From 97571dbe908c14fb2f7a17cbfac9389f1e1fc4dd Mon Sep 17 00:00:00 2001
From: soylentmean <soylentmean@4033779f-a91e-0410-96ef-6bf7bf53c507>
Date: Tue, 6 Jan 2009 21:06:42 +0000
Subject: [PATCH] Lots of wording changes and HTML fixes.

git-svn-id: http://webgoat.googlecode.com/svn/trunk@373 4033779f-a91e-0410-96ef-6bf7bf53c507
---
 .../RoleBasedAccessControl.java                | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java
index f2cfe51b0..c28554cc2 100644
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java
@@ -140,30 +140,30 @@ public class RoleBasedAccessControl extends GoatHillsFinancial
 			String stage = getStage(s);
 			if (STAGE1.equals(stage))
 			{
-				instructions = "Stage 1: Bypass Presentational Layer Access Control.<br>"
+				instructions = "Stage 1: Bypass Presentational Layer Access Control.<br />"
 						+ "As regular employee 'Tom', exploit weak access control to use the Delete function from the Staff List page. "
 						+ "Verify that Tom's profile can be deleted. "
 						+ "The passwords for users are their given names in lowercase (e.g. the password for Tom Cat is \"tom\").";
 			}
 			else if (STAGE2.equals(stage))
 			{
-				instructions = "Stage 2: Add Business Layer Access Control.<br><br/>"
-						+ "<b><font color=blue> THIS LESSON ONLY WORKS WITH THE DEVELOPER VERSION OF WEBGOAT</font></b><br/><br/>"
+				instructions = "Stage 2: Add Business Layer Access Control.<br><br />"
+						+ "<b><font color=\"blue\"> THIS LESSON ONLY WORKS WITH THE DEVELOPER VERSION OF WEBGOAT</font></b><br /><br />"
 						+ "Implement a fix to deny unauthorized access to the Delete function. "
-						+ "Repeat stage 1.  Verify that access to Delete is properly denied.<br/>"
-						+ "To do this you have to alter code.";
+						+ "To do this, you will have to alter the WebGoat code. "
+						+ "Once you have done this, repeat stage 1 and verify that access to DeleteProfile functionality is properly denied.";
 			}
 			else if (STAGE3.equals(stage))
 			{
-				instructions = "Stage 3: Breaking Data Layer Access Control.<br>"
+				instructions = "Stage 3: Breaking Data Layer Access Control.<br />"
 						+ "As regular employee 'Tom', exploit weak access control to View another employee's profile. Verify the access.";
 			}
 			else if (STAGE4.equals(stage))
 			{
-				instructions = "Stage 4: Add Data Layer Access Control.<br><br/>"
-						+ "<b><font color=blue> THIS LESSON ONLY WORKS WITH THE DEVELOPER VERSION OF WEBGOAT</font></b><br/><br/>"
+				instructions = "Stage 4: Add Data Layer Access Control.<br><br />"
+						+ "<b><font color=\"blue\"> THIS LESSON ONLY WORKS WITH THE DEVELOPER VERSION OF WEBGOAT</font></b><br /><br />"
 						+ "Implement a fix to deny unauthorized access to this data. "
-						+ "Repeat stage 3.  Verify that access to other employee's profiles is properly denied.";
+						+ "Once you have done this, repeat stage 3, and verify that access to other employee's profiles is properly denied.";
 			}
 		}