dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use AbstractLesson.getLink() and getFormAction() more

Browse Source 
Rather than constructing URL's manually all the time, rather
make use of existing mechanisms to create the URL, and use
it consistently.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@184 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
rogan.dawes
2007-07-18 13:31:11 +00:00
parent e27aaccb45
commit 9ea97126b8
41 changed files with 61 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
webgoat/main/project/WebContent/lessons/SQLInjection/EditProfile.jsp
View File

@ -7,7 +7,7 @@
%>
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span></div>
<div class="lesson_text">
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<Table>
<TR><TD>
First Name:

2
webgoat/main/project/WebContent/lessons/SQLInjection/ListStaff.jsp
View File

@ -11,7 +11,7 @@
<br>
<p>Select from the list below </p>
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<table width="60%" border="0" cellpadding="3">
<tr>
<td> <label>

2
webgoat/main/project/WebContent/lessons/SQLInjection/Login.jsp
View File

@ -6,7 +6,7 @@
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
%>
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<label>
<select name="<%=SQLInjection.EMPLOYEE_ID%>">
<%

2
webgoat/main/project/WebContent/lessons/SQLInjection/SearchStaff.jsp
View File

@ -12,7 +12,7 @@
<%
}
%>
<form id="form1" name="form1" method="post" action="attack?menu=<%=webSession.getCurrentMenu()%>">
<form id="form1" name="form1" method="post" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<label>Name
<input class="lesson_text_db" type="text" name="<%=SQLInjection.SEARCHNAME%>"/>
</label>

6
webgoat/main/project/WebContent/lessons/SQLInjection/ViewProfile.jsp
View File

@ -109,7 +109,7 @@
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), SQLInjection.LISTSTAFF_ACTION))
{
%>
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<input type="hidden" name="<%=SQLInjection.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
<input type="submit" name="action" value="<%=SQLInjection.LISTSTAFF_ACTION%>"/>
</form>
@ -122,7 +122,7 @@
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), SQLInjection.EDITPROFILE_ACTION))
{
%>
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<input type="hidden" name="<%=SQLInjection.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
<input type="submit" name="action" value="<%=SQLInjection.EDITPROFILE_ACTION%>"/>
</form>
@ -135,7 +135,7 @@
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), SQLInjection.DELETEPROFILE_ACTION))
{
%>
<form method="POST" action="attack?menu=<%=webSession.getCurrentMenu()%>">
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<input type="hidden" name="<%=SQLInjection.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
<input type="submit" name="action" value="<%=SQLInjection.DELETEPROFILE_ACTION%>"/>
</form>