- Added some documentations.

- Changed some variable names for clarification git-svn-id: http://webgoat.googlecode.com/svn/trunk@24 4033779f-a91e-0410-96ef-6bf7bf53c507
2006-10-09 00:49:53 +00:00 · 2006-10-09 00:49:53 +00:00 · 6916632841
commit 6916632841
parent 6cc8bed0c7
2 changed files with 18 additions and 12 deletions
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java
@ -21,16 +21,16 @@ import org.owasp.webgoat.session.WebSession;

 public class HttpSplitting extends LessonAdapter {
 	
-	private final static String URL = "url";
+	private final static String LANGUAGE = "language";
+	
 	/**
 	 * Description of the Method
 	 * 
-	 * @param s Description of the Parameter
+	 * @param s Current WebSession
 	 */
 	public void handleRequest( WebSession s )
 	{
-		// call createContent first so messages will go somewhere
-
+		//Setting a special action to be able to submit to redirect.jsp
 		Form form = new Form( "/WebGoat/lessons/General/redirect.jsp?" +
 				        "Screen=" + String.valueOf(getScreenId()) +
 				        "&menu=" + getDefaultCategory().getRanking().toString()
@ -44,18 +44,20 @@ public class HttpSplitting extends LessonAdapter {
 	protected Element createContent(WebSession s)
 	{
 		ElementContainer ec = new ElementContainer();
-		StringBuffer url = null;
+		StringBuffer lang = null;
 		
 		try
 		{
+			//add the text
 			ec.addElement( new StringElement( "Search by country : " ) );

-			url = new StringBuffer( s.getParser().getStringParameter( URL, "" ) );
+			lang = new StringBuffer( s.getParser().getStringParameter( LANGUAGE, "" ) );
 			
-			Input input = new Input( Input.TEXT, URL, url.toString() );
+			//add the search by field
+			Input input = new Input( Input.TEXT, LANGUAGE, lang.toString() );
 			ec.addElement( input );
 	
-			Element b = ECSFactory.makeButton( "Go!" );
+			Element b = ECSFactory.makeButton( "Search!" );
 			
 			ec.addElement( b );
 						
@ -66,11 +68,15 @@ public class HttpSplitting extends LessonAdapter {
 			e.printStackTrace();
 		}
 		
+		//Check if we are coming from the redirect page
 		String fromRedirect = s.getParser().getStringParameter ( "fromRedirect" , "");
-		if ( url.length() != 0 && fromRedirect.length() != 0 )
+		if ( lang.length() != 0 && fromRedirect.length() != 0 )
 		{	
-			String[] arrTokens = url.toString().split(System.getProperty("line.separator"));
-			if (Arrays.binarySearch(arrTokens, "Content-Length: 0") >= 0 &&
+			//Split by the line separator line.separator is platform independant
+			String[] arrTokens = lang.toString().toUpperCase().split(System.getProperty("line.separator"));
+			
+			//Check if the user ended the first request and wrote the second malcious reply
+			if (Arrays.binarySearch(arrTokens, "CONTENT-LENGTH: 0") >= 0 &&
 					Arrays.binarySearch(arrTokens, "HTTP/1.1 200 OK") >= 0 )	
 			{	
 				makeSuccess( s );
--- a/webgoat/main/project/WebContent/lessons/General/redirect.jsp
+++ b/webgoat/main/project/WebContent/lessons/General/redirect.jsp
@ -10,7 +10,7 @@
 <% response.sendRedirect("/WebGoat/attack?" +
 		        "Screen=" + request.getParameter("Screen") +
 		        "&menu=" + request.getParameter("menu") +
-		        "&fromRedirect=yes&url=" + request.getParameter("url")); 
+		        "&fromRedirect=yes&language=" + request.getParameter("language")); 
 %>
 </body>
 </html>