dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use AbstractLesson.getLink() and getFormAction() more

Browse Source 
Rather than constructing URL's manually all the time, rather
make use of existing mechanisms to create the URL, and use
it consistently.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@184 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
rogan.dawes
2007-07-18 13:31:11 +00:00
parent e27aaccb45
commit 9ea97126b8
41 changed files with 61 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
webgoat/main/project/WebContent/lessons/CrossSiteScripting/ViewProfile.jsp
View File

@ -116,7 +116,7 @@ WebSession webSession = ((WebSession)session.getAttribute("websession"));
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), CrossSiteScripting.LISTSTAFF_ACTION))
{
%>
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<input type="hidden" name="<%=CrossSiteScripting.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
<input type="submit" name="action" value="<%=CrossSiteScripting.LISTSTAFF_ACTION%>"/>
</form></td>
@ -128,7 +128,7 @@ WebSession webSession = ((WebSession)session.getAttribute("websession"));
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), CrossSiteScripting.EDITPROFILE_ACTION))
{
%>
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<input type="hidden" name="<%=CrossSiteScripting.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
<input type="submit" name="action" value="<%=CrossSiteScripting.EDITPROFILE_ACTION%>"/>
</form>
@ -141,7 +141,7 @@ WebSession webSession = ((WebSession)session.getAttribute("websession"));
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), CrossSiteScripting.DELETEPROFILE_ACTION))
{
%>
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<input type="hidden" name="<%=CrossSiteScripting.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
<input type="submit" name="action" value="<%=CrossSiteScripting.DELETEPROFILE_ACTION%>"/>
</form>