Restructured the baseline to remove extra src/main directory structure. Added eclipes project file

git-svn-id: http://webgoat.googlecode.com/svn/branches/webgoat-6.0@485 4033779f-a91e-0410-96ef-6bf7bf53c507
2012-11-19 23:57:51 +00:00
parent fb938e0933
commit 6a96547ef0
1204 changed files with 85 additions and 2 deletions
--- a/webapp/lessons/SQLInjection/ListStaff.jsp
+++ b/webapp/lessons/SQLInjection/ListStaff.jsp
@ -0,0 +1,57 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+	import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.SQLInjection.SQLInjection" 
+	errorPage="" %>
+<%
+	WebSession webSession = ((WebSession)session.getAttribute("websession"));
+	int myUserId = webSession.getUserIdInLesson();
+%>
+	<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span> - Staff Listing Page</div>
+		<br>
+		<br>
+		<br>
+		<p>Select from the list below	</p>
+
+		<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
+  <table width="60%" border="0" cellpadding="3">
+    <tr>
+      <td>  <label>
+  <select name="<%=SQLInjection.EMPLOYEE_ID%>" size="11">
+			      	<%
+			      	List employees = (List) session.getAttribute("SQLInjection." + SQLInjection.STAFF_ATTRIBUTE_KEY);
+			      	Iterator i = employees.iterator();
+			      	EmployeeStub stub = (EmployeeStub) i.next();%>
+			      	<option selected value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()+ " (" + stub.getRole() + ")"%></option><%
+					while (i.hasNext())
+					{
+						stub = (EmployeeStub) i.next();%>
+						<option value="<%=Integer.toString(stub.getId())%>"><%=stub.getFirstName() + " " + stub.getLastName()+ " (" + stub.getRole() + ")"%></option><%
+					}%>
+  </select>
+  </label></td>
+      <td>
+	        	<input type="submit" name="action" value="<%=SQLInjection.SEARCHSTAFF_ACTION%>"/><br>
+	        	<input type="submit" name="action" value="<%=SQLInjection.VIEWPROFILE_ACTION%>"/><br>
+            		<% 
+				if (webSession.isAuthorizedInLesson(myUserId, SQLInjection.CREATEPROFILE_ACTION))
+				{
+				%>
+					<input type="submit" disabled name="action" value="<%=SQLInjection.CREATEPROFILE_ACTION%>"/><br>
+				<% 
+				}
+				%>
+            		<% 
+				if (webSession.isAuthorizedInLesson(myUserId, SQLInjection.DELETEPROFILE_ACTION))
+				{
+				%>
+					<input type="submit" name="action" value="<%=SQLInjection.DELETEPROFILE_ACTION%>"/><br>
+				<% 
+				}
+				%>
+			<br>
+					<input type="submit" name="action" value="<%=SQLInjection.LOGOUT_ACTION%>"/>
+	  </td>
+    </tr>
+  </table>
+
+		</form>
+