Use AbstractLesson.getLink() and getFormAction() more
Rather than constructing URL's manually all the time, rather make use of existing mechanisms to create the URL, and use it consistently. git-svn-id: http://webgoat.googlecode.com/svn/trunk@184 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
rogan.dawes
@ -1,5 +1,9 @@
|
||||
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
|
||||
pageEncoding="ISO-8859-1"%>
|
||||
pageEncoding="ISO-8859-1"%>
|
||||
<%@page import="org.owasp.webgoat.session.WebSession"%>
|
||||
<%
|
||||
WebSession webSession = ((WebSession)session.getAttribute("websession"));
|
||||
%>
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
|
||||
<html>
|
||||
<head>
|
||||
@ -7,9 +11,7 @@
|
||||
<title>Configuration Page</title>
|
||||
</head>
|
||||
<body>
|
||||
<% response.sendRedirect("/WebGoat/attack?" +
|
||||
"Screen=" + request.getParameter("Screen") +
|
||||
"&menu=" + request.getParameter("menu") +
|
||||
<% response.sendRedirect(webSession.getCurrentLesson().getLink() +
|
||||
"&succeeded=yes");
|
||||
%>
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@
|
||||
%>
|
||||
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span></div>
|
||||
<div class="lesson_text">
|
||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<Table>
|
||||
<TR><TD>
|
||||
First Name:
|
||||
|
||||
@ -10,7 +10,7 @@
|
||||
<br>
|
||||
<br>
|
||||
<p>Select from the list below </p>
|
||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<table width="60%" border="0" cellpadding="3">
|
||||
<tr>
|
||||
<td> <label>
|
||||
|
||||
@ -6,7 +6,7 @@
|
||||
<%
|
||||
WebSession webSession = ((WebSession)session.getAttribute("websession"));
|
||||
%>
|
||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<label>
|
||||
<select name="<%=CrossSiteScripting.EMPLOYEE_ID%>">
|
||||
<%
|
||||
|
||||
@ -12,7 +12,7 @@
|
||||
<%
|
||||
}
|
||||
%>
|
||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<label>Name
|
||||
<input class="lesson_text_db" type="text" name="<%=CrossSiteScripting.SEARCHNAME%>"/>
|
||||
</label>
|
||||
|
||||
@ -116,7 +116,7 @@ WebSession webSession = ((WebSession)session.getAttribute("websession"));
|
||||
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), CrossSiteScripting.LISTSTAFF_ACTION))
|
||||
{
|
||||
%>
|
||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<input type="hidden" name="<%=CrossSiteScripting.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
||||
<input type="submit" name="action" value="<%=CrossSiteScripting.LISTSTAFF_ACTION%>"/>
|
||||
</form></td>
|
||||
@ -128,7 +128,7 @@ WebSession webSession = ((WebSession)session.getAttribute("websession"));
|
||||
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), CrossSiteScripting.EDITPROFILE_ACTION))
|
||||
{
|
||||
%>
|
||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<input type="hidden" name="<%=CrossSiteScripting.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
||||
<input type="submit" name="action" value="<%=CrossSiteScripting.EDITPROFILE_ACTION%>"/>
|
||||
</form>
|
||||
@ -141,7 +141,7 @@ WebSession webSession = ((WebSession)session.getAttribute("websession"));
|
||||
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), CrossSiteScripting.DELETEPROFILE_ACTION))
|
||||
{
|
||||
%>
|
||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<input type="hidden" name="<%=CrossSiteScripting.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
||||
<input type="submit" name="action" value="<%=CrossSiteScripting.DELETEPROFILE_ACTION%>"/>
|
||||
</form>
|
||||
|
||||
@ -7,7 +7,7 @@
|
||||
%>
|
||||
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span></div>
|
||||
<div class="lesson_text">
|
||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<Table>
|
||||
<TR><TD>
|
||||
First Name:
|
||||
|
||||
@ -10,7 +10,7 @@
|
||||
<br>
|
||||
<br>
|
||||
<p>Select from the list below </p>
|
||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<table width="60%" border="0" cellpadding="3">
|
||||
<tr>
|
||||
<td> <label>
|
||||
|
||||
@ -6,7 +6,7 @@
|
||||
<%
|
||||
WebSession webSession = ((WebSession)session.getAttribute("websession"));
|
||||
%>
|
||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<label>
|
||||
<select name="<%=DBCrossSiteScripting.EMPLOYEE_ID%>">
|
||||
<%
|
||||
|
||||
@ -12,7 +12,7 @@
|
||||
<%
|
||||
}
|
||||
%>
|
||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<label>Name
|
||||
<input class="lesson_text_db" type="text" name="<%=DBCrossSiteScripting.SEARCHNAME%>"/>
|
||||
</label>
|
||||
|
||||
@ -109,7 +109,7 @@ WebSession webSession = ((WebSession)session.getAttribute("websession"));
|
||||
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), DBCrossSiteScripting.LISTSTAFF_ACTION))
|
||||
{
|
||||
%>
|
||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<input type="hidden" name="<%=DBCrossSiteScripting.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
||||
<input type="submit" name="action" value="<%=DBCrossSiteScripting.LISTSTAFF_ACTION%>"/>
|
||||
</form></td>
|
||||
@ -121,7 +121,7 @@ WebSession webSession = ((WebSession)session.getAttribute("websession"));
|
||||
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), DBCrossSiteScripting.EDITPROFILE_ACTION))
|
||||
{
|
||||
%>
|
||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<input type="hidden" name="<%=DBCrossSiteScripting.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
||||
<input type="submit" name="action" value="<%=DBCrossSiteScripting.EDITPROFILE_ACTION%>"/>
|
||||
</form>
|
||||
@ -134,7 +134,7 @@ WebSession webSession = ((WebSession)session.getAttribute("websession"));
|
||||
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), DBCrossSiteScripting.DELETEPROFILE_ACTION))
|
||||
{
|
||||
%>
|
||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<input type="hidden" name="<%=DBCrossSiteScripting.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
||||
<input type="submit" name="action" value="<%=DBCrossSiteScripting.DELETEPROFILE_ACTION%>"/>
|
||||
</form>
|
||||
|
||||
@ -7,7 +7,7 @@
|
||||
%>
|
||||
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span></div>
|
||||
<div class="lesson_text">
|
||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<Table>
|
||||
<TR><TD>
|
||||
First Name:
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
<br>
|
||||
<p>Select from the list below </p>
|
||||
|
||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<table width="60%" border="0" cellpadding="3">
|
||||
<tr>
|
||||
<td> <label>
|
||||
|
||||
@ -6,7 +6,7 @@
|
||||
<%
|
||||
WebSession webSession = ((WebSession)session.getAttribute("websession"));
|
||||
%>
|
||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<label>
|
||||
<select name="<%=DBSQLInjection.EMPLOYEE_ID%>">
|
||||
<%
|
||||
|
||||
@ -12,7 +12,7 @@
|
||||
<%
|
||||
}
|
||||
%>
|
||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<label>Name
|
||||
<input class="lesson_text_db" type="text" name="<%=DBSQLInjection.SEARCHNAME%>"/>
|
||||
</label>
|
||||
|
||||
@ -109,7 +109,7 @@
|
||||
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), DBSQLInjection.LISTSTAFF_ACTION))
|
||||
{
|
||||
%>
|
||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<input type="hidden" name="<%=DBSQLInjection.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
||||
<input type="submit" name="action" value="<%=DBSQLInjection.LISTSTAFF_ACTION%>"/>
|
||||
</form>
|
||||
@ -122,7 +122,7 @@
|
||||
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), DBSQLInjection.EDITPROFILE_ACTION))
|
||||
{
|
||||
%>
|
||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<input type="hidden" name="<%=DBSQLInjection.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
||||
<input type="submit" name="action" value="<%=DBSQLInjection.EDITPROFILE_ACTION%>"/>
|
||||
</form>
|
||||
@ -135,7 +135,7 @@
|
||||
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), DBSQLInjection.DELETEPROFILE_ACTION))
|
||||
{
|
||||
%>
|
||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<input type="hidden" name="<%=DBSQLInjection.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
||||
<input type="submit" name="action" value="<%=DBSQLInjection.DELETEPROFILE_ACTION%>"/>
|
||||
</form>
|
||||
|
||||
@ -7,7 +7,7 @@
|
||||
%>
|
||||
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span> - Edit Profile Page</div>
|
||||
<div class="lesson_text">
|
||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<Table border="0" cellpadding="0" cellspacing="0">
|
||||
<TR><TD width="110">
|
||||
First Name:
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
<br>
|
||||
<p>Select from the list below </p>
|
||||
|
||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<table width="60%" border="0" cellpadding="3">
|
||||
<tr>
|
||||
<td> <label>
|
||||
|
||||
@ -6,7 +6,7 @@
|
||||
<%
|
||||
WebSession webSession = ((WebSession)session.getAttribute("websession"));
|
||||
%>
|
||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<label>
|
||||
<select name="<%=GoatHillsFinancial.EMPLOYEE_ID%>">
|
||||
<%
|
||||
|
||||
@ -12,7 +12,7 @@
|
||||
<%
|
||||
}
|
||||
%>
|
||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<label>Name
|
||||
<input class="lesson_text_db" type="text" name="<%=GoatHillsFinancial.SEARCHNAME%>"/>
|
||||
</label>
|
||||
|
||||
@ -113,7 +113,7 @@
|
||||
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), GoatHillsFinancial.LISTSTAFF_ACTION))
|
||||
{
|
||||
%>
|
||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<input type="hidden" name="<%=GoatHillsFinancial.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
||||
<input type="submit" name="action" value="<%=GoatHillsFinancial.LISTSTAFF_ACTION%>"/>
|
||||
</form>
|
||||
@ -125,7 +125,7 @@
|
||||
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), GoatHillsFinancial.EDITPROFILE_ACTION))
|
||||
{
|
||||
%>
|
||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<input type="hidden" name="<%=GoatHillsFinancial.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
||||
<input type="submit" name="action" value="<%=GoatHillsFinancial.EDITPROFILE_ACTION%>"/>
|
||||
</form>
|
||||
@ -138,7 +138,7 @@
|
||||
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), GoatHillsFinancial.DELETEPROFILE_ACTION))
|
||||
{
|
||||
%>
|
||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<input type="hidden" name="<%=GoatHillsFinancial.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
||||
<input type="submit" name="action" value="<%=GoatHillsFinancial.DELETEPROFILE_ACTION%>"/>
|
||||
</form>
|
||||
|
||||
@ -7,7 +7,7 @@
|
||||
%>
|
||||
<br><br><br>An error has occurred.
|
||||
<br><br><br>
|
||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
|
||||
<input type="submit" name="action" value="<%=GoatHillsFinancial.LOGIN_ACTION%>"/>
|
||||
</form>
|
||||
@ -7,7 +7,7 @@
|
||||
%>
|
||||
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span> - Edit Profile Page</div>
|
||||
<div class="lesson_text">
|
||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<Table border="0" cellpadding="0" cellspacing="0">
|
||||
<TR><TD width="110">
|
||||
First Name:
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
<br>
|
||||
<p>Select from the list below </p>
|
||||
|
||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<table width="60%" border="0" cellpadding="3">
|
||||
<tr>
|
||||
<td> <label>
|
||||
|
||||
@ -6,7 +6,7 @@
|
||||
<%
|
||||
WebSession webSession = ((WebSession)session.getAttribute("websession"));
|
||||
%>
|
||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<label>
|
||||
<select name="<%=RoleBasedAccessControl.EMPLOYEE_ID%>">
|
||||
<%
|
||||
|
||||
@ -12,7 +12,7 @@
|
||||
<%
|
||||
}
|
||||
%>
|
||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<label>Name
|
||||
<input class="lesson_text_db" type="text" name="<%=RoleBasedAccessControl.SEARCHNAME%>"/>
|
||||
</label>
|
||||
|
||||
@ -113,7 +113,7 @@
|
||||
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), RoleBasedAccessControl.LISTSTAFF_ACTION))
|
||||
{
|
||||
%>
|
||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<input type="hidden" name="<%=RoleBasedAccessControl.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
||||
<input type="submit" name="action" value="<%=RoleBasedAccessControl.LISTSTAFF_ACTION%>"/>
|
||||
</form>
|
||||
@ -125,7 +125,7 @@
|
||||
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), RoleBasedAccessControl.EDITPROFILE_ACTION))
|
||||
{
|
||||
%>
|
||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<input type="hidden" name="<%=RoleBasedAccessControl.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
||||
<input type="submit" name="action" value="<%=RoleBasedAccessControl.EDITPROFILE_ACTION%>"/>
|
||||
</form>
|
||||
@ -138,7 +138,7 @@
|
||||
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), RoleBasedAccessControl.DELETEPROFILE_ACTION))
|
||||
{
|
||||
%>
|
||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<input type="hidden" name="<%=RoleBasedAccessControl.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
||||
<input type="submit" name="action" value="<%=RoleBasedAccessControl.DELETEPROFILE_ACTION%>"/>
|
||||
</form>
|
||||
|
||||
@ -7,7 +7,7 @@
|
||||
%>
|
||||
<br><br><br>An error has occurred.
|
||||
<br><br><br>
|
||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
|
||||
<input type="submit" name="action" value="<%=RoleBasedAccessControl.LOGIN_ACTION%>"/>
|
||||
</form>
|
||||
@ -7,7 +7,7 @@
|
||||
%>
|
||||
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span></div>
|
||||
<div class="lesson_text">
|
||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<Table>
|
||||
<TR><TD>
|
||||
First Name:
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
<br>
|
||||
<p>Select from the list below </p>
|
||||
|
||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<table width="60%" border="0" cellpadding="3">
|
||||
<tr>
|
||||
<td> <label>
|
||||
|
||||
@ -6,7 +6,7 @@
|
||||
<%
|
||||
WebSession webSession = ((WebSession)session.getAttribute("websession"));
|
||||
%>
|
||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<label>
|
||||
<select name="<%=SQLInjection.EMPLOYEE_ID%>">
|
||||
<%
|
||||
|
||||
@ -12,7 +12,7 @@
|
||||
<%
|
||||
}
|
||||
%>
|
||||
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<label>Name
|
||||
<input class="lesson_text_db" type="text" name="<%=SQLInjection.SEARCHNAME%>"/>
|
||||
</label>
|
||||
|
||||
@ -109,7 +109,7 @@
|
||||
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), SQLInjection.LISTSTAFF_ACTION))
|
||||
{
|
||||
%>
|
||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<input type="hidden" name="<%=SQLInjection.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
||||
<input type="submit" name="action" value="<%=SQLInjection.LISTSTAFF_ACTION%>"/>
|
||||
</form>
|
||||
@ -122,7 +122,7 @@
|
||||
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), SQLInjection.EDITPROFILE_ACTION))
|
||||
{
|
||||
%>
|
||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<input type="hidden" name="<%=SQLInjection.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
||||
<input type="submit" name="action" value="<%=SQLInjection.EDITPROFILE_ACTION%>"/>
|
||||
</form>
|
||||
@ -135,7 +135,7 @@
|
||||
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), SQLInjection.DELETEPROFILE_ACTION))
|
||||
{
|
||||
%>
|
||||
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
|
||||
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
|
||||
<input type="hidden" name="<%=SQLInjection.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
|
||||
<input type="submit" name="action" value="<%=SQLInjection.DELETEPROFILE_ACTION%>"/>
|
||||
</form>
|
||||
|
||||
Reference in New Issue
Block a user