dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

minor bug fixes and enhancements, including proper dollar value formatting

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@364 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
brandon.devries 2008-08-14 14:31:17 +00:00
parent 71e53c1ffb
commit 5854b66614
17 changed files with 168 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
main/project/JavaSource/org/owasp/webgoat/lessons/Challenge2Screen.java
View File

@ -26,6 +26,7 @@ import org.apache.ecs.html.BR;
import org.apache.ecs.html.Center;
import org.apache.ecs.html.H1;
import org.apache.ecs.html.HR;
import org.apache.ecs.html.IFrame;
import org.apache.ecs.html.Input;
import org.apache.ecs.html.P;
import org.apache.ecs.html.TD;
@ -383,18 +384,14 @@ public class Challenge2Screen extends SequentialLessonAdapter
{
ElementContainer ec = new ElementContainer();
// get current text and compare to the new text
String origpath = s.getContext().getRealPath(WEBGOAT_CHALLENGE + "_" + s.getUserName() + JSP);
String defaced = getFileText(new BufferedReader(new FileReader(origpath)), false);
String origText = getFileText(new BufferedReader(new FileReader(s.getContext()
.getRealPath(WEBGOAT_CHALLENGE_JSP))), false);
// show webgoat.jsp text
ec.addElement(new H1().addElement("Original Website Text"));
ec.addElement(new P().addElement(origText));
ec.addElement(new IFrame().setHeight("500").setWidth("100%").setSrc("/WebGoat/" + WEBGOAT_CHALLENGE_JSP));
ec.addElement(new HR());
ec.addElement(new H1().addElement("Defaced Website Text"));
ec.addElement(new P().addElement(defaced));
ec.addElement(new IFrame().setHeight("500").setWidth("100%").setSrc(
"/WebGoat/" + WEBGOAT_CHALLENGE + "_"
+ s.getUserName() + JSP));
ec.addElement(new HR());
return ec;

1
main/project/JavaSource/org/owasp/webgoat/lessons/HttpBasics.java
View File

@ -92,6 +92,7 @@ public class HttpBasics extends LessonAdapter
{
List<String> hints = new ArrayList<String>();
hints.add("Type in your name and press 'go'");
hints.add("Turn on Show Parameters or other features");
hints.add("Try to intercept the request with WebScarab");
hints.add("Press the Show Lesson Plan button to view a lesson summary");
hints.add("Press the Show Solution button to view a lesson solution");

35
main/project/JavaSource/org/owasp/webgoat/lessons/RandomLessonAdapter.java
View File

@ -1,6 +1,10 @@
package org.owasp.webgoat.lessons;
import java.sql.Connection;
import java.sql.SQLException;
import org.owasp.webgoat.session.CreateDB;
import org.owasp.webgoat.session.DatabaseUtilities;
import org.owasp.webgoat.session.LessonTracker;
import org.owasp.webgoat.session.RandomLessonTracker;
import org.owasp.webgoat.session.WebSession;
@ -14,6 +18,19 @@ public abstract class RandomLessonAdapter extends LessonAdapter
public void setStage(WebSession s, String stage)
{
getLessonTracker(s).setStage(stage);
try
{
Connection connection = DatabaseUtilities.getConnection(s);
CreateDB db = new CreateDB();
db.makeDB(connection);
System.out.println("Successfully refreshed the database.");
} catch (SQLException sqle)
{
System.out.println("Error refreshing the database!");
sqle.printStackTrace();
}
}
public String getStage(WebSession s)
@ -31,8 +48,22 @@ public abstract class RandomLessonAdapter extends LessonAdapter
}
else
{
s.setMessage("You have completed " + stage + ".");
if (!stage.equals(lt.getStage())) s.setMessage(" Welcome to " + lt.getStage());
s.setMessage("You have completed Stage " + (lt.getStageNumber(stage) + 1) + ": " + stage + ".");
if (!stage.equals(lt.getStage()))
s.setMessage(" Welcome to Stage " + (lt.getStageNumber(lt.getStage()) + 1) + ": " + lt.getStage());
}
try
{
Connection connection = DatabaseUtilities.getConnection(s);
CreateDB db = new CreateDB();
db.makeDB(connection);
System.out.println("Successfully refreshed the database.");
} catch (SQLException sqle)
{
System.out.println("Error refreshing the database!");
sqle.printStackTrace();
}
}

29
main/project/JavaSource/org/owasp/webgoat/lessons/ReflectedXSS.java
View File

@ -1,6 +1,7 @@
package org.owasp.webgoat.lessons;
import java.text.DecimalFormat;
import java.util.ArrayList;
import java.util.List;
import java.util.regex.Pattern;
@ -76,6 +77,8 @@ public class ReflectedXSS extends LessonAdapter
float total = 0.0f;
float runningTotal = 0.0f;
DecimalFormat money = new DecimalFormat("$0.00");
// test input field1
if (!pattern1.matcher(param1).matches())
{
@ -110,36 +113,36 @@ public class ReflectedXSS extends LessonAdapter
tr.addElement(new TD().addElement("69.99").setAlign("right"));
tr.addElement(new TD().addElement(
new Input(Input.TEXT, "QTY1", s.getParser().getStringParameter("QTY1",
"1")))
.setAlign("right"));
"1"))
.setSize(6)).setAlign("right"));
quantity = s.getParser().getFloatParameter("QTY1", 0.0f);
total = quantity * 69.99f;
runningTotal += total;
tr.addElement(new TD().addElement("$" + total));
tr.addElement(new TD().addElement(money.format(total)));
t.addElement(tr);
tr = new TR();
tr.addElement(new TD().addElement("Dynex - Traditional Notebook Case"));
tr.addElement(new TD().addElement("27.99").setAlign("right"));
tr.addElement(new TD().addElement(
new Input(Input.TEXT, "QTY2", s.getParser().getStringParameter("QTY2",
"1")))
.setAlign("right"));
"1"))
.setSize(6)).setAlign("right"));
quantity = s.getParser().getFloatParameter("QTY2", 0.0f);
total = quantity * 27.99f;
runningTotal += total;
tr.addElement(new TD().addElement("$" + total));
tr.addElement(new TD().addElement(money.format(total)));
t.addElement(tr);
tr = new TR();
tr.addElement(new TD().addElement("Hewlett-Packard - Pavilion Notebook with Intel Centrino"));
tr.addElement(new TD().addElement("1599.99").setAlign("right"));
tr.addElement(new TD().addElement(
new Input(Input.TEXT, "QTY3", s.getParser().getStringParameter("QTY3",
"1")))
.setAlign("right"));
"1"))
.setSize(6)).setAlign("right"));
quantity = s.getParser().getFloatParameter("QTY3", 0.0f);
total = quantity * 1599.99f;
runningTotal += total;
tr.addElement(new TD().addElement("$" + total));
tr.addElement(new TD().addElement(money.format(total)));
t.addElement(tr);
tr = new TR();
tr.addElement(new TD().addElement("3 - Year Performance Service Plan $1000 and Over "));
@ -147,12 +150,12 @@ public class ReflectedXSS extends LessonAdapter
tr.addElement(new TD().addElement(
new Input(Input.TEXT, "QTY4", s.getParser().getStringParameter("QTY4",
"1")))
.setAlign("right"));
"1"))
.setSize(6)).setAlign("right"));
quantity = s.getParser().getFloatParameter("QTY4", 0.0f);
total = quantity * 299.99f;
runningTotal += total;
tr.addElement(new TD().addElement("$" + total));
tr.addElement(new TD().addElement(money.format(total)));
t.addElement(tr);
ec.addElement(t);
@ -168,7 +171,7 @@ public class ReflectedXSS extends LessonAdapter
tr = new TR();
tr.addElement(new TD().addElement("The total charged to your credit card:"));
tr.addElement(new TD().addElement("$" + runningTotal));
tr.addElement(new TD().addElement(money.format(runningTotal)));
tr.addElement(new TD().addElement(ECSFactory.makeButton("Update Cart")));
t.addElement(tr);
tr = new TR();

14
main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java
View File

@ -7,11 +7,6 @@ import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.StringElement;
import org.apache.ecs.html.Body;
import org.apache.ecs.html.Head;
import org.apache.ecs.html.Html;
import org.apache.ecs.html.Title;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.GoatHillsFinancial.DefaultLessonAction;
import org.owasp.webgoat.lessons.GoatHillsFinancial.FindProfile;
@ -100,23 +95,24 @@ public class RoleBasedAccessControl extends GoatHillsFinancial
*/
protected List<String> getHints(WebSession s)
{
String stage = getStage(s);
List<String> hints = new ArrayList<String>();
hints.add("Many sites attempt to restrict access to resources by role.");
hints.add("Developers frequently make mistakes implementing this scheme.");
hints.add("Attempt combinations of users, roles, and resources.");
// Stage 1
hints.add("Stage1: How does the application know that the user selected the delete function?");
hints.add("Stage2: You have to code to check the authorization of the user for the action.");
// Stage 2
hints.add("Stage2: You have to code to check the authorization of the user for the action.");
// Stage 3
hints.add("Stage3: How does the application know that the user selected any particular employee to view?");
// Stage 4
hints.add("Note that the contents of the staff listing change depending on who is logged in.");
hints
.add("Stage4: You have to code to check the authorization of the user for the action on a certain employee.");
@ -147,7 +143,7 @@ public class RoleBasedAccessControl extends GoatHillsFinancial
instructions = "Stage 1: Bypass Presentational Layer Access Control.<br>"
+ "As regular employee 'Tom', exploit weak access control to use the Delete function from the Staff List page. "
+ "Verify that Tom's profile can be deleted."
+ "The password for a user is always his prename.";
+ "The password for a user is always their first name.";
}
else if (STAGE2.equals(stage))
{

2
main/project/JavaSource/org/owasp/webgoat/lessons/SessionFixation.java
View File

@ -245,7 +245,7 @@ public class SessionFixation extends SequentialLessonAdapter
+ "During the last week we had a few problems with our database. "
+ "We have received many complaints regarding incorrect account details. "
+ "Please use the following link to verify your account "
+ "data:<br><br><center><a href=http://localhost/WebGoat/"
+ "data:<br><br><center><a href=/WebGoat/"
+ link
+ "> Goat Hills Financial</a></center><br><br>"
+ "We are sorry for the any inconvenience and thank you for your cooparation.<br><br>"

4
main/project/JavaSource/org/owasp/webgoat/lessons/SoapRequest.java
View File

@ -300,8 +300,8 @@ public class SoapRequest extends SequentialLessonAdapter
{
getLessonTracker(s).setStage(3);
s.setMessage("Stage 2 completed. ");
// s.setMessage("Now, you'll craft a SOAP envelope for invoking a web service
// directly.");
// s.setMessage(
// "Now, you'll craft a SOAP envelope for invoking a web service directly.");
// Redirect user to Stage2 content.
ec.addElement(doStage3(s));

2
main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java
View File

@ -316,7 +316,7 @@ public class SqlNumericInjection extends SequentialLessonAdapter
+ "\"SELECT * FROM weather_data WHERE station = \" + station ");
hints.add("Compound SQL statements can be made by joining multiple tests with keywords like AND and OR. "
+ "Try appending a SQL statement that always resolves to true.");
hints.add("Try to intercept the post request with WebScarab and replace the station " + "with 101 OR 1 = 1");
hints.add("Try to intercept the post request with WebScarab and replace the station " + "with [ 101 OR 1 = 1 ].");
return hints;
}

2
main/project/JavaSource/org/owasp/webgoat/lessons/UncheckedEmail.java
View File

@ -131,7 +131,7 @@ public class UncheckedEmail extends LessonAdapter
s.setMessage("The attack worked! Now try to attack another person than the admin.");
}
// only complete the lesson if they changed the "to" hidden field and they sen a
// only complete the lesson if they changed the "to" hidden field and they send a
// script tag in the message
if (to.length() > 0 && !"webgoat.admin@owasp.org".equals(to) && message.contains("<script"))
{

60
main/project/JavaSource/org/owasp/webgoat/session/CreateDB.java
View File

@ -319,7 +319,7 @@ public class CreateDB
}
/**
* Create users whith tans
* Create users with tans
*
* @param connection
* @throws SQLException
@ -826,6 +826,63 @@ public class CreateDB
//
// --------------------------------------------------------------------------
/**
* Start creation of data for WebServices labs
*/
private void createTransactionTable(Connection connection) throws SQLException
{
Statement statement = connection.createStatement();
try
{
String dropTable = "DROP TABLE transactions";
statement.executeUpdate(dropTable);
} catch (SQLException e)
{
System.out.println("Warning: unable to drop Transactions");
}
try
{
String createTable = "CREATE TABLE Transactions (" + "userName VARCHAR(16) NOT NULL, "
+ "sequence INTEGER NOT NULL, " + "from_account VARCHAR(16) NOT NULL, "
+ "to_account VARCHAR(16) NOT NULL, " + "transactionDate TIMESTAMP NOT NULL, "
+ "description VARCHAR(255) NOT NULL, " + "amount INTEGER NOT NULL" + ")";
statement.executeUpdate(createTable);
} catch (SQLException e)
{
System.out.println("Error: unable to create Transactions: " + e.getLocalizedMessage());
throw e;
}
String[] data = new String[] {
"'dave', 0, '238-4723-4024', '324-7635-9867', '2008-02-06 21:40:00', 'Mortgage', '150'",
"'dave', 1, '238-4723-4024', '324-7635-9867', '2008-02-12 21:41:00', 'Car', '150'",
"'dave', 2, '238-4723-4024', '324-7635-9867', '2008-02-20 21:42:00', 'School fees', '150'",
"'CEO', 3, '348-6324-9872', '345-3490-8345', '2008-02-15 21:40:00', 'Rolls Royce', '-150000'",
"'CEO', 4, '348-6324-9872', '342-5893-4503', '2008-02-25 21:41:00', 'Mansion', '-150000'",
"'CEO', 5, '348-6324-9872', '980-2344-5492', '2008-02-27 21:42:00', 'Vacation', '-150000'",
"'jeff', 6, '934-2002-3485', '783-2409-8234', '2008-02-01 21:40:00', 'Vet', '250'",
"'jeff', 7, '934-2002-3485', '634-5879-0345', '2008-02-19 21:41:00', 'Doctor', '800'",
"'jeff', 8, '934-2002-3485', '435-4325-3358', '2008-02-20 21:42:00', 'X-rays', '200'", };
try
{
for (int i = 0; i < data.length; i++)
{
statement.executeUpdate("INSERT INTO Transactions VALUES (" + data[i] + ");");
}
} catch (SQLException sqle)
{
System.out.println("Error: Unable to insert data: " + sqle);
int errorCode = sqle.getErrorCode();
System.out.println("Error Code: " + errorCode);
// ignore exceptions for Oracle and SQL Server
if (errorCode != 911 && errorCode != 273) { throw sqle; }
}
}
/**
* Description of the Method
*
@ -848,6 +905,7 @@ public class CreateDB
createAuthTable(connection);
createOwnershipTable(connection);
createWeatherDataTable(connection);
createTransactionTable(connection);
createTanUserDataTable(connection);
createTanTable(connection);
System.out.println("Success: creating tables.");

14
main/project/JavaSource/org/owasp/webgoat/session/LessonTracker.java
View File

@ -162,13 +162,13 @@ public class LessonTracker
protected void setProperties(Properties props, Screen screen)
{
completed = Boolean.valueOf(props.getProperty(screen.getTitle() + ".completed")).booleanValue();
maxHintLevel = Integer.parseInt(props.getProperty(screen.getTitle() + ".maxHintLevel"));
numVisits = Integer.parseInt(props.getProperty(screen.getTitle() + ".numVisits"));
viewedCookies = Boolean.valueOf(props.getProperty(screen.getTitle() + ".viewedCookies")).booleanValue();
viewedHtml = Boolean.valueOf(props.getProperty(screen.getTitle() + ".viewedHtml")).booleanValue();
viewedLessonPlan = Boolean.valueOf(props.getProperty(screen.getTitle() + ".viewedLessonPlan")).booleanValue();
viewedParameters = Boolean.valueOf(props.getProperty(screen.getTitle() + ".viewedParameters")).booleanValue();
viewedSource = Boolean.valueOf(props.getProperty(screen.getTitle() + ".viewedSource")).booleanValue();
maxHintLevel = Integer.parseInt(props.getProperty(screen.getTitle() + ".maxHintLevel", "0"));
numVisits = Integer.parseInt(props.getProperty(screen.getTitle() + ".numVisits", "0"));
viewedCookies = Boolean.valueOf(props.getProperty(screen.getTitle() + ".viewedCookies", "false")).booleanValue();
viewedHtml = Boolean.valueOf(props.getProperty(screen.getTitle() + ".viewedHtml", "false")).booleanValue();
viewedLessonPlan = Boolean.valueOf(props.getProperty(screen.getTitle() + ".viewedLessonPlan", "false")).booleanValue();
viewedParameters = Boolean.valueOf(props.getProperty(screen.getTitle() + ".viewedParameters", "false")).booleanValue();
viewedSource = Boolean.valueOf(props.getProperty(screen.getTitle() + ".viewedSource", "false")).booleanValue();
}
public static String getUserDir(WebSession s)

2
main/project/WebContent/WEB-INF/webgoat_sqlserver.sql
View File

@ -215,7 +215,7 @@ IF EXISTS (SELECT name FROM sys.assemblies WHERE name = N'RegexMatch')
DROP ASSEMBLY RegexMatch;
GO
CREATE ASSEMBLY RegexMatch FROM 'C:\AspectClass\Database\Labs\project\WebContent\WEB-INF\RegexMatch.dll' WITH PERMISSION_SET = SAFE;
CREATE ASSEMBLY RegexMatch FROM 'C:\AspectClass\Database\Labs\tomcat\webapps\WebGoat\WEB-INF\RegexMatch.dll' WITH PERMISSION_SET = SAFE;
GO
CREATE FUNCTION webgoat_guest.RegexMatch (

2
main/project/WebContent/lesson_plans/HttpBasics.html
View File

@ -23,5 +23,5 @@ After sending the request and headers, the client may send additional data. This
Enter your name in the input field below and press "go" to submit. The server will accept the request, reverse the input, and display it back to the user, illustrating the basics of handling an HTTP request.
<br/><br/>
The user should become familiar with the features of WebGoat by manipulating the above
buttons to view hints and solution. You have to use WebScarab for the first time.
buttons to view hints, show the HTTP request parameters, the HTTP request cookies, and the Java source code. You may also try using WebScarab for the first time.
<!-- Stop Instructions -->

2
main/project/WebContent/lesson_plans/PasswordStrength.html
View File

@ -3,7 +3,7 @@
</div>
<p><b>Concept / Topic To Teach:</b> </p>
<!-- Start Instructions -->
Accounts are only as secure as there passwords. Most users have the same weak password everywhere. If you want to protect them against brute-force-attacks your application should have good requirements for passwords. The password should contain lower case letters, capitals and numbers. The longer the password, the better.
Accounts are only as secure as their passwords. Most users have the same weak password everywhere. If you want to protect them against brute-force-attacks your application should have good requirements for passwords. The password should contain lower case letters, capitals and numbers. The longer the password, the better.
<!-- Stop Instructions -->
<br>
<p><b>General Goal(s):</b> </p>

2
main/project/WebContent/lesson_solutions/SqlNumericInjection.html
View File

@ -620,7 +620,7 @@ style='font-family:"Arial","sans-serif"'>Solution:<o:p></o:p></span></b></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>The
application is taking the input from the select box and inserts it at the end of a pre-formed
application is taking the input from the select box and inserting it at the end of a pre-formed
SQL command.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Compound SQL

38
main/project/WebContent/lessons/RoleBasedAccessControl/ViewProfile.jsp
View File

@ -2,9 +2,9 @@
import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.RoleBasedAccessControl.RoleBasedAccessControl"
errorPage="" %>
<%
Employee employee = (Employee) session.getAttribute("RoleBasedAccessControl." + RoleBasedAccessControl.EMPLOYEE_ATTRIBUTE_KEY);
WebSession webSession = ((WebSession)session.getAttribute("websession"));
// int myUserId = getIntSessionAttribute(webSession, "RoleBasedAccessControl." + RoleBasedAccessControl.USER_ID);
Employee employee = (Employee) session.getAttribute("RoleBasedAccessControl." + RoleBasedAccessControl.EMPLOYEE_ATTRIBUTE_KEY);
//int myUserId = webSession.getUserIdInLesson();
%>
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span> - View Profile Page</div>
<div class="lesson_text">
@ -13,71 +13,71 @@
First Name:
</TD>
<TD>
<span class="lesson_text_db"><%=employee.getFirstName()%></span>
<span class="lesson_text_db"><%=(employee == null ? "unknown" : employee.getFirstName())%></span>
</TD>
<TD>
Last Name:
</TD>
<TD>
<span class="lesson_text_db"><%=employee.getLastName()%></span>
<span class="lesson_text_db"><%=(employee == null ? "unknown" : employee.getLastName())%></span>
</TD>
</TR>
<TR><TD>
Street:
</TD>
<TD>
<span class="lesson_text_db"><%=employee.getAddress1()%></span>
<span class="lesson_text_db"><%=(employee == null ? "unknown" : employee.getAddress1())%></span>
</TD>
<TD>
City/State:
<TD>
<span class="lesson_text_db"><%=employee.getAddress2()%></span>
<span class="lesson_text_db"><%=(employee == null ? "unknown" : employee.getAddress2())%></span>
</TD>
</TR>
<TR><TD>
Phone:
</TD>
<TD>
<span class="lesson_text_db"><%=employee.getPhoneNumber()%></span>
<span class="lesson_text_db"><%=(employee == null ? "unknown" : employee.getPhoneNumber())%></span>
</TD>
<TD>
Start Date:
</TD>
<TD>
<span class="lesson_text_db"><%=employee.getStartDate()%></span>
<span class="lesson_text_db"><%=(employee == null ? "unknown" : employee.getStartDate())%></span>
</TD>
</TR>
<TR><TD>
SSN:
</TD>
<TD>
<span class="lesson_text_db"><%=employee.getSsn()%></span>
<span class="lesson_text_db"><%=(employee == null ? "unknown" : employee.getSsn())%></span>
</TD>
<TD>
Salary:
</TD>
<TD>
<span class="lesson_text_db"><%=employee.getSalary()%></span>
<span class="lesson_text_db"><%=(employee == null ? "unknown" : employee.getSalary())%></span>
</TD>
</TR>
<TR><TD>
Credit Card:
</TD>
<TD>
<span class="lesson_text_db"><%=employee.getCcn()%></span>
<span class="lesson_text_db"><%=(employee == null ? "unknown" : employee.getCcn())%></span>
</TD>
<TD>
Credit Card Limit:
</TD>
<TD>
<span class="lesson_text_db"><%=employee.getCcnLimit()%></span>
<span class="lesson_text_db"><%=(employee == null ? "unknown" : employee.getCcnLimit())%></span>
</TD>
</TR>
<TR><TD>
Comments:
</TD>
<TD colspan="3">
<span class="lesson_text_db"><%=employee.getPersonalDescription()%></span>
<span class="lesson_text_db"><%=(employee == null ? "unknown" : employee.getPersonalDescription())%></span>
</TD>
</TR>
<TR>
@ -88,11 +88,11 @@
Disc. Dates:
</TD>
<TD>
<span class="lesson_text_db"><%=employee.getDisciplinaryActionDate()%></span>
<span class="lesson_text_db"><%=(employee == null ? "unknown" : employee.getDisciplinaryActionDate())%></span>
</TD>
<TR>
<TD colspan="4">
<span class="lesson_text_db"><%=employee.getDisciplinaryActionNotes()%></span>
<span class="lesson_text_db"><%=(employee == null ? "unknown" : employee.getDisciplinaryActionNotes())%></span>
</TD>
</TR>
<TR>
@ -100,7 +100,7 @@
Manager:
</TD>
<TD>
<span class="lesson_text_db"><%=employee.getManager()%></span>
<span class="lesson_text_db"><%=(employee == null ? "unknown" : employee.getManager())%></span>
</TD>
</TR>
</Table>
@ -114,7 +114,7 @@
{
%>
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<input type="hidden" name="<%=RoleBasedAccessControl.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
<input type="hidden" name="<%=RoleBasedAccessControl.EMPLOYEE_ID%>" value="<%=(employee == null ? "unknown" : employee.getId())%>">
<input type="submit" name="action" value="<%=RoleBasedAccessControl.LISTSTAFF_ACTION%>"/>
</form>
<%
@ -126,7 +126,7 @@
{
%>
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<input type="hidden" name="<%=RoleBasedAccessControl.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
<input type="hidden" name="<%=RoleBasedAccessControl.EMPLOYEE_ID%>" value="<%=(employee == null ? "unknown" : employee.getId())%>">
<input type="submit" name="action" value="<%=RoleBasedAccessControl.EDITPROFILE_ACTION%>"/>
</form>
<%
@ -139,7 +139,7 @@
{
%>
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<input type="hidden" name="<%=RoleBasedAccessControl.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
<input type="hidden" name="<%=RoleBasedAccessControl.EMPLOYEE_ID%>" value="<%=(employee == null ? "unknown" : employee.getId())%>">
<input type="submit" name="action" value="<%=RoleBasedAccessControl.DELETEPROFILE_ACTION%>"/>
</form>
<%

13
main/project/WebContent/main.jsp
View File

@ -98,6 +98,7 @@ StringBuffer buildList = new StringBuffer();
<% if (lesson instanceof RandomLessonAdapter) {
RandomLessonAdapter rla = (RandomLessonAdapter) lesson;
String[] stages = rla.getStages();
if (stages != null)
for (int i=0; i<stages.length; i++) {
%>
<tr><td class="pviimenudivstage"><%=(rla.isStageComplete(webSession, stages[i]) ? lessonComplete : "")%><a href="<%=lesson.getLink() + "&stage=" + (i+1) %>">Stage <%=i+1%>: <%=stages[i] %></a>
@ -216,7 +217,17 @@ StringBuffer buildList = new StringBuffer();
<br/>
<a href="javascript:toggle('lessonPlans')" target="_top" onclick="MM_nbGroup('down','group1','plans','',1)">Close this Window</a>
</div>
<div id="lessonContent"><%=webSession.getInstructions()%></div>
<div id="lessonContent">
<%
AbstractLesson lesson = webSession.getCurrentLesson();
if (lesson instanceof RandomLessonAdapter) {
RandomLessonAdapter rla = (RandomLessonAdapter) lesson;
%>
<div class="info">Stage <%= rla.getLessonTracker(webSession).getStageNumber(rla.getStage(webSession)) + 1 %></div>
<%
}
%>
<%=webSession.getInstructions()%></div>
<div id="message" class="info"><%=webSession.getMessage()%></div>
<%