Reported by dwpoon, Yesterday (17 hours ago)

I would like to submit the attached patch to avoid hard-coding "/WebGoat" as the webapp's context path, at least for the HTTP splitting lesson. This issue has also been reported in July 2007; see https://lists.owasp.org/pipermail/owasp-webgoat/2007-July/000432.html Also see Issue 15 http://code.google.com/p/webgoat/issues/detail?id=15 git-svn-id: http://webgoat.googlecode.com/svn/trunk@366 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-11-21 12:57:14 +00:00 · 2008-11-21 12:57:14 +00:00 · bab1f6aeb7
commit bab1f6aeb7
parent 58aa49317a
2 changed files with 6 additions and 6 deletions
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/HttpSplitting.java
@ -65,7 +65,7 @@ public class HttpSplitting extends SequentialLessonAdapter
 	public void handleRequest(WebSession s)
 	{
 		// Setting a special action to be able to submit to redirect.jsp
-		Form form = new Form("/WebGoat/lessons/General/redirect.jsp?" + "Screen=" + String.valueOf(getScreenId())
+		Form form = new Form(s.getRequest().getContextPath() + "/lessons/General/redirect.jsp?" + "Screen=" + String.valueOf(getScreenId())
 				+ "&menu=" + getDefaultCategory().getRanking().toString(), Form.POST).setName("form").setEncType("");

 		form.addElement(createContent(s));
--- a/webgoat/main/project/WebContent/lessons/General/redirect.jsp
+++ b/webgoat/main/project/WebContent/lessons/General/redirect.jsp
@ -7,7 +7,7 @@
 <title>HTTP Splitting</title>
 </head>
 <body>
-<% response.sendRedirect("/WebGoat/attack?" +
+<% response.sendRedirect(request.getContextPath() + "/attack?" +
 		        "Screen=" + request.getParameter("Screen") +
 		        "&menu=" + request.getParameter("menu") +
 		        "&fromRedirect=yes&language=" + request.getParameter("language"));