Separated DB usage for messages in CSRF and Stored XSS

Many cosmetic english changes Fixed IE rendering for Challenge git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@350 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-07-09 00:17:20 +00:00
parent 29f0222258
commit 71460125b6
14 changed files with 99 additions and 70 deletions
--- a/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/SqlNumericInjection.java
@ -128,7 +128,14 @@ public class SqlNumericInjection extends SequentialLessonAdapter
 					{
 						makeSuccess(s);
 						getLessonTracker(s).setStage(2);
-						s.setMessage("Start this lesson over to attack a parameterized query.");
+						StringBuffer msg = new StringBuffer();
+
+						msg.append("Bet you can't do it again! ");
+						msg.append("This lesson has detected your successfull attack ");
+						msg.append("and has now switched to a defensive mode. ");
+						msg.append("Try again to attack a parameterized query.");
+
+						s.setMessage(msg.toString());
 					}
 				}
 				else
@ -222,9 +229,9 @@ public class SqlNumericInjection extends SequentialLessonAdapter

 		ec.addElement(new P().addElement("Select your local weather station: "));

-		Map stations = getStations(s);
+		Map<String, String> stations = getStations(s);
 		Select select = new Select(STATION_ID);
-		Iterator it = stations.keySet().iterator();
+		Iterator<String> it = stations.keySet().iterator();
 		while (it.hasNext())
 		{
 			String key = (String) it.next();
@ -244,7 +251,7 @@ public class SqlNumericInjection extends SequentialLessonAdapter
 	 * 
 	 * @return A map containing each station, indexed by station number
 	 */
-	protected Map getStations(WebSession s) throws SQLException, ClassNotFoundException
+	protected Map<String, String> getStations(WebSession s) throws SQLException, ClassNotFoundException
 	{

 		Connection connection = DatabaseUtilities.getConnection(s);