mar 2016 13:17:10 +0100
Subject: [PATCH 1/4] Removed duplicate entry

---
 webgoat-container/src/main/webapp/WEB-INF/webgoat.properties | 1 -
 1 file changed, 1 deletion(-)

diff --git a/webgoat-container/src/main/webapp/WEB-INF/webgoat.properties b/webgoat-container/src/main/webapp/WEB-INF/webgoat.properties
index f96d0c4ec..761512785 100644
--- a/webgoat-container/src/main/webapp/WEB-INF/webgoat.properties
+++ b/webgoat-container/src/main/webapp/WEB-INF/webgoat.properties
@@ -10,7 +10,6 @@ lesson.BasicAuthentication.hidden=true
 lesson.BlindScript.hidden=true
 lesson.RemoteAdminFlaw.hidden=true
 lesson.HttpSplitting.hidden=true
-lesson.BasicAuthentication.hidden=true
 lesson.SameOriginPolicyProtection.hidden=true
 lesson.SilentTransactions.hidden=true
 lesson.TraceXSS.hidden=true

From bc6b040f4284e5163f451f97fc0405e6634c5c80 Mon Sep 17 00:00:00 2001
From: Nanne Baars <nbaars@xebia.com>
Date: Fri, 18 Mar 2016 13:39:18 +0100
Subject: [PATCH 2/4] Injection Flaws | XPath Injection date file path issue
 #184   - Enabled the lesson again because lesson has been fixed

---
 webgoat-container/src/main/webapp/WEB-INF/webgoat.properties | 1 -
 1 file changed, 1 deletion(-)

diff --git a/webgoat-container/src/main/webapp/WEB-INF/webgoat.properties b/webgoat-container/src/main/webapp/WEB-INF/webgoat.properties
index 761512785..43a26ba47 100644
--- a/webgoat-container/src/main/webapp/WEB-INF/webgoat.properties
+++ b/webgoat-container/src/main/webapp/WEB-INF/webgoat.properties
@@ -15,5 +15,4 @@ lesson.SilentTransactions.hidden=true
 lesson.TraceXSS.hidden=true
 lesson.DBSQLInjection.hidden=true
 lesson.DBCrossSiteScripting.hidden=true
-lesson.XPATHInjection.hidden=true
 lesson.ForcedBrowsing.hidden=true

From 7a7fb088ad8d85cdce3c307fad2ba41bfe45025f Mon Sep 17 00:00:00 2001
From: Nanne Baars <nbaars@xebia.com>
Date: Fri, 18 Mar 2016 14:38:49 +0100
Subject: [PATCH 3/4] #173 Added the URL for WebGoat to the console output

---
 .../src/main/java/org/owasp/webgoat/HammerHead.java            | 1 +
 webgoat-container/src/main/resources/log4j.properties          | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/HammerHead.java b/webgoat-container/src/main/java/org/owasp/webgoat/HammerHead.java
index 2c15bf538..8af97ff56 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/HammerHead.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/HammerHead.java
@@ -243,6 +243,7 @@ public class HammerHead extends HttpServlet {
         httpDateFormat.setTimeZone(TimeZone.getTimeZone("GMT"));
         propertiesPath = getServletContext().getRealPath("/WEB-INF/webgoat.properties");
         webgoatContext = new WebgoatContext(this);
+        logger.info("Browse to http://localhost:8080/WebGoat and happy hacking!");
     }
 
     /**
diff --git a/webgoat-container/src/main/resources/log4j.properties b/webgoat-container/src/main/resources/log4j.properties
index 7dee72c2e..2d27828df 100644
--- a/webgoat-container/src/main/resources/log4j.properties
+++ b/webgoat-container/src/main/resources/log4j.properties
@@ -17,7 +17,8 @@ log4j.appender.CONSOLE.layout.conversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p
 
 
 # a little less spring output
-log4j.category.org.springframework = INFO 
+log4j.category.org.springframework = INFO
+log4j.category.org.apache=INFO
 
 log4j.appender.default.out=org.apache.log4j.ConsoleAppender
 log4j.appender.default.out.threeshold=DEBUG

From 181549468124bc45cf3bda78409a7390cc6ffe69 Mon Sep 17 00:00:00 2001
From: Nanne Baars <nbaars@xebia.com>
Date: Sat, 19 Mar 2016 12:40:28 +0100
Subject: [PATCH 4/4] Injection Flaws -> Limit Command Injection success to a
 set of commands and clarify this to the user #179   - Defuse command boolean
 flag is no longer necessary due to a change in the lesson, removed this flag
 from the webgoat-container project

---
 .../org/owasp/webgoat/session/WebgoatContext.java | 15 ---------------
 webgoat-container/src/main/webapp/WEB-INF/web.xml |  4 ----
 2 files changed, 19 deletions(-)

diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/session/WebgoatContext.java b/webgoat-container/src/main/java/org/owasp/webgoat/session/WebgoatContext.java
index c2f8c97ff..23faed378 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/session/WebgoatContext.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/session/WebgoatContext.java
@@ -51,9 +51,6 @@ public class WebgoatContext {
     /** Constant <code>SHOWHINTS="ShowHints"</code> */
     public final static String SHOWHINTS = "ShowHints";
 
-    /** Constant <code>DEFUSEOSCOMMANDS="DefuseOSCommands"</code> */
-    public final static String DEFUSEOSCOMMANDS = "DefuseOSCommands";
-
     /** Constant <code>FEEDBACK_ADDRESS_HTML="FeedbackAddressHTML"</code> */
     public final static String FEEDBACK_ADDRESS_HTML = "FeedbackAddressHTML";
 
@@ -86,8 +83,6 @@ public class WebgoatContext {
 
     private boolean showSolution = false;
 
-    private boolean defuseOSCommands = false;
-
     private boolean enterprise = false;
 
     private boolean codingExercises = false;
@@ -123,7 +118,6 @@ public class WebgoatContext {
         showCookies = "true".equals(getParameter(servlet, SHOWCOOKIES));
         showSource = "true".equals(getParameter(servlet, SHOWSOURCE));
         showSolution = "true".equals(getParameter(servlet, SHOWSOLUTION));
-        defuseOSCommands = "true".equals(getParameter(servlet, DEFUSEOSCOMMANDS));
         enterprise = "true".equals(getParameter(servlet, ENTERPRISE));
         codingExercises = "true".equals(getParameter(servlet, CODING_EXERCISES));
         feedbackAddressHTML = getParameter(servlet, FEEDBACK_ADDRESS_HTML) != null ? getParameter(servlet,
@@ -192,15 +186,6 @@ public class WebgoatContext {
         return (databasePassword);
     }
 
-    /**
-     * <p>isDefuseOSCommands.</p>
-     *
-     * @return a boolean.
-     */
-    public boolean isDefuseOSCommands() {
-        return defuseOSCommands;
-    }
-
     /**
      * <p>isEnterprise.</p>
      *
diff --git a/webgoat-container/src/main/webapp/WEB-INF/web.xml b/webgoat-container/src/main/webapp/WEB-INF/web.xml
index 6431ce4f7..e566c64bf 100644
--- a/webgoat-container/src/main/webapp/WEB-INF/web.xml
+++ b/webgoat-container/src/main/webapp/WEB-INF/web.xml
@@ -126,10 +126,6 @@
             <param-name>CookieDebug</param-name>
             <param-value>true</param-value>
         </init-param>
-        <init-param>
-            <param-name>DefuseOSCommands</param-name>
-            <param-value>false</param-value>
-        </init-param>
         <init-param>
             <param-name>Enterprise</param-name>
             <param-value>true</param-value>